Skip to content

Configuration Files Reference

Complete reference of all Mailborder configuration files and their locations.

Overview

Mailborder configuration is distributed across multiple files for different components:

Component Configuration Location
Core System /etc/mailborder/
Database /etc/mailborder/database.conf
Services /etc/systemd/system/mb-*.service
Web Server /etc/nginx/sites-available/mailborder
PHP /etc/php/*/fpm/pool.d/mailborder.conf
Email (Postfix) /etc/postfix/
Spam (Rspamd) /etc/rspamd/
Antivirus (ClamAV) /etc/clamav/
Redis /etc/redis/mailborder.conf

Core Configuration Files

/etc/mailborder/mailborder.conf

Main system configuration file.

Location: /etc/mailborder/mailborder.conf

Format: INI-style configuration

Sections:

[system]
name = "Mailborder V6"
hostname = "mailborder.example.com"
timezone = "America/New_York"
debug_mode = false

[email]
max_message_size = 52428800  # 50 MB
max_recipients = 100
relay_host = "mail.example.com"
relay_port = 25

[spam]
threshold_pass = 6.0
threshold_quarantine = 6.0
threshold_reject = 20.0
enabled = true

[antivirus]
enabled = true
action = "quarantine"  # reject, discard
scan_archives = true
max_file_size = 26214400  # 25 MB

[authentication]
password_min_length = 12
password_require_uppercase = true
password_require_lowercase = true
password_require_numbers = true
password_require_special = true
password_max_age = 90
totp_enabled = true
passkey_enabled = true

[geoip]
enabled = true
database_path = "/usr/lib/mailborder/geoip/GeoLite2-Country.mmdb"
default_action = "quarantine"

[backup]
enabled = true
schedule = "daily 02:00"
retention_days = 30
location = "/var/backups/mailborder/"

Edit safely: 

sudo nano /etc/mailborder/mailborder.conf
sudo mb-config --verify  # Validate syntax
sudo mb-config reload    # Apply changes

/etc/mailborder/database.conf

Database connection configuration.

Location: /etc/mailborder/database.conf

Format: JSON

{
  "type": "mariadb",
  "host": "localhost",
  "port": 3306,
  "database": "mailborder",
  "username": "mailborder",
  "password": "secure_password_here",
  "charset": "utf8mb4",
  "pool": {
    "min_connections": 5,
    "max_connections": 50,
    "idle_timeout": 300
  },
  "ssl": {
    "enabled": false,
    "ca_cert": "/etc/ssl/certs/ca.pem",
    "verify_cert": true
  }
}

Permissions: 

sudo chown root:mailborder /etc/mailborder/database.conf
sudo chmod 640 /etc/mailborder/database.conf

Sensitive File

Contains database credentials. Protect with appropriate permissions.

/etc/mailborder/redis.conf

Redis connection configuration.

Location: /etc/mailborder/redis.conf

# Redis connection
host = 127.0.0.1
port = 6379
password = ""  # Set if Redis requires password
database = 0

# Connection pool
pool_size = 20
timeout = 5

# Persistence
save_enabled = true
save_interval = 300

/etc/mailborder/domains.conf

Accepted domains configuration.

Location: /etc/mailborder/domains.conf

Format: One domain per line

# Local domains (we receive mail for)
example.com
subdomain.example.com

# Relay domains (we forward mail to)
partner.com relay

# Virtual domains (user mailboxes)
virtual-domain.com virtual

Comments: - Lines starting with # are ignored - Whitespace is ignored - Duplicate entries are consolidated

Managed via: 

sudo mb-domain add example.com --type local
sudo mb-domain remove example.com
sudo mb-domain list

Service Configuration

SystemD Service Files

Location: /etc/systemd/system/mb-*.service

/etc/systemd/system/mb-rpcd.service

Main RPC daemon service.

