Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / refs/heads/main / . / charts / mail-gateway / templates / config.yaml
blob: 457f52477826ff79faf4a4c95d86f469c1d6b08d [file] [log] [blame]
giolekvaee3a57b2021-12-01 16:18:23 +0400[diff] [blame]1apiVersion: v1
2kind: ConfigMap
3metadata:
4 name: maddy
5 namespace: {{ .Release.Namespace }}
6data:
7 smtp-servers.conf: |
8 maddy.{{ .Values.domains.primary.namespace}}.svc.cluster.local:587
9 {{ range .Values.domains.others}}
10 maddy.{{ .namespace }}.svc.cluster.local:587
11 {{ end }}
12 maddy.conf: |
13 $(hostname) = {{ .Values.domains.primary.mx }}
14 $(primary_domain) = {{ .Values.domains.primary.name }}
15 $(local_domains) = {{ .Values.domains.primary.name }}{{ range .Values.domains.others }} {{ .name }}{{ end }}
16
17 tls file /etc/maddy/certs/tls.crt /etc/maddy/certs/tls.key
18
19 auth.external authsmtp {
20 helper /usr/bin/auth-smtp
21 perdomain yes
22 domains $(local_domains)
23 }
24
25 hostname $(hostname)
26
27 msgpipeline local_routing {
28 destination {{ .Values.domains.primary.name }} {
29 deliver_to &{{ .Values.domains.primary.name }}
30 }
31 {{ range .Values.domains.others }}
32 destination {{ .name }} {
33 deliver_to &{{ .name }}
34 }
35 {{ end }}
36 default_destination {
37 reject 550 5.1.1 "User doesn't exist"
38 }
39 }
40
41 smtp tcp://0.0.0.0:25 {
42 insecure_auth no
43
44 defer_sender_reject yes
45
46 limits {
47 # Up to 20 msgs/sec across max. 10 SMTP connections.
48 all rate 20 1s
49 all concurrency 10
50 }
51
52 dmarc yes
53 check {
54 require_mx_record
55 dkim
56 spf
57 }
58
59 source $(local_domains) {
60 reject 501 5.1.8 "Use Submission for outgoing SMTP"
61 }
62 default_source {
63 destination $(local_domains) {
64 deliver_to &local_routing
65 }
66 default_destination {
67 reject 550 5.1.1 "User doesn't exist"
68 }
69 }
70 }
71
72 submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
73 auth &authsmtp
74 insecure_auth yes
75
76 defer_sender_reject yes
77
78 source $(local_domains) {
79 destination $(local_domains) {
80 deliver_to &local_routing
81 }
82 default_destination {
83 modify {
84 dkim $(primary_domain) $(local_domains) default
85 }
86 deliver_to &remote_queue
87 }
88 }
89 default_source {
90 reject 501 5.1.8 "Non-local sender domain"
91 }
92 }
93
94 target.smtp {{ .Values.domains.primary.name }} {
95 hostname $(hostname)
96 attempt_starttls false
97 require_tls no
98 auth off
99 targets tcp://maddy.{{ .Values.domains.primary.namespace }}.svc.cluster.local:25
100 }
101
102 {{ range .Values.domains.others }}
103 target.smtp {{ .name }} {
104 hostname mail.{{ .name }}
105 attempt_starttls false
106 require_tls no
107 auth off
108 targets tcp://maddy.{{ .namespace }}.svc.cluster.local:25
109 }
110 {{ end }}
111
112 target.queue remote_queue {
113 target &outbound_delivery
114
115 autogenerated_msg_domain $(primary_domain)
116 bounce {
117 destination postmaster $(local_domains) {
118 deliver_to &local_routing
119 }
120 default_destination {
121 reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
122 }
123 }
124 }
125
126 target.remote outbound_delivery {
127 limits {
128 # Up to 20 msgs/sec across max. 10 SMTP connections
129 # for each recipient domain.
130 destination rate 20 1s
131 destination concurrency 10
132 }
133 mx_auth {
134 dane
135 mtasts {
136 cache fs
137 fs_dir mtasts_cache/
138 }
139 local_policy {
140 min_tls_level encrypted
141 min_mx_level none
142 }
143 }
144 }