bridgedb.conf

# -*- mode: python ; coding: utf-8 -*-
#
#   +---------------+
#   | bridgedb.conf |
#   +---------------+
#
# This file uses Python syntax, and is sourced as if it were a .py file. Just
# pretend you're writing Python, and everything will be peachy keen.
#______________________________________________________________________________
#
# Part of BridgeDB, a Tor bridge distribution system.
#
# :authors: The Tor Project, Inc.
# :license: This file is freely distributed as part of BridgeDB, see LICENSE
#           for details.
# :copyright: (c) 2007-2017 The Tor Project, Inc.
#             (c) 2007-2017, all sentient entities within the AUTHORS file
# :version: 0.3.3
#===============================================================================
#
# CHANGELOG:
# ~~~~~~~~~~
# Changed in version 0.3.3 - 2015-07-22
#   * ADD new options, CSP_ENABLED, CSP_REPORT_ONLY, and CSP_INCLUDE_SELF for
#     setting options related to HTTP(S) Distributor Content Security Policy
#     settings.
#
# Changed in version 0.3.2 - 2015-04-30
#   * CHANGE to using BridgeDB release versions for bridgedb.conf file versions.
#   * ADD support for specifying bridge rotation periods via the
#     EMAIL_ROTATION_PERIOD and HTTPS_ROTATION_PERIOD settings.
#   * ADD a new option, IGNORE_NETWORKSTATUS, which controls if BridgeDB cares
#     whether or not a bridge was present in the BridgeAuthority's
#     networkstatus-bridges file, as well as what information is gleaned from
#     the bridge-networkstatus documents within that file.
#
# Changed in version 0.0.15 - 2015-03-26
#   * ADD new SUPPORTED_TRANSPORTS and DEFAULT_TRANSPORT settings.
#
# Changes in version 0.0.14 - 2015-02-22
#   * ADD new OpenPGP-related options:
#        - EMAIL_GPG_HOMEDIR
#        - EMAIL_GPG_PRIMARY_KEY_FINGERPRINT
#        - EMAIL_GPG_PASSPHRASE
#        - EMAIL_GPG_PASSPHRASE_FILE
#   * REMOVE old OpenPGP signing key file option, EMAIL_GPG_SIGNING_KEY.
#
# Changes in version 0.0.13 - 2015-02-20
#   * ADD NO_DISTRIBUTION_COUNRIES option for refusing to distribute bridges
#     whose primary ORAddress is geolocated to any of some certain countries.
#
# Changes in version 0.0.12 - 2015-02-06
#   * ADD a dictionary of TASKS to be run and the intervals at which they
#     should be repeated.
#
# Changes in version 0.0.11 - 2014-07-06
#   * ADD EMAIL_BLACKLIST and EMAIL_FUZZY_MATCH settings.
#
# Changes in version 0.0.10 - 2014-06-06
#   * Support requiring distribution of bridges with the "Running" flag.
#
# Changes in version 0.0.9 - 2014-06-06
#   * ADD EMAIL_WHITELIST setting.
#
# Changes in version 0.0.8 - 2014-05-14
#   * CHANGE RECAPTCHA_PRIV_KEY to RECAPTCHA_SEC_KEY.
#
# Changes in version 0.0.7 - 2014-03-31
#   * ADD new settings for tracing function calls and thread info within logged
#     messages: LOG_THREADS, LOG_TRACE, and LOG_TIME_FORMAT.
#
# Changes in version 0.0.6 - 2014-03-28
#   * CHANGE gimp-captchas to be the norm.
#   * ADD bucket for support team.
#
# Changes in version 0.0.5 - 2014-02-27
#   * ADD GIMP_CAPTCHA_ENABLED, GIMP_CAPTCHA_DIR, GIMP_CAPTCHA_HMAC_KEYFILE,
#     and GIMP_CAPTCHA_RSA_KEYFILE settings (see #10809).
#   * Decrease email share.
#   * Whitelist the public IP address of bridges.torproject.org in
#     RECAPTCHA_REMOTE_IP setting.
#
# Changes in version 0.0.4 - 2014-01-24
#   * ADD COLLECT_TIMESTAMPS option (see #10724). Set it to False for the
#     staging instance (etc/test-bridgedb.conf), and True for the production
#     server (etc/bridgedb.conf).
#
# Changes in version 0.0.3 - 2014-01-17
#   * UPDATE config from bridgedb.git/bridgedb.conf, without changing any of the
#     settings.
#
# Changes in version 0.0.2 - 2014-01-17
#   * ADD missing settings, EMAIL_GPG_SIGNING_ENABLED and EMAIL_GPG_SIGNING_KEY.
#
# Changes in version 0.0.1 - 2013-08-30
#   * ADD version of config file in use on ponticum.
#     - Two config variables, RECAPTCHA_PUB_KEY and RECAPTCHA_PRIV_KEY, have
#       been removed, they can be found in:
#       patches/001-bridgedb-conf-recaptcha-vars.patch.
#   * CLEANUP the config file slightly (such as adding these headers) and
#     fixing the linewraps. No other variables were touched.
#
#===============================================================================