[Unit]
Description=Mailborder RPC Daemon
After=network.target mariadb.service redis-server.service
Requires=mariadb.service redis-server.service

[Service]
Type=forking
User=mailborder
Group=mailborder
ExecStart=/usr/libexec/mailborder/php_enc/mb-rpcd start
ExecStop=/usr/libexec/mailborder/php_enc/mb-rpcd stop
ExecReload=/usr/libexec/mailborder/php_enc/mb-rpcd reload
PIDFile=/var/run/mailborder/mb-rpcd.pid
Restart=always
RestartSec=10

# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/var/run/mailborder /var/log/mailborder /var/spool/mailborder

[Install]
WantedBy=multi-user.target

Reload after changes: 

sudo systemctl daemon-reload
sudo systemctl restart mb-rpcd

/etc/systemd/system/mb-filter.service

Email filtering service.

[Unit]
Description=Mailborder Email Filter
After=network.target mb-rpcd.service rspamd.service clamav-daemon.service
Requires=mb-rpcd.service

[Service]
Type=forking
User=mailborder
Group=mailborder
ExecStart=/usr/libexec/mailborder/php_enc/mb-filter start
ExecStop=/usr/libexec/mailborder/php_enc/mb-filter stop
PIDFile=/var/run/mailborder/mb-filter.pid
Restart=always
RestartSec=10

# Security
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ReadWritePaths=/var/run/mailborder /var/log/mailborder /var/spool/mailborder

[Install]
WantedBy=multi-user.target

/etc/systemd/system/mb-cron.service

Scheduled task service.

[Unit]
Description=Mailborder Cron Service
After=network.target mb-rpcd.service

[Service]
Type=oneshot
User=mailborder
Group=mailborder
ExecStart=/usr/libexec/mailborder/php_enc/mb-cron run

# Security
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ReadWritePaths=/var/run/mailborder /var/log/mailborder /var/lib/mailborder

/etc/systemd/system/mb-cron.timer

Timer for scheduled tasks.

[Unit]
Description=Mailborder Cron Timer
Requires=mb-cron.service

[Timer]
OnCalendar=*:0/5  # Every 5 minutes
Persistent=true

[Install]
WantedBy=timers.target

Enable timer: 

sudo systemctl enable mb-cron.timer
sudo systemctl start mb-cron.timer

Web Server Configuration

/etc/nginx/sites-available/mailborder

Nginx virtual host configuration.

Location: /etc/nginx/sites-available/mailborder

server {
    listen 80;
    server_name mailborder.example.com;

    # Redirect to HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name mailborder.example.com;

    # SSL Configuration
    ssl_certificate /etc/ssl/certs/mailborder.crt;
    ssl_certificate_key /etc/ssl/private/mailborder.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    # HSTS
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;

    # Document root
    root /srv/mailborder/master;
    index index.php index.html;

    # Logging
    access_log /var/log/nginx/mailborder-access.log;
    error_log /var/log/nginx/mailborder-error.log;

    # PHP-FPM
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/mailborder.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    # Assets
    location /assets/ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }

    # Deny access to sensitive files
    location ~ /\. {
        deny all;
    }

    location ~ \.conf$ {
        deny all;
    }
}

Enable site: 

sudo ln -s /etc/nginx/sites-available/mailborder /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

/etc/php/8.2/fpm/pool.d/mailborder.conf

PHP-FPM pool configuration.

Location: /etc/php/8.2/fpm/pool.d/mailborder.conf

[mailborder]
user = mailborder
group = mailborder
listen = /var/run/php/mailborder.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660

pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.max_requests = 500

; PHP settings
php_admin_value[error_log] = /var/log/php/mailborder-fpm.log
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 256M
php_admin_value[upload_max_filesize] = 50M
php_admin_value[post_max_size] = 50M
php_admin_value[max_execution_time] = 300

; Security
php_admin_value[open_basedir] = /srv/mailborder:/usr/lib/mailborder:/tmp:/var/run/mailborder
php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,popen

; Session
php_value[session.save_handler] = redis
php_value[session.save_path] = "tcp://127.0.0.1:6379?database=1"

Reload after changes: 

sudo systemctl reload php8.2-fpm

Email Configuration (Postfix)

/etc/postfix/main.cf

Main Postfix configuration.

