Blame - charts/mail-gateway/templates/maddy.yaml - pcloud

blob: c80fe90e8cef769e1827656bba562fe08951e6c3 [file] [log] [blame]

giolekva	75ee271	2021-11-26 13:57:12 +0400	[diff] [blame]	1	apiVersion: v1
				2	kind: ConfigMap
				3	metadata:
				4	name: maddy
				5	namespace: {{ .Release.Namespace }}
				6	data:
				7	maddy.conf: \|
giolekva	3423ac2	2021-11-28 20:47:34 +0400	[diff] [blame^]	8	$(hostname) = {{ .Values.mxHostname }}
				9	$(primary_domain) = {{ .Values.domains.primary.name }}
				10	$(local_domains) = {{ .Values.domains.primary.name }}{{ range .Values.domains.others }} {{ .name }}{{ end }}
giolekva	75ee271	2021-11-26 13:57:12 +0400	[diff] [blame]	11
				12	tls file /etc/maddy/certs/tls.crt /etc/maddy/certs/tls.key
				13
				14	auth.external authsmtp {
				15	helper /usr/bin/auth-smtp
				16	perdomain yes
				17	domains $(local_domains)
				18	}
				19
				20	hostname $(hostname)
				21
				22	msgpipeline local_routing {
giolekva	3423ac2	2021-11-28 20:47:34 +0400	[diff] [blame^]	23	destination {{ .Values.domains.primary.name }} {
				24	deliver_to &{{ .Values.domains.primary.name }}
giolekva	75ee271	2021-11-26 13:57:12 +0400	[diff] [blame]	25	}
giolekva	3423ac2	2021-11-28 20:47:34 +0400	[diff] [blame^]	26	{{ range .Values.domains.others }}
				27	destination {{ .name }} {
				28	deliver_to &{{ .name }}
giolekva	75ee271	2021-11-26 13:57:12 +0400	[diff] [blame]	29	}
giolekva	3423ac2	2021-11-28 20:47:34 +0400	[diff] [blame^]	30	{{ end }}
giolekva	75ee271	2021-11-26 13:57:12 +0400	[diff] [blame]	31	default_destination {
				32	reject 550 5.1.1 "User doesn't exist"
				33	}
				34	}
				35
				36	smtp tcp://0.0.0.0:25 {
giolekva	75ee271	2021-11-26 13:57:12 +0400	[diff] [blame]	37	insecure_auth no
				38
				39	defer_sender_reject yes
				40
				41	limits {
				42	# Up to 20 msgs/sec across max. 10 SMTP connections.
				43	all rate 20 1s
				44	all concurrency 10
				45	}
				46
				47	dmarc yes
				48	check {
				49	require_mx_record
				50	dkim
				51	spf
				52	}
				53
				54	source $(local_domains) {
				55	reject 501 5.1.8 "Use Submission for outgoing SMTP"
				56	}
				57	default_source {
				58	destination $(local_domains) {
				59	deliver_to &local_routing
				60	}
				61	default_destination {
				62	reject 550 5.1.1 "User doesn't exist"
				63	}
				64	}
				65	}
				66
				67	submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
giolekva	75ee271	2021-11-26 13:57:12 +0400	[diff] [blame]	68	auth &authsmtp
				69	insecure_auth yes
				70
				71	defer_sender_reject yes
				72
				73	source $(local_domains) {
				74	destination $(local_domains) {
				75	deliver_to &local_routing
				76	}
				77	default_destination {
				78	modify {
				79	dkim $(primary_domain) $(local_domains) default
				80	}
				81	deliver_to &remote_queue
				82	}
				83	}
				84	default_source {
				85	reject 501 5.1.8 "Non-local sender domain"
				86	}
				87	}
				88
giolekva	3423ac2	2021-11-28 20:47:34 +0400	[diff] [blame^]	89	target.smtp {{ .Values.domains.primary.name }} {
				90	hostname $(hostname)
giolekva	75ee271	2021-11-26 13:57:12 +0400	[diff] [blame]	91	attempt_starttls false
				92	require_tls no
				93	auth off
giolekva	3423ac2	2021-11-28 20:47:34 +0400	[diff] [blame^]	94	targets tcp://maddy.{{ .Values.domains.primary.namespace }}.svc.cluster.local:25
giolekva	75ee271	2021-11-26 13:57:12 +0400	[diff] [blame]	95	}
				96
giolekva	3423ac2	2021-11-28 20:47:34 +0400	[diff] [blame^]	97	{{ range .Values.domains.others }}
				98	target.smtp {{ .name }} {
				99	hostname mail.{{ .name }}
giolekva	75ee271	2021-11-26 13:57:12 +0400	[diff] [blame]	100	attempt_starttls false
				101	require_tls no
				102	auth off
giolekva	3423ac2	2021-11-28 20:47:34 +0400	[diff] [blame^]	103	targets tcp://maddy.{{ .namespace }}.svc.cluster.local:25
giolekva	75ee271	2021-11-26 13:57:12 +0400	[diff] [blame]	104	}
giolekva	3423ac2	2021-11-28 20:47:34 +0400	[diff] [blame^]	105	{{ end }}
giolekva	75ee271	2021-11-26 13:57:12 +0400	[diff] [blame]	106
				107	target.queue remote_queue {
				108	target &outbound_delivery
				109
				110	autogenerated_msg_domain $(primary_domain)
				111	bounce {
				112	destination postmaster $(local_domains) {
				113	deliver_to &local_routing
				114	}
				115	default_destination {
				116	reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
				117	}
				118	}
				119	}
				120
				121	target.remote outbound_delivery {
				122	limits {
				123	# Up to 20 msgs/sec across max. 10 SMTP connections
				124	# for each recipient domain.