#===========================#
#  General-purpose options  #
#___________________________#

#----------------
# Required Files \  You'll want to make sure that these ones exist!
#------------------------------------------------------------------------------
#
# All filenames are taken as relative to the RUNTIME directory, which is the
# current working directory when you call the ``bridgedb`` script, or you may
# specify a particular RUNTIME directory by doing:
#
#     $ bridgedb -r /path/to/some/nice/place
#
# Obviously, this config file should live in that directory, so that BridgeDB
# can read it.
#------------------------------------------------------------------------------

# List of directories which contain versions of the files specified in
# BRIDGE_FILES, EXTRA_INFO_FILES, and STATUS_FILE.
BRIDGE_AUTHORITY_DIRECTORIES = ["from-authority", "from-bifroest"]

# List of filenames from which we read ``@type bridge-server-descriptor``s, on
# startup and on SIGHUP.
BRIDGE_FILES = ["bridge-descriptors"]

# List of filenames from which we read ``@type bridge-extra-info``
# descriptors, for learning about a bridge's pluggable transports:
EXTRA_INFO_FILES = ["cached-extrainfo", "cached-extrainfo.new"]

# Filename from which we read ``@type bridge-network-status`` entries, for
# learning which current bridges are Running, as well as their IPv6 addresses.
STATUS_FILE = "networkstatus-bridges"

# If ``True``, then the only information which we obtain from the
# networkstatus file (the ``STATUS_FILE`` option) created by the
# BridgeAuthority are the bridge flags (i.e. "Running", "Stable", etc.), and
# we ignore all errors which have anything to do with networkstatus being
# wrong, out-of-date, or missing.
#
# Otherwise, if ``False``, use the networkstatus to determine which bridges
# should be distributed.
#
# See https://bugs.torproject.org/9380#comment:39,
# https://bugs.torproject.org/11216, and https://bugs.torproject.org/15866.
#
IGNORE_NETWORKSTATUS = True

#----------------
# Output Files   \  Where to store created data
#------------------------------------------------------------------------------
#
# These will get automatically created for you, just specify where they should
# go.
#------------------------------------------------------------------------------

# Either a file to log to, or None if we should log to the console.
LOGFILE = "bridgedb.log"

# File in which to write our pid
PIDFILE = "bridgedb.pid"

# Filename of the database to store persistent info in.
DB_FILE = "bridgedist.db"

# Filename to log changes to persistent info in. For debugging and bugfixing.
DB_LOG_FILE = "bridgedist.log"

# Filename where we store our secret HMAC root key. This file and the key
# inside are automatically created for you if they do not exist.
MASTER_KEY_FILE = "secret_key"

# File to which we dump bridge pool assignments for statistics.
ASSIGNMENTS_FILE = "assignments.log"

# Name of the file that contains BridgeDB's metrics.
METRICS_FILE = "bridgedb-metrics.log"

#------------------
# Logging Options  \
#------------------------------------------------------------------------------
#
# Be sure to also see the LOGFILE option above!
#------------------------------------------------------------------------------

