## Provide certificates to enable StartTLS
# tls_certificate = /var/lib/acme/test.org/fullchain.pem
# tls_privatekey = /var/lib/acme/test.org/key.pem
tls_advertise_hosts =

primary_hostname = test.org
domainlist local_domains = test.org
timeout_frozen_after = 1m
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
never_users = root
host_lookup = *
daemon_smtp_ports = 25

message_size_limit = 30m

keep_environment = DS_HEADER : DS_URL

begin acl
acl_check_rcpt:
require
  domains = +local_domains
require
  message = Sender verification failed
  verify = sender
require
  message = Receiver verification failed
  verify = recipient
require
  message = Recipient unknown
  condition = ${run{/usr/bin/curl --output /dev/null --silent --fail -H "Docspell-Integration: ${env{DS_HEADER}{$value} fail}" "${env{DS_URL}{$value} fail}/api/v1/open/integration/item/$local_part"}{yes}{no}}
warn
  message = Reverse lookup failed
  !verify = reverse_host_lookup
accept

acl_check_data:
deny
  message = Sender verification failed
  !verify = header_sender
accept

begin routers
local_users:
  driver = accept
  transport = docspell

begin transports
docspell:
  driver = pipe
  command = /usr/bin/curl --output /dev/null --silent --fail -H "Docspell-Integration: ${env{DS_HEADER}{$value} fail}" -F "file=@-;filename=\"$h_subject:\"" "${env{DS_URL}{$value} fail}/api/v1/open/integration/item/$local_part"
  return_fail_output
  user = nobody
  delivery_date_add
  envelope_to_add
  return_path_add
  log_output