# This file is the default config file for Mailtrain. To use a environment specific # configuration add new file {ENV}.{ext} (eg. "production.toml") to the same folder. # {ENV} is defined by NODE_ENV environment variable. # # Do not modify this file directly, otherwise you might lose your modifications when upgrading # # You should only define the options you want to change in your additional config file. # For example if the only thing you want to change is the port number for the www server # then your additional config file should look like this: # # production.toml # [www] # port=80 # or if you want to use Javascript instead of TOML then the same file could look like this: # // production.js # module.exports = { # www: { # port: 80 # } # }; # Process title visible in monitoring logs and process listing title="mailtrain" # Enabled HTML editors editors=[ ["summernote", "Summernote"], ["grapejs", "GrapeJS"], ["mosaico", "Mosaico"], ["codeeditor", "Code Editor"] ] # Default language to use language="en" # Inject custom styles in layout.hbs # customstyles=["/custom/hello-world.css"] # Inject custom scripts in layout.hbs # customscripts=["/custom/hello-world.js"] # Inject custom scripts in subscription/layout.mjml.hbs # customsubscriptionscripts=["/custom/hello-world.js"] # If you start out as a root user (eg. if you want to use ports lower than 1000) # then you can downgrade the user once all services are up and running #user="mailtrain" #group="mailtrain" # If Mailtrain is started as root, "Reports" feature drops the privileges of script generating the report to disallow # any modifications of Mailtrain code and even prohibits reading the production configuration (which contains the MySQL # password for read/write operations). The rouser/rogroup determines the user to be used #rouser="nobody" #rogroup="nogroup" [log] # silly|verbose|info|http|warn|error|silent level="verbose" [www] # HTTP port to listen on port=3000 # HTTP interface to listen on host="0.0.0.0" # Secret for signing the session ID cookie secret="a cat" # Session length in seconds when "remember me" is checked remember=2592000 # 30 days # logger interface for expressjs morgan log="dev" # Is the server behind a proxy? true/false # Set this to true if you are serving Mailtrain as a virtual domain through Nginx or Apache proxy=false # maximum POST body size postsize="2MB" # Uncomment to set uploads folder location for temporary data. Defaults to os.tmpdir() # If the service is started by `npm start` then os.tmpdir() points to CWD #tmpdir="/tmp" [mysql] host="localhost" user="mailtrain" password="mailtrain" database="mailtrain" # Some installations, eg. MAMP can use a different port (8889) # MAMP users should also turn on "Allow network access to MySQL" otherwise MySQL might not be accessible port=3306 charset="utf8mb4" timezone="local" [redis] # enable to use Redis session cache or disable if Redis is not installed enabled=false host="localhost" port=6379 db=5 # Uncomment if your Redis installation requires a password #password="" [verp] # Enable to start an MX server that detects bounced messages using VERP # In most cases you do not want to use it # Requires root privileges enabled=false port=2525 host="0.0.0.0" # With DMARC, the Return-Path and From address must match the same domain. # By default we get around this by using the VERP address in the Sender header, # with the side effect that some email clients diplay an ugly "on behalf of" message. # You can safely disable this Sender header if you're not using DMARC or your # VERP hostname is in the same domain as the From address. # disablesenderheader=true [ldap] # enable to use ldap user backend enabled=false host="localhost" port=3002 baseDN="ou=users,dc=company" filter="(|(username={{username}})(mail={{username}}))" #Username field in LDAP (uid/cn/username) uidTag="username" passwordresetlink="" [postfixbounce] # Enable to allow writing Postfix bounce log to Mailtrain listener # If enabled, tail mail.log to Mailtrain with the following command: # tail -f -n +0 /var/log/mail.log | nc localhost 5699 - enabled=false port=5699 # allow connections from localhost only host="127.0.0.1" # extra options for nodemailer [nodemailer] #textEncoding="base64" [queue] # How many parallel sender processes to spawn # You can use more than 1 process only if you have Redis enabled processes=1 [cors] # Allow subscription widgets to be embedded # origins=['https://www.example.com'] [mosaico] # Installed templates templates=[["versafix-1", "Versafix One"]] # Inject custom scripts # customscripts=["/mosaico/custom/my-mosaico-plugin.js"] [grapejs] # Installed templates templates=[["demo", "Demo Template"]] [reports] # The whole reporting functionality can be disabled below if the they are not needed and the DB cannot be # properly protected. # Reports rely on custom user defined Javascript snippets defined in the report template. The snippets are run on the # server when generating a report. As these snippets are stored in the DB, they pose a security risk because they can # help gaining access to the server if the DB cannot # be properly protected (e.g. if it is shared with another application with security weaknesses). # Mailtrain mitigates this problem by running the custom Javascript snippets in a chrooted environment and under a # DB user that cannot modify the database (see userRO in [mysql] above). However the chrooted environment is available # only if Mailtrain is started as root. The chrooted environment still does not prevent the custom JS script in # performing network operations and in generating XSS attacks as part of the report. # The bottom line is that if people who are creating report templates or have write access to the DB cannot be trusted, # then it's safer to switch off the reporting functionality below. enabled=false [testserver] # Starts a vanity server that redirects all mail to /dev/null # Mostly needed for local development enabled=false port=5587 mailboxserverport=3001 host="0.0.0.0" username="testuser" password="testpass" logger=false [seleniumwebdriver] browser="phantomjs"