# One of "DEBUG", "INFO", "WARNING", "ERROR", or "FATAL:
LOGLEVEL = "DEBUG"

# If true, we scrub all potentially identifying information before we log it
SAFELOGGING = True

# Logfile rotation settings
LOGFILE_COUNT = 5
LOGFILE_ROTATE_SIZE = 10000000

# If True, include thread IDs and numbers in log messages, if available:
LOG_THREADS = False

# If True, include the module name, function name, and line number of the
# calling function where the log message was generated:
LOG_TRACE = True

# A strftime(3) format string that specifies how to log timestamps:
LOG_TIME_FORMAT = "%H:%M:%S"

#---------------------------
# Database/Parsing Options  \
#------------------------------------------------------------------------------
#
# These options change various database transaction and descriptor parsing
# behaviours.
#------------------------------------------------------------------------------

# (boolean) If True, then collect, sort, and store all timestamps seen for all
# bridges. This operation is extremely expensive, and should be disabled when
# it is not necessary.
COLLECT_TIMESTAMPS = False

#-------------------------------
# General Distribution Options  \
#------------------------------------------------------------------------------
#
# These options are not specific to a certain distributor and they may alter
# the bridge selection process in certain circumstances.
#------------------------------------------------------------------------------

# Filename that contains blocked bridges list. Comment out to disable.
#COUNTRY_BLOCK_FILE = "blocked-bridges"

# (list of two-character, uppercased strings for country codes) Don't
# distribute bridges whose main ORPort IP address is geolocated to any of the
# following countries:
NO_DISTRIBUTION_COUNTRIES = ['IR', 'SY']

# The path to a file containing the fingerprints of blacklisted bridges and
# their reason for being blacklisted.  An entry should be in the form:
#
# FINGERPRINT [SP REASON]
#
# where REASON is optional and may contain whitespace.
#
# (See NO_DISTRIBUTION_FINGERPRINTS in the code for how this is used.)
NO_DISTRIBUTION_FILE = None

# A list of filenames that contain IP addresses (one per line) of proxies.
# All IP-based distributors that see an incoming connection from a proxy
# will treat them specially.
PROXY_LIST_FILES = []

# If possible, always give a certain number of answers with a given ORPort.
# This is a list of ``(port, minimum)`` tuples.
FORCE_PORTS = [(443, 1)]

# If possible, always give a certain number of answers with a given flag.
# Both "Running" and "Stable" are supported.
# This is a list of (flag,minimum) tuples.
FORCE_FLAGS = [("Stable", 1)]

# Only consider routers whose purpose matches this string.
BRIDGE_PURPOSE = "bridge"

# TASKS is a dictionary mapping the names of tasks to a tuple consisting of the
# frequency with which they should be run (in seconds) and a boolean value
# expressing if the task should be run immediately after start up. If a task's
# frequency is set to 0, it will not be scheduled to run.
TASKS = {
    # Download a list of Tor exit relays once every three hours (by running
    # scripts/get-exit-list) and add those exit relays to the list of proxies
    # loaded from the PROXY_LIST_FILES:
    'GET_TOR_EXIT_LIST': (3 * 60 * 60, True),
    # Delete *.unparseable descriptor files which are more than 24 hours old:
    'DELETE_UNPARSEABLE_DESCRIPTORS': (24 * 60 * 60, False),
    # Export usage metrics every 24 hours:
    'EXPORT_METRICS': (24 * 60 * 60, False),
}

# SUPPORTED_TRANSPORTS is a dictionary mapping Pluggable Transport methodnames
# to booleans. If ``True``, the PT is distributed; if ``False``, it isn't.
SUPPORTED_TRANSPORTS = {
    'obfs2': False,
    'obfs3': False,
    'obfs4': True,
    'scramblesuit': False,
    'fte': False,
}

# PROBING_RESISTANT_TRANSPORTS is a list of transports that are resistant to
# active probing attacks as pioneered by China's GFW.  If a bridge supports any
# of the following transports, only these transports are distributed, and no
# others.  Here's why: If we have a bridge that supports both obfs3 and obfs4,
# we don't want to hand out its obfs3 line to users because this may get the
# bridge probed and its IP address blocked, which also blocks the obfs4 PT.
PROBING_RESISTANT_TRANSPORTS = ['scramblesuit', 'obfs4']

