| giolekva | 75ee271 | 2021-11-26 13:57:12 +0400 | [diff] [blame^] | 1 | apiVersion: v1 |
| 2 | kind: ConfigMap |
| 3 | metadata: |
| 4 | name: maddy |
| 5 | namespace: {{ .Release.Namespace }} |
| 6 | data: |
| 7 | maddy.conf: | |
| 8 | $(hostname) = mx1.lekva.me |
| 9 | $(primary_domain) = lekva.me |
| 10 | $(local_domains) = lekva.me shve.li |
| 11 | |
| 12 | tls file /etc/maddy/certs/tls.crt /etc/maddy/certs/tls.key |
| 13 | |
| 14 | auth.external authsmtp { |
| 15 | helper /usr/bin/auth-smtp |
| 16 | perdomain yes |
| 17 | domains $(local_domains) |
| 18 | } |
| 19 | |
| 20 | hostname $(hostname) |
| 21 | |
| 22 | msgpipeline local_routing { |
| 23 | destination lekva.me { |
| 24 | deliver_to &lekvame |
| 25 | } |
| 26 | destination shve.li { |
| 27 | deliver_to &shveli |
| 28 | } |
| 29 | default_destination { |
| 30 | reject 550 5.1.1 "User doesn't exist" |
| 31 | } |
| 32 | } |
| 33 | |
| 34 | smtp tcp://0.0.0.0:25 { |
| 35 | io_debug true |
| 36 | debug true |
| 37 | |
| 38 | insecure_auth no |
| 39 | |
| 40 | defer_sender_reject yes |
| 41 | |
| 42 | limits { |
| 43 | # Up to 20 msgs/sec across max. 10 SMTP connections. |
| 44 | all rate 20 1s |
| 45 | all concurrency 10 |
| 46 | } |
| 47 | |
| 48 | dmarc yes |
| 49 | check { |
| 50 | require_mx_record |
| 51 | dkim |
| 52 | spf |
| 53 | } |
| 54 | |
| 55 | source $(local_domains) { |
| 56 | reject 501 5.1.8 "Use Submission for outgoing SMTP" |
| 57 | } |
| 58 | default_source { |
| 59 | destination $(local_domains) { |
| 60 | deliver_to &local_routing |
| 61 | } |
| 62 | default_destination { |
| 63 | reject 550 5.1.1 "User doesn't exist" |
| 64 | } |
| 65 | } |
| 66 | } |
| 67 | |
| 68 | submission tls://0.0.0.0:465 tcp://0.0.0.0:587 { |
| 69 | io_debug true |
| 70 | debug true |
| 71 | |
| 72 | auth &authsmtp |
| 73 | insecure_auth yes |
| 74 | |
| 75 | defer_sender_reject yes |
| 76 | |
| 77 | source $(local_domains) { |
| 78 | destination $(local_domains) { |
| 79 | deliver_to &local_routing |
| 80 | } |
| 81 | default_destination { |
| 82 | modify { |
| 83 | dkim $(primary_domain) $(local_domains) default |
| 84 | } |
| 85 | deliver_to &remote_queue |
| 86 | } |
| 87 | } |
| 88 | default_source { |
| 89 | reject 501 5.1.8 "Non-local sender domain" |
| 90 | } |
| 91 | } |
| 92 | |
| 93 | target.smtp lekvame { |
| 94 | debug true |
| 95 | hostname mx1.lekva.me |
| 96 | attempt_starttls false |
| 97 | require_tls no |
| 98 | auth off |
| 99 | targets tcp://maddy.app-maddy.svc.cluster.local:25 |
| 100 | } |
| 101 | |
| 102 | target.smtp shveli { |
| 103 | debug true |
| 104 | hostname mail.shve.li |
| 105 | attempt_starttls false |
| 106 | require_tls no |
| 107 | auth off |
| 108 | targets tcp://maddy.shveli-app-maddy.svc.cluster.local:25 |
| 109 | } |
| 110 | |
| 111 | target.queue remote_queue { |
| 112 | target &outbound_delivery |
| 113 | |
| 114 | autogenerated_msg_domain $(primary_domain) |
| 115 | bounce { |
| 116 | destination postmaster $(local_domains) { |
| 117 | deliver_to &local_routing |
| 118 | } |
| 119 | default_destination { |
