charts/mail-gateway/templates/maddy.yaml - pcloud - Gitiles

 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: maddy
   namespace: {{ .Release.Namespace }}
 data:
   maddy.conf: |
     $(hostname) = {{ .Values.mxHostname }}
     $(primary_domain) = {{ .Values.domains.primary.name }}
     $(local_domains) = {{ .Values.domains.primary.name }}{{ range .Values.domains.others }} {{ .name }}{{ end }}

     tls file /etc/maddy/certs/tls.crt /etc/maddy/certs/tls.key

     auth.external authsmtp {
         helper /usr/bin/auth-smtp
         perdomain yes
         domains $(local_domains)
     }

     hostname $(hostname)

     msgpipeline local_routing {
         destination {{ .Values.domains.primary.name }} {
             deliver_to &{{ .Values.domains.primary.name }}
         }
         {{ range .Values.domains.others }}
         destination {{ .name }} {
             deliver_to &{{ .name }}
         }
         {{ end }}
         default_destination {
             reject 550 5.1.1 "User doesn't exist"
         }
     }

     smtp tcp://0.0.0.0:25 {
         insecure_auth no

         defer_sender_reject yes

         limits {
             # Up to 20 msgs/sec across max. 10 SMTP connections.
             all rate 20 1s
             all concurrency 10
         }

         dmarc yes
         check {
             require_mx_record
             dkim
             spf
         }

         source $(local_domains) {
             reject 501 5.1.8 "Use Submission for outgoing SMTP"
         }
         default_source {
             destination $(local_domains) {
                 deliver_to &local_routing
             }
             default_destination {
                 reject 550 5.1.1 "User doesn't exist"
             }
         }
     }

     submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
         auth &authsmtp
         insecure_auth yes

         defer_sender_reject yes

         source $(local_domains) {
             destination $(local_domains) {
                 deliver_to &local_routing
             }
             default_destination {
                 modify {
                     dkim $(primary_domain) $(local_domains) default
                 }
                 deliver_to &remote_queue
             }
         }
         default_source {
             reject 501 5.1.8 "Non-local sender domain"
         }
     }

     target.smtp {{ .Values.domains.primary.name }} {
         hostname $(hostname)
         attempt_starttls false
         require_tls no
         auth off
         targets tcp://maddy.{{ .Values.domains.primary.namespace }}.svc.cluster.local:25
     }

     {{ range .Values.domains.others }}
     target.smtp {{ .name }} {
         hostname mail.{{ .name }}
         attempt_starttls false
         require_tls no
         auth off
         targets tcp://maddy.{{ .namespace }}.svc.cluster.local:25
     }
     {{ end }}

     target.queue remote_queue {
         target &outbound_delivery

         autogenerated_msg_domain $(primary_domain)
         bounce {
             destination postmaster $(local_domains) {
                 deliver_to &local_routing
             }
             default_destination {
                 reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
             }
         }
     }

     target.remote outbound_delivery {
         limits {
             # Up to 20 msgs/sec across max. 10 SMTP connections
             # for each recipient domain.
             destination rate 20 1s
             destination concurrency 10
         }
         mx_auth {
             dane
             mtasts {
                 cache fs
                 fs_dir mtasts_cache/
             }
             local_policy {
                 min_tls_level encrypted
                 min_mx_level none
             }
         }
     }
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: maddy
   namespace: {{ .Release.Namespace }}
 spec:
   selector:
     matchLabels:
       app: maddy
   replicas: 1
   template:
     metadata:
       labels:
         app: maddy
     spec:
       volumes:
       - name: config
         configMap:
           name: maddy
       - name: certs
         secret:
           secretName: cert-{{ .Values.mxHostname }}
       - name: data
         persistentVolumeClaim:
           claimName: data
       containers:
       - name: maddy
         image: giolekva/maddy-auth-smtp:v0.4.4
         imagePullPolicy: Always
         ports:
         - name: imap
           containerPort: 143
           protocol: TCP
         - name: imaps
           containerPort: 993
           protocol: TCP
         - name: smtp
           containerPort: 25
           protocol: TCP
         - name: smtps
           containerPort: 465
           protocol: TCP
         - name: submission
           containerPort: 587
           protocol: TCP
         command:
         - maddy
         - -config
         - /etc/maddy/config/maddy.conf
         volumeMounts:
         - name: config
           mountPath: /etc/maddy/config
         - name: certs
           mountPath: /etc/maddy/certs
         - name: data
           mountPath: /var/lib/maddy
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: maddy
   namespace: {{ .Release.Namespace }}
 spec:
   type: LoadBalancer
   externalTrafficPolicy: Local
   selector:
     app: maddy
   ports:
     - name: imap
       port: 143
       protocol: TCP
     - name: imaps
       port: 993
       protocol: TCP
     - name: smtp
       port: 25
       protocol: TCP
     - name: smtps
       port: 465
       protocol: TCP
     - name: submission
       port: 587
       protocol: TCP
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: data
   namespace: {{ .Release.Namespace }}
 spec:
   accessModes:
     - ReadWriteOnce
   resources:
     requests:
       storage: {{ .Values.persistence.size }}
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: maddy
	namespace: {{ .Release.Namespace }}
	data:
	maddy.conf: \|
	$(hostname) = {{ .Values.mxHostname }}
	$(primary_domain) = {{ .Values.domains.primary.name }}
	$(local_domains) = {{ .Values.domains.primary.name }}{{ range .Values.domains.others }} {{ .name }}{{ end }}