# DEFAULT_TRANSPORT is a string. It should be the PT methodname of the
# transport which is selected by default (e.g. in the webserver dropdown
# menu).
DEFAULT_TRANSPORT = 'obfs4'

# HTTP headers that suggest that a request was issued by a bot.  The CSV
# file must have the following format:
#   <HEADER>,<REGEXP>
#   ...
# For example:
#   Accept-Language,[Kk]lingon
BLACKLISTED_REQUEST_HEADERS_FILE="blacklisted-request-headers.csv"

# List of tuples that specify blacklisted tor version ranges.  The first
# element marks the start of the range and the second element marks the end.
# Both the start *and* the end version are blocked too.  If you want to block a
# single version, have the start and end range be identical.  BridgeDB won't
# distribute bridges whose version falls within any version ranges.
BLACKLISTED_TOR_VERSIONS = [
    ('0.3.4', '0.3.4.9'), # See <https://bugs.torproject.org/29184>.
    ('0.3.5', '0.3.5.6')
]

# Decoy bridges that we are handing out to bots that we detected using the
# regular expressions in BLACKLISTED_REQUEST_HEADERS_FILE.  The CSV file must
# have the following format:
#   <TRANSPORT>v<IP_VERSION>,<BRIDGE_LINE>
#   ...
# For example:
#   vanillav4,1.2.3.4:1234 0123456789ABCDEF0123456789ABCDEF01234567
#   vanillav6,[::1]:1234 0123456789ABCDEF0123456789ABCDEF01234567
#   obfs4v4,obfs4 1.2.3.4:1234 public-key=... node-id=... iat-mode=...
DECOY_BRIDGES_FILE="decoy-bridges.csv"

#-------------------------------
# Moat Distribution Options  \
#------------------------------------------------------------------------------
#
# These options configure the behaviour of a web interface which speaks JSON API
# to a remote application in order to present said application with the
# necessary information for creating a user interface for bridge distribution
# mechanism, similar to the web interface of BridgeDB's HTTPS Distributor. If
# MOAT_DIST is enabled, make sure that the MOAT_CERT_FILE and MOAT_KEY_FILE
# options point to the correct location of your SSL certificate and key!
# ------------------------------------------------------------------------------

# (boolean) True to enable distribution via Moat; False otherwise.
MOAT_DIST = True

# (boolean) True to only allow Moat distribution via a Meek tunnel.  False to
# only allow Moat distribution via untunneled HTTP(S).
MOAT_DIST_VIA_MEEK_ONLY = True

# Certificate file and private key for the Moar Distributor. To create a
# self-signed cert, run ``scripts/make-ssl-cert`` it will create these files
# in your current directory.
MOAT_TLS_CERT_FILE="moat-tls.crt"
MOAT_TLS_KEY_FILE="moat-tls.pem"

# (string) The Fully-Qualified Domain Name (FQDN) of the server that the Moat
# and/or HTTPS distributor(s) is/are publicly reachable at.
if MOAT_DIST_VIA_MEEK_ONLY:
    MOAT_SERVER_PUBLIC_ROOT = '/meek/moat'
else:
    MOAT_SERVER_PUBLIC_ROOT = '/moat'

# How many bridges do we give back in an answer (either HTTP or HTTPS)?
MOAT_BRIDGES_PER_ANSWER = 3

# (list) An ordered list of the preferred transports which moat should
# distribute, in order from most preferable to least preferable.
MOAT_TRANSPORT_PREFERENCE_LIST = ["obfs4", "vanilla"]

# (string or None) The IP address where we listen for HTTPS connections. If
# ``None``, listen on the default interface.
MOAT_HTTPS_IP = '127.0.0.1'

# (integer or None) The port to listen on for incoming HTTPS connections.
MOAT_HTTPS_PORT = 6791

# (string or None) The IP address to listen on for unencrypted HTTP
# connections. Set to ``None`` to disable unencrypted connections to the web
# interface.
MOAT_HTTP_IP = None

# (integer or None) The port to listen on for incoming HTTP connections.
MOAT_HTTP_PORT = None

# If true, there is a trusted proxy relaying incoming messages to us: take
# the *last* entry from its X-Forwarded-For header as the client's IP.
MOAT_USE_IP_FROM_FORWARDED_HEADER = True