Key Mailborder-specific settings:

# Hostname
myhostname = mailborder.example.com
myorigin = $myhostname
mydomain = example.com

# Network
inet_interfaces = all
inet_protocols = ipv4

# Relay
relayhost = [mail.example.com]:25
relay_domains = $mydestination

# Restrictions
smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    check_policy_service inet:127.0.0.1:10031,
    reject

# Milter (content filtering)
smtpd_milters = inet:127.0.0.1:11332
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 6

# TLS
smtpd_tls_cert_file = /etc/ssl/certs/mailborder.crt
smtpd_tls_key_file = /etc/ssl/private/mailborder.key
smtpd_tls_security_level = may
smtp_tls_security_level = may

# Size limits
message_size_limit = 52428800  # 50 MB
mailbox_size_limit = 0

# Virtual domains
virtual_alias_maps = hash:/etc/postfix/virtual

Reload after changes: 

sudo postfix reload

/etc/postfix/master.cf

Postfix service configuration.

Content filtering integration:

# SMTP daemon
smtp      inet  n       -       y       -       -       smtpd
  -o content_filter=mb-filter:dummy

# Mailborder filter
mb-filter unix  -       -       n       -       10      smtp
  -o smtp_send_xforward_command=yes

# Re-injection after filtering
127.0.0.1:10025 inet n  -       y       -       -       smtpd
  -o content_filter=
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
  -o smtpd_recipient_restrictions=permit_mynetworks,reject

Spam Filtering Configuration (Rspamd)

/etc/rspamd/local.d/options.inc

Rspamd main options.

# Worker threads
workers {
    normal {
        count = 4;
    }
    controller {
        count = 1;
        password = "$2$...";  # Encrypted password
    }
}

# DNS
dns {
    nameserver = ["8.8.8.8:53", "8.8.4.4:53"];
    timeout = 1s;
    retransmits = 5;
}

# Logging
logging {
    type = "file";
    filename = "/var/log/rspamd/rspamd.log";
    level = "info";
}

/etc/rspamd/local.d/classifier-bayes.conf

Bayesian classifier configuration.

servers = "127.0.0.1:6379";
database = "2";

# Autolearn
autolearn = true;

min_learns = 200;
min_token_occurrences = 2;

# Thresholds for autolearn
spam_threshold = 12.0;
ham_threshold = -2.0;

/etc/rspamd/local.d/actions.conf

Spam score actions.

actions {
    reject = 20.0;
    add_header = 6.0;
    greylist = 4.0;
}

unknown_weight = 1.0;

Reload after changes: 

sudo systemctl reload rspamd

Antivirus Configuration (ClamAV)

/etc/clamav/clamd.conf

ClamAV daemon configuration.

# Socket
LocalSocket /var/run/clamav/clamd.sock
LocalSocketGroup clamav
LocalSocketMode 666

# Logging
LogFile /var/log/clamav/clamav.log
LogTime yes
LogFileMaxSize 10M

# Scanning
MaxThreads 12
MaxFileSize 25M
MaxScanSize 100M
MaxRecursion 16
MaxFiles 10000

# Archives
ScanArchive yes
ArchiveBlockEncrypted no

# Performance
StreamMaxLength 25M

# Detection
DetectPUA yes
HeuristicScanPrecedence yes

/etc/clamav/freshclam.conf

Signature update configuration.

# Database directory
DatabaseDirectory /var/lib/clamav
DatabaseOwner clamav

# Logging
UpdateLogFile /var/log/clamav/freshclam.log
LogTime yes

# Updates
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror database.clamav.net
Checks 24

# Notifications
OnUpdateExecute /usr/bin/systemctl reload clamav-daemon
OnErrorExecute /usr/local/bin/clamav-error-handler.sh

Reload after changes: 

sudo systemctl restart clamav-daemon
sudo systemctl restart clamav-freshclam

Redis Configuration

/etc/redis/mailborder.conf

Redis instance for Mailborder.

