5b3058e75e
- Splits hash-type map files into a separate postfix-maps ConfigMap - Adds postmap init container that builds .db files from all maps into a postfix-db emptyDir, which is then subPath-mounted per map in the main container - Updates transport_maps in main.cf to hash:/etc/postfix/transport
47 lines
1.4 KiB
CFEngine3
47 lines
1.4 KiB
CFEngine3
# Basic identity — kept in sync with MAILNAME/MY_NETWORKS/MY_DESTINATION env vars
|
|
# so the tozd startup script's postconf calls are no-ops
|
|
myhostname = mail.main.unkin.net
|
|
myorigin = main.unkin.net
|
|
mydestination = localhost.localdomain, localhost
|
|
mynetworks = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
|
|
inet_protocols = ipv4
|
|
inet_interfaces = all
|
|
|
|
# No local delivery — we're a relay-only gateway
|
|
local_transport = error:no local delivery
|
|
alias_maps =
|
|
alias_database =
|
|
|
|
# Relay inbound mail for these domains to Stalwart
|
|
relay_domains = main.unkin.net unkin.net
|
|
transport_maps = hash:/etc/postfix/transport
|
|
|
|
# rspamd milter (same namespace — short DNS name resolves)
|
|
smtpd_milters = inet:rspamd:11332
|
|
non_smtpd_milters = inet:rspamd:11332
|
|
milter_default_action = accept
|
|
milter_protocol = 6
|
|
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
|
|
|
|
# Inbound TLS (cert from cert-manager Certificate resource)
|
|
smtpd_use_tls = yes
|
|
smtpd_tls_security_level = may
|
|
smtpd_tls_cert_file = /etc/postfix/tls/tls.crt
|
|
smtpd_tls_key_file = /etc/postfix/tls/tls.key
|
|
smtpd_tls_loglevel = 1
|
|
|
|
# Outbound TLS (opportunistic)
|
|
smtp_tls_security_level = may
|
|
smtp_tls_loglevel = 1
|
|
|
|
# Message size limit (50 MiB)
|
|
message_size_limit = 52428800
|
|
mailbox_size_limit = 0
|
|
|
|
# Queue retention
|
|
maximal_queue_lifetime = 5d
|
|
bounce_queue_lifetime = 1d
|
|
|
|
# Log to stdout for k8s log collection
|
|
maillog_file = /dev/stdout
|