Installer: mail-gateway configure downstream smtp server addresses
diff --git a/charts/mail-gateway/templates/config.yaml b/charts/mail-gateway/templates/config.yaml
new file mode 100644
index 0000000..457f524
--- /dev/null
+++ b/charts/mail-gateway/templates/config.yaml
@@ -0,0 +1,144 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: maddy
+ namespace: {{ .Release.Namespace }}
+data:
+ smtp-servers.conf: |
+ maddy.{{ .Values.domains.primary.namespace}}.svc.cluster.local:587
+ {{ range .Values.domains.others}}
+ maddy.{{ .namespace }}.svc.cluster.local:587
+ {{ end }}
+ maddy.conf: |
+ $(hostname) = {{ .Values.domains.primary.mx }}
+ $(primary_domain) = {{ .Values.domains.primary.name }}
+ $(local_domains) = {{ .Values.domains.primary.name }}{{ range .Values.domains.others }} {{ .name }}{{ end }}
+
+ tls file /etc/maddy/certs/tls.crt /etc/maddy/certs/tls.key
+
+ auth.external authsmtp {
+ helper /usr/bin/auth-smtp
+ perdomain yes
+ domains $(local_domains)
+ }
+
+ hostname $(hostname)
+
+ msgpipeline local_routing {
+ destination {{ .Values.domains.primary.name }} {
+ deliver_to &{{ .Values.domains.primary.name }}
+ }
+ {{ range .Values.domains.others }}
+ destination {{ .name }} {
+ deliver_to &{{ .name }}
+ }
+ {{ end }}
+ default_destination {
+ reject 550 5.1.1 "User doesn't exist"
+ }
+ }
+
+ smtp tcp://0.0.0.0:25 {
+ insecure_auth no
+
+ defer_sender_reject yes
+
+ limits {
+ # Up to 20 msgs/sec across max. 10 SMTP connections.
+ all rate 20 1s
+ all concurrency 10
+ }
+
+ dmarc yes
+ check {
+ require_mx_record
+ dkim
+ spf
+ }
+
+ source $(local_domains) {
+ reject 501 5.1.8 "Use Submission for outgoing SMTP"
+ }
+ default_source {
+ destination $(local_domains) {
+ deliver_to &local_routing
+ }
+ default_destination {
+ reject 550 5.1.1 "User doesn't exist"
+ }
+ }
+ }
+
+ submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
+ auth &authsmtp
+ insecure_auth yes
+
+ defer_sender_reject yes
+
+ source $(local_domains) {
+ destination $(local_domains) {
+ deliver_to &local_routing
+ }
+ default_destination {
+ modify {
+ dkim $(primary_domain) $(local_domains) default
+ }
+ deliver_to &remote_queue
+ }
+ }
+ default_source {
+ reject 501 5.1.8 "Non-local sender domain"
+ }
+ }
+
+ target.smtp {{ .Values.domains.primary.name }} {
+ hostname $(hostname)
+ attempt_starttls false
+ require_tls no
+ auth off
+ targets tcp://maddy.{{ .Values.domains.primary.namespace }}.svc.cluster.local:25
+ }
+
+ {{ range .Values.domains.others }}
+ target.smtp {{ .name }} {
+ hostname mail.{{ .name }}
+ attempt_starttls false
+ require_tls no
+ auth off
+ targets tcp://maddy.{{ .namespace }}.svc.cluster.local:25
+ }
+ {{ end }}
+
+ target.queue remote_queue {
+ target &outbound_delivery
+
+ autogenerated_msg_domain $(primary_domain)
+ bounce {
+ destination postmaster $(local_domains) {
+ deliver_to &local_routing
+ }
+ default_destination {
+ reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
+ }
+ }
+ }
+
+ target.remote outbound_delivery {
+ limits {
+ # Up to 20 msgs/sec across max. 10 SMTP connections
+ # for each recipient domain.
+ destination rate 20 1s
+ destination concurrency 10
+ }
+ mx_auth {
+ dane
+ mtasts {
+ cache fs
+ fs_dir mtasts_cache/
+ }
+ local_policy {
+ min_tls_level encrypted
+ min_mx_level none
+ }
+ }
+ }