				125	destination rate 20 1s
				126	destination concurrency 10
				127	}
				128	mx_auth {
				129	dane
				130	mtasts {
				131	cache fs
				132	fs_dir mtasts_cache/
				133	}
				134	local_policy {
				135	min_tls_level encrypted
				136	min_mx_level none
				137	}
				138	}
				139	}
				140	---
				141	apiVersion: apps/v1
				142	kind: Deployment
				143	metadata:
				144	name: maddy
				145	namespace: {{ .Release.Namespace }}
				146	spec:
				147	selector:
				148	matchLabels:
				149	app: maddy
				150	replicas: 1
				151	template:
				152	metadata:
				153	labels:
				154	app: maddy
				155	spec:
giolekva	75ee271	2021-11-26 13:57:12 +0400	[diff] [blame]	156	volumes:
				157	- name: config
				158	configMap:
				159	name: maddy
				160	- name: certs
				161	secret:
giolekva	3423ac2	2021-11-28 20:47:34 +0400	[diff] [blame^]	162	secretName: cert-{{ .Values.mxHostname }}
giolekva	75ee271	2021-11-26 13:57:12 +0400	[diff] [blame]	163	- name: data
				164	persistentVolumeClaim:
				165	claimName: data
				166	containers:
				167	- name: maddy
				168	image: giolekva/maddy-auth-smtp:v0.4.4
				169	imagePullPolicy: Always
				170	ports:
				171	- name: imap
				172	containerPort: 143
				173	protocol: TCP
				174	- name: imaps
				175	containerPort: 993
				176	protocol: TCP
				177	- name: smtp
				178	containerPort: 25
				179	protocol: TCP
				180	- name: smtps
				181	containerPort: 465
				182	protocol: TCP
				183	- name: submission
				184	containerPort: 587
				185	protocol: TCP
				186	command:
				187	- maddy
				188	- -config
				189	- /etc/maddy/config/maddy.conf
				190	volumeMounts:
				191	- name: config
				192	mountPath: /etc/maddy/config
				193	- name: certs
				194	mountPath: /etc/maddy/certs
				195	- name: data
				196	mountPath: /var/lib/maddy
				197	---
				198	apiVersion: v1
				199	kind: Service
				200	metadata:
				201	name: maddy
				202	namespace: {{ .Release.Namespace }}
				203	spec:
				204	type: LoadBalancer
				205	externalTrafficPolicy: Local
				206	selector:
				207	app: maddy
				208	ports:
				209	- name: imap
				210	port: 143
				211	protocol: TCP
				212	- name: imaps
				213	port: 993
				214	protocol: TCP
				215	- name: smtp
				216	port: 25
				217	protocol: TCP
				218	- name: smtps
				219	port: 465
				220	protocol: TCP
				221	- name: submission
				222	port: 587
				223	protocol: TCP
				224	---
				225	apiVersion: v1
				226	kind: PersistentVolumeClaim
				227	metadata:
				228	name: data
				229	namespace: {{ .Release.Namespace }}
				230	spec:
				231	accessModes:
				232	- ReadWriteOnce
				233	resources:
				234	requests:
giolekva	3423ac2	2021-11-28 20:47:34 +0400	[diff] [blame^]	235	storage: {{ .Values.persistence.size }}