	tls file /etc/maddy/certs/tls.crt /etc/maddy/certs/tls.key

	auth.external authsmtp {
	helper /usr/bin/auth-smtp
	perdomain yes
	domains $(local_domains)
	}

	hostname $(hostname)

	msgpipeline local_routing {
	destination {{ .Values.domains.primary.name }} {
	deliver_to &{{ .Values.domains.primary.name }}
	}
	{{ range .Values.domains.others }}
	destination {{ .name }} {
	deliver_to &{{ .name }}
	}
	{{ end }}
	default_destination {
	reject 550 5.1.1 "User doesn't exist"
	}
	}

	smtp tcp://0.0.0.0:25 {
	insecure_auth no

	defer_sender_reject yes

	limits {
	# Up to 20 msgs/sec across max. 10 SMTP connections.
	all rate 20 1s
	all concurrency 10
	}

	dmarc yes
	check {
	require_mx_record
	dkim
	spf
	}

	source $(local_domains) {
	reject 501 5.1.8 "Use Submission for outgoing SMTP"
	}
	default_source {
	destination $(local_domains) {
	deliver_to &local_routing
	}
	default_destination {
	reject 550 5.1.1 "User doesn't exist"
	}
	}
	}

	submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
	auth &authsmtp
	insecure_auth yes

	defer_sender_reject yes

	source $(local_domains) {
	destination $(local_domains) {
	deliver_to &local_routing
	}
	default_destination {
	modify {
	dkim $(primary_domain) $(local_domains) default
	}
	deliver_to &remote_queue
	}
	}
	default_source {
	reject 501 5.1.8 "Non-local sender domain"
	}
	}

	target.smtp {{ .Values.domains.primary.name }} {
	hostname $(hostname)
	attempt_starttls false
	require_tls no
	auth off
	targets tcp://maddy.{{ .Values.domains.primary.namespace }}.svc.cluster.local:25
	}

	{{ range .Values.domains.others }}
	target.smtp {{ .name }} {
	hostname mail.{{ .name }}
	attempt_starttls false
	require_tls no
	auth off
	targets tcp://maddy.{{ .namespace }}.svc.cluster.local:25
	}
	{{ end }}

	target.queue remote_queue {
	target &outbound_delivery

	autogenerated_msg_domain $(primary_domain)
	bounce {
	destination postmaster $(local_domains) {
	deliver_to &local_routing
	}
	default_destination {
	reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
	}
	}
	}

	target.remote outbound_delivery {
	limits {
	# Up to 20 msgs/sec across max. 10 SMTP connections
	# for each recipient domain.
	destination rate 20 1s
	destination concurrency 10
	}
	mx_auth {
	dane
	mtasts {
	cache fs
	fs_dir mtasts_cache/
	}
	local_policy {
	min_tls_level encrypted
	min_mx_level none
	}
	}
	}
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: maddy
	namespace: {{ .Release.Namespace }}
	spec:
	selector:
	matchLabels:
	app: maddy
	replicas: 1
	template:
	metadata:
	labels:
	app: maddy
	spec:
	volumes:
	- name: config
	configMap:
	name: maddy
	- name: certs
	secret:
	secretName: cert-{{ .Values.mxHostname }}
	- name: data
	persistentVolumeClaim:
	claimName: data
	containers:
	- name: maddy
	image: giolekva/maddy-auth-smtp:v0.4.4
	imagePullPolicy: Always
	ports:
	- name: imap
	containerPort: 143
	protocol: TCP
	- name: imaps
	containerPort: 993
	protocol: TCP
	- name: smtp
	containerPort: 25
	protocol: TCP
	- name: smtps
	containerPort: 465
	protocol: TCP
	- name: submission
	containerPort: 587
	protocol: TCP
	command:
	- maddy
	- -config
	- /etc/maddy/config/maddy.conf
	volumeMounts:
	- name: config
	mountPath: /etc/maddy/config
	- name: certs
	mountPath: /etc/maddy/certs
	- name: data
	mountPath: /var/lib/maddy
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: maddy
	namespace: {{ .Release.Namespace }}
	spec:
	type: LoadBalancer
	externalTrafficPolicy: Local
	selector:
	app: maddy
	ports:
	- name: imap
	port: 143
	protocol: TCP
	- name: imaps
	port: 993
	protocol: TCP
	- name: smtp
	port: 25
	protocol: TCP
	- name: smtps
	port: 465
	protocol: TCP
	- name: submission
	port: 587
	protocol: TCP
	---
	apiVersion: v1
	kind: PersistentVolumeClaim
	metadata:
	name: data
	namespace: {{ .Release.Namespace }}
	spec:
	accessModes:
	- ReadWriteOnce
	resources:
	requests:
	storage: {{ .Values.persistence.size }}