| giolekva | 2f73280 | 2021-07-31 17:51:58 +0400 | [diff] [blame^] | 1 | apiVersion: v1 |
| 2 | kind: ConfigMap |
| 3 | metadata: |
| 4 | name: config |
| 5 | namespace: app-maddy |
| 6 | data: |
| 7 | maddy.conf: |
| 8 | ---- |
| 9 | ## Maddy Mail Server - default configuration file (2021-03-07) |
| 10 | # Suitable for small-scale deployments. Uses its own format for local users DB, |
| 11 | # should be managed via maddyctl utility. |
| 12 | # |
| 13 | # See tutorials at https://maddy.email for guidance on typical |
| 14 | # configuration changes. |
| 15 | # |
| 16 | # See manual pages (also available at https://maddy.email) for reference |
| 17 | # documentation. |
| 18 | |
| 19 | # ---------------------------------------------------------------------------- |
| 20 | # Base variables |
| 21 | |
| 22 | $(hostname) = mx1.lekva.me |
| 23 | $(primary_domain) = lekva.me |
| 24 | $(local_domains) = $(primary_domain) |
| 25 | |
| 26 | tls file /etc/maddy/certs/tls.crt /etc/maddy/certs/tls.key |
| 27 | |
| 28 | # ---------------------------------------------------------------------------- |
| 29 | # Local storage & authentication |
| 30 | |
| 31 | # pass_table provides local hashed passwords storage for authentication of |
| 32 | # users. It can be configured to use any "table" module, in default |
| 33 | # configuration a table in SQLite DB is used. |
| 34 | # Table can be replaced to use e.g. a file for passwords. Or pass_table module |
| 35 | # can be replaced altogether to use some external source of credentials (e.g. |
| 36 | # PAM, /etc/shadow file). |
| 37 | # |
| 38 | # If table module supports it (sql_table does) - credentials can be managed |
| 39 | # using 'maddyctl creds' command. |
| 40 | |
| 41 | auth.pass_table local_authdb { |
| 42 | table sql_table { |
| 43 | driver sqlite3 |
| 44 | dsn credentials.db |
| 45 | table_name passwords |
| 46 | } |
| 47 | } |
| 48 | |
| 49 | # imapsql module stores all indexes and metadata necessary for IMAP using a |
| 50 | # relational database. It is used by IMAP endpoint for mailbox access and |
| 51 | # also by SMTP & Submission endpoints for delivery of local messages. |
| 52 | # |
| 53 | # IMAP accounts, mailboxes and all message metadata can be inspected using |
| 54 | # imap-* subcommands of maddyctl utility. |
| 55 | |
| 56 | storage.imapsql local_mailboxes { |
| 57 | driver sqlite3 |
| 58 | dsn imapsql.db |
| 59 | } |
| 60 | |
| 61 | # ---------------------------------------------------------------------------- |
| 62 | # SMTP endpoints + message routing |
| 63 | |
| 64 | hostname $(hostname) |
| 65 | |
| 66 | msgpipeline local_routing { |
| 67 | # Insert handling for special-purpose local domains here. |
| 68 | # e.g. |
| 69 | # destination lists.example.org { |
| 70 | # deliver_to lmtp tcp://127.0.0.1:8024 |
| 71 | # } |
| 72 | |
| 73 | destination postmaster $(local_domains) { |
| 74 | modify { |
| 75 | replace_rcpt regexp "(.+)\+(.+)@(.+)" "$1@$3" |
| 76 | replace_rcpt file /etc/maddy/aliases |
| 77 | } |
| 78 | |
| 79 | deliver_to &local_mailboxes |
| 80 | } |
| 81 | |
| 82 | default_destination { |
| 83 | reject 550 5.1.1 "User doesn't exist" |
| 84 | } |
| 85 | } |
| 86 | |
| 87 | smtp tcp://0.0.0.0:25 { |
| 88 | limits { |
| 89 | # Up to 20 msgs/sec across max. 10 SMTP connections. |
| 90 | all rate 20 1s |
| 91 | all concurrency 10 |
| 92 | } |
| 93 | |
| 94 | dmarc yes |
| 95 | check { |
| 96 | require_mx_record |
| 97 | dkim |
| 98 | spf |
| 99 | } |
| 100 | |
| 101 | source $(local_domains) { |
| 102 | reject 501 5.1.8 "Use Submission for outgoing SMTP" |
| 103 | } |
| 104 | default_source { |
| 105 | destination postmaster $(local_domains) { |
| 106 | deliver_to &local_routing |
| 107 | } |
| 108 | default_destination { |
| 109 | reject 550 5.1.1 "User doesn't exist" |
| 110 | } |
| 111 | } |
| 112 | } |
| 113 | |
| 114 | submission tls://0.0.0.0:465 tcp://0.0.0.0:587 { |
| 115 | limits { |
| 116 | # Up to 50 msgs/sec across any amount of SMTP connections. |
| 117 | all rate 50 1s |
| 118 | } |
| 119 | |
| 120 | auth &local_authdb |
| 121 | |
| 122 | source $(local_domains) { |
| 123 | destination postmaster $(local_domains) { |
| 124 | deliver_to &local_routing |
| 125 | } |
| 126 | default_destination { |
| 127 | modify { |
| 128 | dkim $(primary_domain) $(local_domains) default |
| 129 | } |
| 130 | deliver_to &remote_queue |
| 131 | } |
| 132 | } |
| 133 | default_source { |
| 134 | reject 501 5.1.8 "Non-local sender domain" |
| 135 | } |
| 136 | } |
| 137 | |
| 138 | target.remote outbound_delivery { |
| 139 | limits { |
| 140 | # Up to 20 msgs/sec across max. 10 SMTP connections |
| 141 | # for each recipient domain. |
| 142 | destination rate 20 1s |
| 143 | destination concurrency 10 |
| 144 | } |
| 145 | mx_auth { |
| 146 | dane |
| 147 | mtasts { |
| 148 | cache fs |
| 149 | fs_dir mtasts_cache/ |
| 150 | } |
| 151 | local_policy { |
| 152 | min_tls_level encrypted |
| 153 | min_mx_level none |
| 154 | } |
| 155 | } |
| 156 | } |
| 157 | |
| 158 | target.queue remote_queue { |
| 159 | target &outbound_delivery |
| 160 | |
| 161 | autogenerated_msg_domain $(primary_domain) |
| 162 | bounce { |
| 163 | destination postmaster $(local_domains) { |
| 164 | deliver_to &local_routing |
| 165 | } |
| 166 | default_destination { |
| 167 | reject 550 5.0.0 "Refusing to send DSNs to non-local addresses" |
| 168 | } |
| 169 | } |
| 170 | } |
| 171 | |
| 172 | # ---------------------------------------------------------------------------- |
| 173 | # IMAP endpoints |
| 174 | |
| 175 | imap tls://0.0.0.0:993 tcp://0.0.0.0:143 { |
| 176 | auth &local_authdb |
| 177 | storage &local_mailboxes |
| 178 | } |