diff --git a/apps/base/mailgateway/kustomization.yaml b/apps/base/mailgateway/kustomization.yaml index 0c088c7..d81a249 100644 --- a/apps/base/mailgateway/kustomization.yaml +++ b/apps/base/mailgateway/kustomization.yaml @@ -20,6 +20,10 @@ configMapGenerator: files: - main.cf=resources/postfix/main.cf - master.cf=resources/postfix/master.cf + options: + disableNameSuffixHash: true + - name: postfix-maps + files: - transport=resources/postfix/transport options: disableNameSuffixHash: true diff --git a/apps/base/mailgateway/postfix-deployment.yaml b/apps/base/mailgateway/postfix-deployment.yaml index 73fd562..26b15ed 100644 --- a/apps/base/mailgateway/postfix-deployment.yaml +++ b/apps/base/mailgateway/postfix-deployment.yaml @@ -15,6 +15,24 @@ spec: labels: app: postfix spec: + initContainers: + - name: postmap + image: tozd/postfix:alpine-322 + command: ["/bin/sh", "-c"] + args: + - | + for f in /etc/postfix/maps/*; do + base=$(basename "$f") + cp "$f" /tmp/"$base" + postmap hash:/tmp/"$base" + cp /tmp/"${base}.db" /etc/postfix/db/ + done + volumeMounts: + - name: postfix-maps + mountPath: /etc/postfix/maps + readOnly: true + - name: postfix-db + mountPath: /etc/postfix/db containers: - name: postfix image: tozd/postfix:alpine-322 @@ -57,27 +75,29 @@ spec: cpu: "1" memory: 512Mi volumeMounts: - # Mount main.cf and master.cf from ConfigMap using subPath - name: postfix-config mountPath: /etc/postfix/main.cf subPath: main.cf - name: postfix-config mountPath: /etc/postfix/master.cf subPath: master.cf - - name: postfix-config - mountPath: /etc/postfix/transport - subPath: transport - # TLS cert from cert-manager Certificate resource + - name: postfix-db + mountPath: /etc/postfix/transport.db + subPath: transport.db - name: postfix-tls mountPath: /etc/postfix/tls readOnly: true - # Persistent mail queue - name: spool mountPath: /var/spool/postfix volumes: - name: postfix-config configMap: name: postfix-config + - name: postfix-maps + configMap: + name: postfix-maps + - name: postfix-db + emptyDir: {} - name: postfix-tls secret: secretName: postfix-smtp-tls diff --git a/apps/base/mailgateway/resources/postfix/main.cf b/apps/base/mailgateway/resources/postfix/main.cf index b5466f7..a332760 100644 --- a/apps/base/mailgateway/resources/postfix/main.cf +++ b/apps/base/mailgateway/resources/postfix/main.cf @@ -13,9 +13,8 @@ alias_maps = alias_database = # Relay inbound mail for these domains to Stalwart -# texthash: reads plain text without requiring postmap (Alpine has no hash/btree) relay_domains = main.unkin.net unkin.net -transport_maps = texthash:/etc/postfix/transport +transport_maps = hash:/etc/postfix/transport # rspamd milter (same namespace — short DNS name resolves) smtpd_milters = inet:rspamd:11332