charts/maddy/templates/config.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: config
  namespace: {{ .Release.Namespace }}
data:
  maddy.conf: |
    $(hostname) = mail.{{ .Values.ingress.public.domain }}
    $(primary_domain) = {{ .Values.ingress.public.domain }}
    $(local_domains) = $(primary_domain)

    auth.pass_table local_authdb {
        table sql_table {
            driver sqlite3
            dsn credentials.db
            table_name passwords
        }
    }

    storage.imapsql local_mailboxes {
        driver sqlite3
        dsn imapsql.db
    }

    hostname $(hostname)

    msgpipeline local_routing {
        destination postmaster $(local_domains) {
            modify {
                replace_rcpt regexp "(.+)\+(.+)@(.+)" "$1@$3"
                replace_rcpt file /etc/maddy/aliases
            }

            deliver_to &local_mailboxes
        }

        default_destination {
            reject 550 5.1.1 "User doesn't exist"
        }
    }

    smtp tcp://0.0.0.0:25 {
        tls off

        limits {
            # Up to 20 msgs/sec across max. 10 SMTP connections.
            all rate 20 1s
            all concurrency 10
        }

        dmarc yes
        check {
            require_mx_record
            dkim
            spf
        }

        source $(local_domains) {
            reject 501 5.1.8 "Use Submission for outgoing SMTP"
        }
        default_source {
            destination postmaster $(local_domains) {
                deliver_to &local_routing
            }
            default_destination {
                reject 550 5.1.1 "User doesn't exist"
            }
        }
    }

    submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
        tls file /etc/maddy/certs-private/tls.crt /etc/maddy/certs-private/tls.key

        limits {
            # Up to 50 msgs/sec across any amount of SMTP connections.
            all rate 50 1s
        }

        auth &local_authdb

        source $(local_domains) {
            destination postmaster $(local_domains) {
                deliver_to &local_routing
            }
            default_destination {
                # modify {
                #     dkim $(primary_domain) $(local_domains) default
                # }
                deliver_to &remote_queue
            }
        }
        default_source {
            reject 501 5.1.8 "Non-local sender domain"
        }
    }

    target.smtp outbound_gateway {
      hostname {{ .Values.mailGateway.mxHostname }}
      attempt_starttls false
      require_tls no
      auth forward
      targets {{ .Values.mailGateway.address}}
    }

    target.queue remote_queue {
        target &outbound_gateway
        autogenerated_msg_domain $(primary_domain)
        bounce {
            destination postmaster $(local_domains) {
                deliver_to &local_routing
            }
            default_destination {
                reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
            }
        }
    }

    imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
        tls file /etc/maddy/certs-private/tls.crt /etc/maddy/certs-private/tls.key
        auth &local_authdb
        storage &local_mailboxes
    }