30 lines
818 B
Plaintext
30 lines
818 B
Plaintext
keycloak:
|
|
base_url: "<Keycloak URL>"
|
|
realm: "<Keycloak Realm>"
|
|
client_id: "<Client ID>"
|
|
client_secret: "<Client Secret>"
|
|
# admin API is derived: {base_url}/admin/realms/{realm}
|
|
|
|
sqlite:
|
|
path: "/var/lib/mailcloak/state.db"
|
|
|
|
policy:
|
|
domain: "<EMail domain-name>"
|
|
# cache for keycloak lookups (username->email, email->exists)
|
|
cache_ttl_seconds: 120
|
|
# if keycloak is down:
|
|
# - "tempfail": return 451 (recommended)
|
|
# - "dunno": fail-open
|
|
keycloak_failure_mode: "tempfail"
|
|
|
|
sockets:
|
|
# These paths must be inside postfix chroot (/var/spool/postfix)
|
|
policy_socket: "/var/spool/postfix/private/mailcloak-policy"
|
|
socketmap_socket: "/var/spool/postfix/private/mailcloak-socketmap"
|
|
socket_owner_user: "postfix"
|
|
socket_owner_group: "postfix"
|
|
socket_mode: "0660"
|
|
|
|
daemon:
|
|
user: "mailcloak"
|