Skip to content

Config key reference

Almost all settings live in the SQL config table (see Configuration overview). The table is seeded with defaults on first run and edited in the dashboard. This page is the full key reference.

In the Restart? column, “Yes” means changing the key requires a service restart to take effect; “No” means the change applies live.

Key Default Restart? Notes
listener.ports [25, 587] Yes JSON int array; listener falls back to 2525 if 25 can’t be bound (in use / no privilege)
listener.server_name "Dispatch" Yes SMTP banner / HELO name
listener.allowed_cidrs loopback + RFC1918 No JSON string array; closed by default (not an open relay)
listener.max_message_bytes 26214400 (25 MiB) No per-message ceiling
listener.require_auth false No require SMTP AUTH
listener.allow_unsecure_auth false No allow AUTH before STARTTLS
listener.connection_timeout_seconds 60 No idle connection timeout
listener.max_connections 100 No concurrent connection cap

See TLS certificate for how to generate or upload the shared cert.

Key Default Restart? Notes
tls.cert_path "" Yes path to PFX
tls.cert_password "" (encrypted) Yes encrypted at rest
tls.cert_source "" No "generated" or "uploaded"
Key Default Restart? Notes
spool.directory "./.dispatch-spool" Yes spool root directory
spool.worker_count 4 Yes concurrent delivery workers
spool.max_retries 3 No delivery attempts before failure
spool.retry_delays_seconds [30,300,1800] No JSON array; exponential back-off

See HTTP API for usage.

Key Default Restart? Notes
api.enabled true No master toggle for the ingestion API
api.port 8025 Yes plain HTTP
api.http_enabled true Yes toggle plain HTTP
api.tls_enabled false Yes enable HTTPS listener
api.tls_port 8026 Yes HTTPS port (shared TLS cert)
api.allowed_cidrs loopback + RFC1918 No closed by default
api.max_message_bytes 26214400 (25 MiB) No per-message ceiling
api.rate_limit_per_key 100 No requests/minute per API key
Key Default Restart? Notes
webui.port 8420 Yes HTTPS-only
webui.allowed_cidrs [] (allow all) No open by default, password-gated
webui.session_timeout_minutes 480 No 8 hours
webui.require_https true No enforce HTTPS
Key Default Restart? Notes
logging.log_delivered true No record delivered messages
logging.log_retrying true No record retry attempts
logging.log_denied true No record denied/rejected messages

See Retention & purge for behavior.

Key Default Restart? Notes
purge.enabled true No enable scheduled purge
purge.schedule_interval_hours 6 No how often purge runs
purge.spool_failed_retention_days 30 No failed spool file retention
purge.captured_retention_days 7 No Local Inbox capture retention
purge.log_delivered_retention_days 30 No delivered log row retention
purge.log_failed_retention_days 90 No failed log row retention
purge.audit_retention_days 90 No audit log retention
purge.audit_security_retention_days 7 No security audit entry retention
purge.size_trigger_gb 9.5 No start size-based purge at this DB size
purge.size_target_gb 9.0 No purge down to this

A few items cannot live in the config table because they are needed before the database is available, or because they secure the dashboard itself. The SQL connection string, the first-run admin password, the dashboard TLS certificate, and the log directory live in appsettings.json instead - see the Configuration overview.