# If True, there is a misconfigured proxy relaying incoming messages
# to us: take the *last* entry in the X-Forwarded-For header which is
# not a loopback address (127.0.0.1/8) as the client's IP.
MOAT_SKIP_LOOPBACK_ADDRESSES = True

# How many clusters do we group IPs in when distributing bridges based on IP?
# Note that if PROXY_LIST_FILES is set (below), what we actually do here
# is use one higher than the number here, and the extra cluster is used
# for answering requests made by IP addresses in the PROXY_LIST_FILES file.
MOAT_N_IP_CLUSTERS = 4

# (string or None) The period at which the available bridges rotates to a
# separate set of bridges.  This setting can be used in the form
#
#     "COUNT PERIOD"    where
#                         COUNT is an integer
#                         PERIOD is one of "second", "minute", "hour", "day",
#                                "week", or "month" (or any plural form).
#
# For example, setting HTTPS_ROTATION_PERIOD = "3 days" will result in the set
# of bridges which are available through the web interface (either HTTP or
# HTTPS) getting rotated once every three days.  Setting this to None disables
# rotation entirely.
MOAT_ROTATION_PERIOD = "3 hours"

# The location of the files which store the HMAC secret key and RSA keypair
# (for checking captcha responses):
MOAT_GIMP_CAPTCHA_HMAC_KEYFILE = 'moat_captcha_hmac_key'
MOAT_GIMP_CAPTCHA_RSA_KEYFILE = 'moat_captcha_rsa_key'

#-------------------------------
# HTTP(S) Distribution Options  \
#------------------------------------------------------------------------------
#
# These options configure the behaviour of the web interface bridge
# distribution mechanism. If HTTPS_DIST is enabled, make sure that the
# HTTPS_CERT_FILE and HTTPS_KEY_FILE options point to the correct location of
# your SSL certificate and key!
#------------------------------------------------------------------------------

# Certificate file and private key for the HTTPS Distributor. To create a
# self-signed cert, run ``scripts/make-ssl-cert`` it will create these files
# in your current directory.
HTTPS_CERT_FILE="cert"
HTTPS_KEY_FILE="privkey.pem"

# (string) The Fully-Qualified Domain Name (FQDN) of the server that the HTTP
# and/or HTTPS distributor(s) is/are publicly reachable at.
SERVER_PUBLIC_FQDN = 'bridges.torproject.org'

# (string) The IP address that the HTTP and/or HTTPS distributor(s) is/are
# publicly reachable at. This is used for fetching the list of Tor exit
# relays which allow exits to this IP.
SERVER_PUBLIC_EXTERNAL_IP = '38.229.72.19'

# (boolean) True to enable distribution via HTTP or HTTPS; False otherwise.
HTTPS_DIST = True

# (string or None) The IP address where we listen for HTTPS connections. If
# ``None``, listen on the default interface.
HTTPS_BIND_IP = '127.0.0.1'

# (integer or None) The port to listen on for incoming HTTPS connections.
HTTPS_PORT = 6789

# How many bridges do we give back in an answer (either HTTP or HTTPS)?
HTTPS_N_BRIDGES_PER_ANSWER = 3

# Should we tell http users about the bridge fingerprints?  Turn this on
# once we have the vidalia/tor interaction fixed for everbody.
HTTPS_INCLUDE_FINGERPRINTS = True

# If true, there is a trusted proxy relaying incoming messages to us: take
# the *last* entry from its X-Forwarded-For header as the client's IP.
HTTPS_USE_IP_FROM_FORWARDED_HEADER = False

# How many clusters do we group IPs in when distributing bridges based on IP?
# Note that if PROXY_LIST_FILES is set (below), what we actually do here
# is use one higher than the number here, and the extra cluster is used
# for answering requests made by IP addresses in the PROXY_LIST_FILES file.
N_IP_CLUSTERS = 4

