Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 75ee27167691521d040bae25be3edb856795da30 / . / charts / mail-gateway / templates / maddy.yaml
blob: 16ebdfbf011ace45f1c1367e92adb53a3379ea5f [file] [log] [blame]
apiVersion: v1
kind: ConfigMap
metadata:
name: maddy
namespace: {{ .Release.Namespace }}
data:
maddy.conf: |
$(hostname) = mx1.lekva.me
$(primary_domain) = lekva.me
$(local_domains) = lekva.me shve.li
tls file /etc/maddy/certs/tls.crt /etc/maddy/certs/tls.key
auth.external authsmtp {
helper /usr/bin/auth-smtp
perdomain yes
domains $(local_domains)
}
hostname $(hostname)
msgpipeline local_routing {
destination lekva.me {
deliver_to &lekvame
}
destination shve.li {
deliver_to &shveli
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
smtp tcp://0.0.0.0:25 {
io_debug true
debug true
insecure_auth no
defer_sender_reject yes
limits {
# Up to 20 msgs/sec across max. 10 SMTP connections.
all rate 20 1s
all concurrency 10
}
dmarc yes
check {
require_mx_record
dkim
spf
}
source $(local_domains) {
reject 501 5.1.8 "Use Submission for outgoing SMTP"
}
default_source {
destination $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
}
submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
io_debug true
debug true
auth &authsmtp
insecure_auth yes
defer_sender_reject yes
source $(local_domains) {
destination $(local_domains) {
deliver_to &local_routing
}
default_destination {
modify {
dkim $(primary_domain) $(local_domains) default
}
deliver_to &remote_queue
}
}
default_source {
reject 501 5.1.8 "Non-local sender domain"
}
}
target.smtp lekvame {
debug true
hostname mx1.lekva.me
attempt_starttls false
require_tls no
auth off
targets tcp://maddy.app-maddy.svc.cluster.local:25
}
target.smtp shveli {
debug true
hostname mail.shve.li
attempt_starttls false
require_tls no
auth off
targets tcp://maddy.shveli-app-maddy.svc.cluster.local:25
}
target.queue remote_queue {
target &outbound_delivery
autogenerated_msg_domain $(primary_domain)
bounce {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
}
}
}
target.remote outbound_delivery {
limits {
# Up to 20 msgs/sec across max. 10 SMTP connections
# for each recipient domain.
destination rate 20 1s
destination concurrency 10
}
mx_auth {
dane
mtasts {
cache fs
fs_dir mtasts_cache/
}
local_policy {
min_tls_level encrypted
min_mx_level none
}
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: maddy
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
app: maddy
replicas: 1
template:
metadata:
labels:
app: maddy
spec:
# hostAliases:
# - ip: "10.43.66.220"
# hostnames:
# - "mx1.lekva.me"
volumes:
- name: config
configMap:
name: maddy
- name: certs
secret:
secretName: cert-mx1.lekva.me
- name: data
persistentVolumeClaim:
claimName: data
containers:
- name: maddy
image: giolekva/maddy-auth-smtp:v0.4.4
imagePullPolicy: Always
ports:
- name: imap
containerPort: 143
protocol: TCP
- name: imaps
containerPort: 993
protocol: TCP
- name: smtp
containerPort: 25
protocol: TCP
- name: smtps
containerPort: 465
protocol: TCP
- name: submission
containerPort: 587
protocol: TCP
command:
- maddy
- -config
- /etc/maddy/config/maddy.conf
volumeMounts:
- name: config
mountPath: /etc/maddy/config
- name: certs
mountPath: /etc/maddy/certs
- name: data
mountPath: /var/lib/maddy
---
apiVersion: v1
kind: Service
metadata:
name: maddy
namespace: {{ .Release.Namespace }}
spec:
type: LoadBalancer
externalTrafficPolicy: Local
selector:
app: maddy
ports:
- name: imap
port: 143
protocol: TCP
- name: imaps
port: 993
protocol: TCP
- name: smtp
port: 25
protocol: TCP
- name: smtps
port: 465
protocol: TCP
- name: submission
port: 587
protocol: TCP
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
namespace: {{ .Release.Namespace }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi