mailtrain/config/default.toml

# This file is the default config file for Mailtrain. To use a environment specific
# configuration add new file {ENV}.{ext} (eg. "production.toml") to the same folder.
# {ENV} is defined by NODE_ENV environment variable.
#
# Do not modify this file directly, otherwise you might lose your modifications when upgrading
#
# You should only define the options you want to change in your additional config file.
# For example if the only thing you want to change is the port number for the www server
# then your additional config file should look like this:
#   # production.toml
#   [www]
#   port=80
# or if you want to use Javascript instead of TOML then the same file could look like this:
#   // production.js
#   module.exports = {
#       www: {
#           port: 80
#       }
#   };

# Process title visible in monitoring logs and process listing
title="mailtrain"

# Enabled HTML editors
editors=[
  ["summernote", "Summernote"],
  ["grapejs", "GrapeJS"],
  ["mosaico", "Mosaico"],
  ["codeeditor", "Code Editor"]
]

# Default language to use
language="en"

# Inject custom styles in layout.hbs
# customstyles=["/custom/hello-world.css"]

# Inject custom scripts in layout.hbs
# customscripts=["/custom/hello-world.js"]

# Inject custom scripts in subscription/layout.mjml.hbs
# customsubscriptionscripts=["/custom/hello-world.js"]

# If you start out as a root user (eg. if you want to use ports lower than 1000)
# then you can downgrade the user once all services are up and running
#user="nobody"
#group="nogroup"

[log]
# silly|verbose|info|http|warn|error|silent
level="verbose"

[www]
# HTTP port to listen on
port=3000
# HTTP interface to listen on
host="0.0.0.0"
# Secret for signing the session ID cookie
secret="a cat"
# Session length in seconds when "remember me" is checked
remember=2592000 # 30 days
# logger interface for expressjs morgan
log="dev"
# Is the server behind a proxy? true/false
# Set this to true if you are serving Mailtrain as a virtual domain through Nginx or Apache
proxy=false
# maximum POST body size
postsize="2MB"
# Uncomment to set uploads folder location for temporary data. Defaults to os.tmpdir()
# If the service is started by `npm start` then os.tmpdir() points to CWD
#tmpdir="/tmp"

[mysql]
host="localhost"
user="mailtrain"
password="mailtrain"
# If more security is desired when running reports (which use user-defined JS scripts located in DB),
# one can specify a DB user with read-only permissions. If these are not specified, Mailtrain uses the
# regular DB user (which has also write permissions).
# userRO="mailtrain-ro"
# passwordRO="mailtrain-ro"
database="mailtrain"
# Some installations, eg. MAMP can use a different port (8889)
# MAMP users should also turn on "Allow network access to MySQL" otherwise MySQL might not be accessible
port=3306
charset="utf8mb4"
timezone="local"

[redis]
# enable to use Redis session cache or disable if Redis is not installed
enabled=false
host="localhost"
port=6379
db=5
# Uncomment if your Redis installation requires a password
#password=""

[verp]
# Enable to start an MX server that detects bounced messages using VERP
# In most cases you do not want to use it
# Requires root privileges
enabled=false
port=2525
host="0.0.0.0"

[testserver]
# Starts a vanity server that redirects all mail to /dev/null
# Mostly needed for local development
enabled=false
port=5587
host="0.0.0.0"
username="testuser"
password="testpass"
logger=false

[ldap]
# enable to use ldap user backend
enabled=false
host="localhost"
port=3002
baseDN="ou=users,dc=company"
filter="(|(username={{username}})(mail={{username}}))"
#Username field in LDAP (uid/cn/username)
uidTag="username"
passwordresetlink=""

[postfixbounce]
# Enable to allow writing Postfix bounce log to Mailtrain listener
# If enabled, tail mail.log to Mailtrain with the following command:
#     tail -f -n +0 /var/log/mail.log | nc localhost 5699 -
enabled=false
port=5699
# allow connections from localhost only
host="127.0.0.1"

# extra options for nodemailer
[nodemailer]
#textEncoding="base64"

[queue]
# How many parallel sender processes to spawn
# You can use more than 1 process only if you have Redis enabled
processes=1

[cors]
# Allow subscription widgets to be embedded
# origins=['https://www.example.com']

[mosaico]
# Installed templates
templates=[["versafix-1", "Versafix One"]]
# Inject custom scripts
# customscripts=["/mosaico/custom/my-mosaico-plugin.js"]

[grapejs]
# Installed templates
templates=[["demo", "Demo Template"]]

[reports]
# The whole reporting functionality can be disabled below if the they are not needed and the DB cannot be
# properly protected.
# Reports rely on custom user defined Javascript snippets defined in the report template. The snippets are run on the
# server when generating a report. As these snippets are stored in the DB, they pose a security risk because they can
# help gaining access to the server if the DB cannot
# be properly protected (e.g. if it is shared with another application with security weaknesses).
# Mailtrain mitigates this problem by running the custom Javascript snippets in a chrooted environment and under a
# DB user that cannot modify the database (see userRO in [mysql] above). However the chrooted environment is available
# only if Mailtrain is started as root. The chrooted environment still does not prevent the custom JS script in
# performing network operations and in generating XSS attacks as part of the report.
# The bottom line is that if people who are creating report templates or have write access to the DB cannot be trusted,
# then it's safer to switch off the reporting functionality below.
enabled=false