# (string or None) The period at which the available bridges rotates to a
# separate set of bridges.  This setting can be used in the form
#
#     "COUNT PERIOD"    where
#                         COUNT is an integer
#                         PERIOD is one of "second", "minute", "hour", "day",
#                                "week", or "month" (or any plural form).
#
# For example, setting HTTPS_ROTATION_PERIOD = "3 days" will result in the set
# of bridges which are available through the web interface (either HTTP or
# HTTPS) getting rotated once every three days.  Setting this to None disables
# rotation entirely.
HTTPS_ROTATION_PERIOD = "3 hours"

# (string or None) The IP address to listen on for unencrypted HTTP
# connections. Set to ``None`` to disable unencrypted connections to the web
# interface.
HTTP_UNENCRYPTED_BIND_IP = None

# (integer or None) The port to listen on for incoming HTTP connections.
HTTP_UNENCRYPTED_PORT = None

# (boolean) Same as the HTTPS_USE_IP_FROM_FORWARDED_HEADER option, but for
# unencrypted connections.
HTTP_USE_IP_FROM_FORWARDED_HEADER = False

# Options related to recaptcha support.
# Enable/Disable recaptcha
RECAPTCHA_ENABLED = False

# Recaptcha API keys
RECAPTCHA_PUB_KEY = ''
RECAPTCHA_SEC_KEY = ''

# The remoteip we send to reCAPTCHA during verification
RECAPTCHA_REMOTEIP = ''

# If true, use a local cache of generated CAPTCHAs:
GIMP_CAPTCHA_ENABLED = True

# The directory for the local CAPTCHA cache:
GIMP_CAPTCHA_DIR = 'captchas'

# The location of the files which store the HMAC secret key and RSA keypair
# (for checking captcha responses):
GIMP_CAPTCHA_HMAC_KEYFILE = 'captcha_hmac_key'
GIMP_CAPTCHA_RSA_KEYFILE = 'captcha_rsa_key'

# Content Security Policy Settings
# --------------------------------

# (boolean) If True, enable use of CSP headers.  This must be True for any
# other CSP-related options to have any effect.
#
# If enabled, the default Content Security Policy (CSP) is:
#
#     default-src 'none' ;
#     base-uri FQDN ;
#     script-src FQDN ;
#     style-src FQDN ;
#     img-src FQDN data: ;
#     font-src FQDN ;
#
# where "FQDN" is the value of the SERVER_PUBLIC_FQDN config setting.
#
# If CSP_INCLUDE_SELF is enabled, then "'self'" (literally, the word self
# surrounded by single-quotes) will be appended to the value of the
# SERVER_PUBLIC_FQDN config setting to create the "FQDN".

CSP_ENABLED = True

# (boolean) If True (and CSP_ENABLED is also True), then set a "report-only"
# Content Security Policy.  This means that client agents which run into
# problems with or cause violations of our CSP settings will report data
# regarding the problems/violations.  This report data is then logged (at the
# DEBUG level), along with the client's IP address (only if SAFELOGGING is
# disabled, otherwise the client's IP address is not reported).

CSP_REPORT_ONLY = False

# (boolean) If True, then append "'self'" to the "FQDN" in the default CSP
# header described above.

CSP_INCLUDE_SELF = True

#-------------------------------
# Email Distribution Options    \
#------------------------------------------------------------------------------
#
# These options configure the behaviour of the email bridge distribution
# mechanism. If EMAIL_DIST is enabled, make sure that the above
# HTTPS_CERT_FILE and HTTPS_KEY_FILE options point to the correct location of
# your SSL certificate and key!
# ------------------------------------------------------------------------------

# True if we are enabling distribution via Email; false otherwise.
EMAIL_DIST = True

# (string or None) The period at which the available bridges rotates to a
# separate set of bridges.  This setting can be used in the form
#
#     "COUNT PERIOD"    where
#                         COUNT is an integer
#                         PERIOD is one of "second", "minute", "hour", "day",
#                                "week", or "month" (or any plural form).
#
# For example, setting EMAIL_ROTATION_PERIOD = "3 days" will result in the set
# of bridges which are available through the email interface getting rotated
# once every three days.  Setting this to None disables rotation entirely.
EMAIL_ROTATION_PERIOD = "1 day"

# What email addresses do we use for outgoing email?

# EMAIL_FROM_ADDR goes in the 'From:' header on outgoing emails:
EMAIL_FROM_ADDR = "bridges@torproject.org"

# EMAIL_SMTP_FROM_ADDR goes in the 'MAIL FROM:' command in outgoing SMTP:
EMAIL_SMTP_FROM_ADDR = "bridges@torproject.org"