| 120 | reject 550 5.0.0 "Refusing to send DSNs to non-local addresses" |
| 121 | } |
| 122 | } |
| 123 | } |
| 124 | |
| 125 | target.remote outbound_delivery { |
| 126 | limits { |
| 127 | # Up to 20 msgs/sec across max. 10 SMTP connections |
| 128 | # for each recipient domain. |
| 129 | destination rate 20 1s |
| 130 | destination concurrency 10 |
| 131 | } |
| 132 | mx_auth { |
| 133 | dane |
| 134 | mtasts { |
| 135 | cache fs |
| 136 | fs_dir mtasts_cache/ |
| 137 | } |
| 138 | local_policy { |
| 139 | min_tls_level encrypted |
| 140 | min_mx_level none |
| 141 | } |
| 142 | } |
| 143 | } |
| 144 | --- |
| 145 | apiVersion: apps/v1 |
| 146 | kind: Deployment |
| 147 | metadata: |
| 148 | name: maddy |
| 149 | namespace: {{ .Release.Namespace }} |
| 150 | spec: |
| 151 | selector: |
| 152 | matchLabels: |
| 153 | app: maddy |
| 154 | replicas: 1 |
| 155 | template: |
| 156 | metadata: |
| 157 | labels: |
| 158 | app: maddy |
| 159 | spec: |
| 160 | # hostAliases: |
| 161 | # - ip: "10.43.66.220" |
| 162 | # hostnames: |
| 163 | # - "mx1.lekva.me" |
| 164 | volumes: |
| 165 | - name: config |
| 166 | configMap: |
| 167 | name: maddy |
| 168 | - name: certs |
| 169 | secret: |
| 170 | secretName: cert-mx1.lekva.me |
| 171 | - name: data |
| 172 | persistentVolumeClaim: |
| 173 | claimName: data |
| 174 | containers: |
| 175 | - name: maddy |
| 176 | image: giolekva/maddy-auth-smtp:v0.4.4 |
| 177 | imagePullPolicy: Always |
| 178 | ports: |
| 179 | - name: imap |
| 180 | containerPort: 143 |
| 181 | protocol: TCP |
| 182 | - name: imaps |
| 183 | containerPort: 993 |
| 184 | protocol: TCP |
| 185 | - name: smtp |
| 186 | containerPort: 25 |
| 187 | protocol: TCP |
| 188 | - name: smtps |
| 189 | containerPort: 465 |
| 190 | protocol: TCP |
| 191 | - name: submission |
| 192 | containerPort: 587 |
| 193 | protocol: TCP |
| 194 | command: |
| 195 | - maddy |
| 196 | - -config |
| 197 | - /etc/maddy/config/maddy.conf |
| 198 | volumeMounts: |
| 199 | - name: config |
| 200 | mountPath: /etc/maddy/config |
| 201 | - name: certs |
| 202 | mountPath: /etc/maddy/certs |
| 203 | - name: data |
| 204 | mountPath: /var/lib/maddy |
| 205 | --- |
| 206 | apiVersion: v1 |
| 207 | kind: Service |
| 208 | metadata: |
| 209 | name: maddy |
| 210 | namespace: {{ .Release.Namespace }} |
| 211 | spec: |
| 212 | type: LoadBalancer |
| 213 | externalTrafficPolicy: Local |
| 214 | selector: |
| 215 | app: maddy |
| 216 | ports: |
| 217 | - name: imap |
| 218 | port: 143 |
| 219 | protocol: TCP |
| 220 | - name: imaps |
| 221 | port: 993 |
| 222 | protocol: TCP |
| 223 | - name: smtp |
| 224 | port: 25 |
| 225 | protocol: TCP |
| 226 | - name: smtps |
| 227 | port: 465 |
| 228 | protocol: TCP |
| 229 | - name: submission |
| 230 | port: 587 |
| 231 | protocol: TCP |
| 232 | --- |
| 233 | apiVersion: v1 |
| 234 | kind: PersistentVolumeClaim |
| 235 | metadata: |
| 236 | name: data |
| 237 | namespace: {{ .Release.Namespace }} |
| 238 | spec: |
| 239 | accessModes: |
| 240 | - ReadWriteOnce |
| 241 | resources: |
| 242 | requests: |
| 243 | storage: 100Gi |