fix(maddy): correct global hostname + run subcommand + dkim syntax
All checks were successful
Build & Deploy / build-and-deploy (push) Successful in 37s
All checks were successful
Build & Deploy / build-and-deploy (push) Successful in 37s
- add top-level `hostname $(hostname)` directive (required by maddy 0.8) - invoke as `maddy -config … run` (global flag before subcommand) - fix dkim syntax: `dkim DOMAIN SELECTOR` (no key-size positional arg — that was being parsed as a second selector, generating bogus keys) - use bounce block on local_queue target instead of (local_routing) macro
This commit is contained in:
ordinarthur
parent
ef2725aebf
commit
3f87debcf8
105
k8s/maddy.yml
105
k8s/maddy.yml
@ -24,75 +24,74 @@ metadata:
|
|||||||
namespace: anydrop
|
namespace: anydrop
|
||||||
data:
|
data:
|
||||||
maddy.conf: |
|
maddy.conf: |
|
||||||
|
# Global directives — both the top-level `hostname`/`tls` statements AND
|
||||||
|
# the macros of the same name are required. Macros are substituted into
|
||||||
|
# module blocks below; the bare directives configure the process.
|
||||||
$(hostname) = mail.anydrop.arthurbarre.fr
|
$(hostname) = mail.anydrop.arthurbarre.fr
|
||||||
$(primary_domain) = anydrop.arthurbarre.fr
|
$(primary_domain) = anydrop.arthurbarre.fr
|
||||||
$(local_domains) = $(primary_domain)
|
$(local_domains) = $(primary_domain)
|
||||||
|
|
||||||
|
hostname $(hostname)
|
||||||
tls off
|
tls off
|
||||||
|
|
||||||
# -------------------------------------------------------------------
|
# Outbound delivery pipeline ----------------------------------------------
|
||||||
# Outbound pipeline — sign with DKIM, send directly to destination MX.
|
target.queue local_queue {
|
||||||
# -------------------------------------------------------------------
|
target &remote_delivery
|
||||||
(local_routing) {
|
autogenerated_msg_domain $(primary_domain)
|
||||||
destination postmaster $(local_domains) {
|
bounce {
|
||||||
reject 550 5.1.1 "No local mailboxes — outbound only"
|
destination postmaster $(local_domains) {
|
||||||
}
|
reject 550 5.0.0 "Bounces ignored — outbound only"
|
||||||
default_destination {
|
}
|
||||||
modify {
|
default_destination {
|
||||||
dkim $(primary_domain) default (1024)
|
reject 550 5.0.0 "Bounces ignored — outbound only"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
deliver_to &remote_queue
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
target.queue remote_queue {
|
|
||||||
target &remote_delivery
|
|
||||||
max_parallelism 16
|
|
||||||
max_tries 20
|
|
||||||
}
|
}
|
||||||
|
|
||||||
target.remote remote_delivery {
|
target.remote remote_delivery {
|
||||||
limits {
|
limits {
|
||||||
destination rate 20 1s
|
destination rate 20 1s
|
||||||
destination concurrency 10
|
destination concurrency 10
|
||||||
}
|
|
||||||
mx_auth {
|
|
||||||
dane
|
|
||||||
mtasts {
|
|
||||||
cache fs
|
|
||||||
fs_dir mtasts_cache/
|
|
||||||
}
|
}
|
||||||
local_policy {
|
mx_auth {
|
||||||
min_tls_level none
|
dane
|
||||||
min_mx_level none
|
mtasts {
|
||||||
|
cache fs
|
||||||
|
fs_dir mtasts_cache/
|
||||||
|
}
|
||||||
|
local_policy {
|
||||||
|
min_tls_level none
|
||||||
|
min_mx_level none
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# -------------------------------------------------------------------
|
# SMTP submission listener — internal ClusterIP service only.
|
||||||
# SMTP submission endpoint (internal only — cluster-ip service).
|
# No auth enforced: the service is not reachable outside the cluster
|
||||||
# No TLS required in-cluster; the server process talks to maddy over
|
# network. If you ever expose this externally, add an `auth` block.
|
||||||
# the flat pod network.
|
|
||||||
# -------------------------------------------------------------------
|
|
||||||
smtp tcp://0.0.0.0:587 {
|
smtp tcp://0.0.0.0:587 {
|
||||||
limits {
|
hostname $(hostname)
|
||||||
all rate 100 1s
|
tls off
|
||||||
all concurrency 50
|
|
||||||
}
|
limits {
|
||||||
source $(local_domains) {
|
all rate 100 1s
|
||||||
reject 501 5.1.8 "Non-local sender refused"
|
all concurrency 50
|
||||||
}
|
|
||||||
default_source {
|
|
||||||
destination postmaster $(local_domains) {
|
|
||||||
reject 550 5.1.1 "Cannot send to local — outbound only"
|
|
||||||
}
|
}
|
||||||
default_destination {
|
|
||||||
modify {
|
source $(local_domains) {
|
||||||
dkim $(primary_domain) default (1024)
|
destination postmaster $(local_domains) {
|
||||||
}
|
reject 550 5.1.1 "Local delivery disabled"
|
||||||
deliver_to &remote_queue
|
}
|
||||||
|
default_destination {
|
||||||
|
modify {
|
||||||
|
dkim $(primary_domain) default
|
||||||
|
}
|
||||||
|
deliver_to &local_queue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
default_source {
|
||||||
|
reject 501 5.1.8 "Non-local sender refused"
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
---
|
---
|
||||||
@ -128,7 +127,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: maddy
|
- name: maddy
|
||||||
image: foxcpp/maddy:0.8
|
image: foxcpp/maddy:0.8
|
||||||
args: ["-config", "/etc/maddy/maddy.conf"]
|
args: ["-config", "/etc/maddy/maddy.conf", "run"]
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 587
|
- containerPort: 587
|
||||||
name: submission
|
name: submission
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user