EMAIL_SMTP_HOST = "127.0.0.1"
EMAIL_SMTP_PORT = 25

# Reject any RCPT TO lines that aren't to this user.
EMAIL_USERNAME = "bridges"

# Canonical versions of domains that we will reply to.
EMAIL_DOMAINS = ["gmail.com", "riseup.net"]

# Map from unofficial domain to canonical domain.
EMAIL_DOMAIN_MAP = {
    "mail.google.com": "gmail.com",
    "googlemail.com": "gmail.com",
    "mail.riseup.net": "riseup.net",
    "fulvetta.riseup.net": "riseup.net",
    "fruiteater.riseup.net": "riseup.net",
    "mx1.riseup.net": "riseup.net",
}

# Map from canonical domain to list of options for that domain.  Recognized
# options are:
#     "ignore_dots" -- the service ignores "." characters in email addresses.
#     "dkim" -- if there is not a X-DKIM-Authentication-Result header
#        with the value "pass", then drop the message.
#
# Note that unrecognized options are ignored; be sure to spell them right!
EMAIL_DOMAIN_RULES = {
    'gmail.com': ["ignore_dots", "dkim"],
    'riseup.net': ["ignore_dots", "dkim"],
}

# A mapping of whitelisted email addresses to GnuPG key fingerprints:
EMAIL_WHITELIST = {}

# A list of blacklisted email addresses:
EMAIL_BLACKLIST = []

# An integer. This number will be used to calculate the Levenshtein String
# Distance between the 'From:' email address on an incoming client request and
# each of the blacklisted email addresses above. If the calculated distance is
# equal or less than the number below, the address is assumed to be related to
# one of the above blacklisted spammers. Basically, this allows for fuzzy
# matching the blacklisted email addresses. Decreasing this number will allow
# more email requests through; increasing will mean that a stricter match to
# one of the blacklisted addresses is required before the address is blocked.
# Set to `0` to disable.
EMAIL_FUZZY_MATCH = 4

# If there are any IPs in this list, only allow incoming connections from
# those IPs.
EMAIL_RESTRICT_IPS = []

# IP and port to listen on for email connections. Debugging only.
EMAIL_BIND_IP = "127.0.0.1"
EMAIL_PORT = 6725

# How many bridges do we give back in an answer?
EMAIL_N_BRIDGES_PER_ANSWER = 3

# Should we tell http users about the bridge fingerprints?  Turn this on
# once we have the vidalia/tor interaction fixed for everbody.
EMAIL_INCLUDE_FINGERPRINTS = True

#-------------------------------
# Hashring Allocation Options   \
#------------------------------------------------------------------------------
#
# These options determine the proportions of bridges per hashring. When
# BridgeDB receives a descriptor for a new bridge, that bridge is assigned to
# a hashring. For example, if ``HTTPS_DIST`` and ``EMAIL_DIST`` are both
# enabled, there is a hashring for bridges allocated to the HTTP(S)
# Distributor, and another for the Email Distributor. In addition, an
# "Unallocated" hashring is always created, in order to reserve some portion
# of bridges for manual distribution, or as backup in the case of a major
# blocking event. Once a bridge is assigned to one of these allocation groups,
# it stays there; there is currently no mechanism for changing a bridge's
# hashring allocation.
#
# Once a bridge is assigned to either of the first two groups, it stays there
# persistently. The bridges are allocated to these groups in a proportion of
#
#     ``MOAT_SHARE`` : ``HTTPS_SHARE`` : ``EMAIL_SHARE`` : ``RESERVED_SHARE``
# ------------------------------------------------------------------------------

# The proportion of bridges to allocate to Moat distribution.
MOAT_SHARE = 20

# The proportion of bridges to allocate to HTTP distribution.
HTTPS_SHARE = 10

# The proportion of bridges to allocate to Email distribution.
EMAIL_SHARE = 2

# An integer specifying the proportion of bridges which should remain
# unallocated, for backup usage and manual distribution.
RESERVED_SHARE = 2