# ~/.kuvert: example configuration file for kuvert v2
# to be used in a docker container
#
# there are a couple of strong assumptions in in this config file
# as opposed to the default dot-kuvert
# 
# 1. SMTP submission is the default mechanism
# 2. unattended operation means passwordless secret key
# 3. only one secret key used and available, most probably
#    auto-generated, so no need for defaultkey (let gpg select the key itself)
# 4. submission via SMTP from outside the container requires binding to 0.0.0.0
# 
# WARNING: DO NOT USE THIS FILE IN A NON-DOCKER ENVIRONMENT
# WARNING: UNLESS YOU KNOW WHAT YOU ARE DOING

# options are given without leading whitespace

# which key to sign with by default
# if unset, gpg chooses -- usually first available secret key
#defaultkey 0x1234abcd

# logging to syslog, which facility? defaults to no syslog
#syslog mail

# no separate logfile
logfile /home/kuvert/logs/kuvert.log

# who gets error reports
mail-on-error you@example.com

# where to spool mails and temporary files
queuedir /home/kuvert/queue/
tempdir  /tmp/kuvert_temp

# how often to check the queue, in seconds
interval 60

# add an x-mailer header?
identify f

# add the explanatory mime preamble? 
preamble f

# how to submit outbound mail: 
#
# 1. via smtp 
# settings: msserver, msport, ssl,
# ssl-cert, ssl-key, ssl-ca;
# authenticating as msuser, mspass
#
msserver smtp.example.com
msport 587
ssl starttls
#ssl-key  mycerts/my.key.pem
#ssl-cert mycerts/my.cert.pem
#ssl-ca mycerts/ca.cert.pem
msuser kuvert@example.com
mspass smtp-password
mspass-from-query-secret f
# 
# 2. by using the msp program
#
#msp /usr/sbin/sendmail -om -oi -oem

can-detach f

# smtp submission daemon settings
maport 2587
# this is requried for kuvert-smtp running in docker
# to be available from outside of the container
# it is a security risk in non-docker set-up!
mahost 0.0.0.0
ma-user kuvert
ma-pass ChangeMe

defaultaction fallback

alwaystrust t

# using gpg agent means that if a key is passwordless
# (as might be the case in a docker-based deployment)
# kuvert will not hang on asking the user for password
use-agent t
#query-secret /usr/bin/q-agent get %s
#flush-secret /usr/bin/q-agent delete %s

# action specifications for recipients
# are given with some leading whitespace

# multiple keys for somebody and you want a specific one?
 somebody@with.many.keys fallback,0x1234abcd

# those don't want gpg-signed stuff
 @somewhere.com none

# signed but not encrypted
 (he|they|others)@there.com	signonly

# majordomo and similar mailinglist systems get plain mail
 (majordomo|-request)@	none