mail-gateway
diff --git a/charts/maddy/templates/config.yaml b/charts/maddy/templates/config.yaml
index 9c14421..166adc3 100644
--- a/charts/maddy/templates/config.yaml
+++ b/charts/maddy/templates/config.yaml
@@ -5,39 +5,10 @@
namespace: {{ .Release.Namespace }}
data:
maddy.conf: |
- # ----
- ## Maddy Mail Server - default configuration file (2021-03-07)
- # Suitable for small-scale deployments. Uses its own format for local users DB,
- # should be managed via maddyctl utility.
- #
- # See tutorials at https://maddy.email for guidance on typical
- # configuration changes.
- #
- # See manual pages (also available at https://maddy.email) for reference
- # documentation.
-
- # ----------------------------------------------------------------------------
- # Base variables
-
$(hostname) = mail.{{ .Values.ingress.public.domain }}
$(primary_domain) = {{ .Values.ingress.public.domain }}
$(local_domains) = $(primary_domain)
-
- tls file /etc/maddy/certs/tls.crt /etc/maddy/certs/tls.key
-
- # ----------------------------------------------------------------------------
- # Local storage & authentication
-
- # pass_table provides local hashed passwords storage for authentication of
- # users. It can be configured to use any "table" module, in default
- # configuration a table in SQLite DB is used.
- # Table can be replaced to use e.g. a file for passwords. Or pass_table module
- # can be replaced altogether to use some external source of credentials (e.g.
- # PAM, /etc/shadow file).
- #
- # If table module supports it (sql_table does) - credentials can be managed
- # using 'maddyctl creds' command.
-
+
auth.pass_table local_authdb {
table sql_table {
driver sqlite3
@@ -45,59 +16,45 @@
table_name passwords
}
}
-
- # imapsql module stores all indexes and metadata necessary for IMAP using a
- # relational database. It is used by IMAP endpoint for mailbox access and
- # also by SMTP & Submission endpoints for delivery of local messages.
- #
- # IMAP accounts, mailboxes and all message metadata can be inspected using
- # imap-* subcommands of maddyctl utility.
-
+
storage.imapsql local_mailboxes {
driver sqlite3
dsn imapsql.db
}
-
- # ----------------------------------------------------------------------------
- # SMTP endpoints + message routing
-
+
hostname $(hostname)
-
+
msgpipeline local_routing {
- # Insert handling for special-purpose local domains here.
- # e.g.
- # destination lists.example.org {
- # deliver_to lmtp tcp://127.0.0.1:8024
- # }
-
destination postmaster $(local_domains) {
modify {
replace_rcpt regexp "(.+)\+(.+)@(.+)" "$1@$3"
replace_rcpt file /etc/maddy/aliases
}
-
+
deliver_to &local_mailboxes
}
-
+
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
-
+
smtp tcp://0.0.0.0:25 {
+ tls off
+
limits {
# Up to 20 msgs/sec across max. 10 SMTP connections.
all rate 20 1s
all concurrency 10
}
-
+
dmarc yes
check {
require_mx_record
dkim
spf
}
-
+
source $(local_domains) {
reject 501 5.1.8 "Use Submission for outgoing SMTP"
}
@@ -110,23 +67,25 @@
}
}
}
-
+
submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
+ tls file /etc/maddy/certs-private/tls.crt /etc/maddy/certs-private/tls.key
+
limits {
# Up to 50 msgs/sec across any amount of SMTP connections.
all rate 50 1s
}
-
+
auth &local_authdb
-
+
source $(local_domains) {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
- modify {
- dkim $(primary_domain) $(local_domains) default
- }
+ # modify {
+ # dkim $(primary_domain) $(local_domains) default
+ # }
deliver_to &remote_queue
}
}
@@ -135,29 +94,16 @@
}
}
- target.remote outbound_delivery {
- limits {
- # Up to 20 msgs/sec across max. 10 SMTP connections
- # for each recipient domain.
- destination rate 20 1s
- destination concurrency 10
- }
- mx_auth {
- dane
- mtasts {
- cache fs
- fs_dir mtasts_cache/
- }
- local_policy {
- min_tls_level encrypted
- min_mx_level none
- }
- }
+ target.smtp outbound_gateway {
+ hostname {{ .Values.mailGateway.mxHostname }}
+ attempt_starttls false
+ require_tls no
+ auth forward
+ targets {{ .Values.mailGateway.address}}
}
-
+
target.queue remote_queue {
- target &outbound_delivery
-
+ target &outbound_gateway
autogenerated_msg_domain $(primary_domain)
bounce {
destination postmaster $(local_domains) {
@@ -168,11 +114,9 @@
}
}
}
-
- # ----------------------------------------------------------------------------
- # IMAP endpoints
-
+
imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
+ tls file /etc/maddy/certs-private/tls.crt /etc/maddy/certs-private/tls.key
auth &local_authdb
storage &local_mailboxes
}