# Network
bind 127.0.0.1
port 6379
protected-mode yes

# Authentication (optional)
# requirepass your_password_here

# Persistence
save 900 1       # Save after 900 sec if 1 key changed
save 300 10      # Save after 300 sec if 10 keys changed
save 60 10000    # Save after 60 sec if 10000 keys changed

dir /var/lib/redis/mailborder
dbfilename mailborder.rdb

# Memory
maxmemory 512mb
maxmemory-policy allkeys-lru

# Logging
loglevel notice
logfile /var/log/redis/mailborder.log

# Performance
databases 16
tcp-keepalive 300
timeout 0

Reload after changes: 

sudo systemctl restart redis-server@mailborder

Logging Configuration

/etc/mailborder/logging.conf

Centralized logging configuration.

[logging]
level = "info"  # debug, info, warning, error
format = "json"  # json, text
timezone = "UTC"

[handlers]
# Main log
main_log = "/var/log/mailborder/mailborder.log"
main_log_rotate = true
main_log_max_size = "100M"
main_log_max_files = 10

# Component logs
auth_log = "/var/log/mailborder/auth.log"
spam_log = "/var/log/mailborder/spam.log"
virus_log = "/var/log/mailborder/virus.log"
policy_log = "/var/log/mailborder/policy.log"
geoip_log = "/var/log/mailborder/geoip.log"

# Syslog
syslog_enabled = false
syslog_facility = "local0"

/etc/logrotate.d/mailborder

Log rotation configuration.

/var/log/mailborder/*.log {
    daily
    rotate 30
    compress
    delaycompress
    missingok
    notifempty
    create 0640 mailborder mailborder
    sharedscripts
    postrotate
        systemctl reload mb-rpcd >/dev/null 2>&1 || true
    endscript
}

Database Schema

Structure File

Location: /usr/share/mailborder/db/mailborder_structure.sql

Contains table definitions for: - Users and authentication - Email policies - Quarantine - Logs and audit trails - Statistics

Data File

Location: /usr/share/mailborder/db/mailborder_data.sql

Contains initial data: - Default admin user - System settings - Default policies - Language strings

Updates

Location: /var/lib/mailborder/db_updates/

Database update scripts: 

update_001.php  # Initial schema
update_002.php  # Add 2FA support
update_003.php  # Add passkey tables
...
update_094.php  # Latest updates

Backup Configuration

/etc/mailborder/backup.conf

Backup system configuration.

[backup]
enabled = true
schedule = "daily 02:00"

[locations]
primary = "/var/backups/mailborder/"
secondary = ""  # Optional remote location

[retention]
daily = 7
weekly = 4
monthly = 12
yearly = 7

[includes]
configuration = true
database = true
logs = false
quarantine = true

[encryption]
enabled = true
method = "gpg"
key_id = "mailborder@example.com"

[notifications]
email = "admin@example.com"
on_success = false
on_failure = true

File Permissions

Critical Files

# Configuration files
chmod 640 /etc/mailborder/*.conf
chown root:mailborder /etc/mailborder/*.conf

# Database credentials (most sensitive)
chmod 600 /etc/mailborder/database.conf
chown root:root /etc/mailborder/database.conf

# Service files
chmod 644 /etc/systemd/system/mb-*.service
chown root:root /etc/systemd/system/mb-*.service

# Web server config
chmod 644 /etc/nginx/sites-available/mailborder
chown root:root /etc/nginx/sites-available/mailborder

# Certificates
chmod 600 /etc/ssl/private/mailborder.key
chmod 644 /etc/ssl/certs/mailborder.crt
chown root:root /etc/ssl/private/mailborder.key /etc/ssl/certs/mailborder.crt

Configuration Management

Backup Configuration

Backup all config files: 

sudo mb-backup --config-only

Manual backup: 

sudo tar czf /tmp/mailborder-config-$(date +%Y%m%d).tar.gz \
  /etc/mailborder/ \
  /etc/nginx/sites-available/mailborder \
  /etc/systemd/system/mb-*.service \
  /etc/php/*/fpm/pool.d/mailborder.conf

Restore Configuration

Restore from backup: 

sudo mb-restore --config-only --from /path/to/backup.tar.gz

Version Control

Initialize git repository: 

cd /etc/mailborder
sudo git init
sudo git add .
sudo git commit -m "Initial configuration"

Track changes: 

sudo git diff  # See changes
sudo git commit -am "Updated spam threshold"

See Also