--- # Internal service for rspamd - used by postfix pods in the same namespace apiVersion: v1 kind: Service metadata: name: rspamd namespace: mailgateway spec: selector: app: rspamd ports: - name: milter port: 11332 targetPort: 11332 protocol: TCP - name: worker port: 11333 targetPort: 11333 protocol: TCP - name: controller port: 11334 targetPort: 11334 protocol: TCP --- # Internal ClusterIP for postfix - used by stalwart for outbound relay apiVersion: v1 kind: Service metadata: name: postfix namespace: mailgateway spec: selector: app: postfix ports: - name: smtp port: 25 targetPort: 25 protocol: TCP - name: submission port: 587 targetPort: 587 protocol: TCP --- # External LoadBalancer for inbound MX (internet → postfix) apiVersion: v1 kind: Service metadata: name: postfix-external namespace: mailgateway annotations: external-dns.alpha.kubernetes.io/hostname: smtp-in.main.unkin.net purelb.io/service-group: dmz spec: type: LoadBalancer externalTrafficPolicy: Local selector: app: postfix ports: - name: smtp port: 25 targetPort: 25 protocol: TCP