feat: add SMTP submission listener and enhance stalwart configuration
Build / precommit (pull_request) Successful in 5m1s
Build / precommit (pull_request) Successful in 5m1s
- add SMTP submission listener on port 587 with TLS requirement - configure HAProxy frontend/backend for submission with send-proxy-v2 support - add send-proxy-v2 support to all listeners - add dynamic HAProxy node discovery for proxy trusted networks - use service hostname instead of node FQDN for autoconfig/autodiscover - remove redundant IMAP/IMAPS/SMTP alt-names from TLS certificates - update VRRP CNAME configuration to use mail.main.unkin.net
This commit is contained in:
@@ -13,8 +13,7 @@ profiles::haproxy::dns::vrrp_cnames:
|
||||
- dashboard.ceph.unkin.net
|
||||
- mail-webadmin.main.unkin.net
|
||||
- mail-in.main.unkin.net
|
||||
- imap.main.unkin.net
|
||||
- imaps.main.unkin.net
|
||||
- mail.main.unkin.net
|
||||
- autoconfig.main.unkin.net
|
||||
- autodiscover.main.unkin.net
|
||||
|
||||
@@ -333,7 +332,7 @@ profiles::haproxy::backends:
|
||||
stick-table: 'type ip size 200k expire 30m'
|
||||
stick: 'on src'
|
||||
tcp-check:
|
||||
- connect port 143
|
||||
- connect port 143 send-proxy
|
||||
- expect string "* OK"
|
||||
- send "A001 STARTTLS\r\n"
|
||||
- expect rstring "A001 (OK|2.0.0)"
|
||||
@@ -349,7 +348,7 @@ profiles::haproxy::backends:
|
||||
stick-table: 'type ip size 200k expire 30m'
|
||||
stick: 'on src'
|
||||
tcp-check:
|
||||
- connect ssl
|
||||
- connect ssl send-proxy
|
||||
- expect string "* OK"
|
||||
be_stalwart_smtp:
|
||||
description: Backend for Stalwart SMTP
|
||||
@@ -363,7 +362,21 @@ profiles::haproxy::backends:
|
||||
stick-table: 'type ip size 200k expire 30m'
|
||||
stick: 'on src'
|
||||
tcp-check:
|
||||
- connect port 25
|
||||
- connect port 25 send-proxy
|
||||
- expect string "220 "
|
||||
be_stalwart_submission:
|
||||
description: Backend for Stalwart SMTP Submission
|
||||
collect_exported: false
|
||||
options:
|
||||
mode: tcp
|
||||
balance: roundrobin
|
||||
option:
|
||||
- tcp-check
|
||||
- prefer-last-server
|
||||
stick-table: 'type ip size 200k expire 30m'
|
||||
stick: 'on src'
|
||||
tcp-check:
|
||||
- connect port 587 send-proxy
|
||||
- expect string "220 "
|
||||
|
||||
profiles::haproxy::certlist::enabled: true
|
||||
|
||||
@@ -196,6 +196,17 @@ profiles::haproxy::frontends:
|
||||
tcp-request:
|
||||
- inspect-delay 5s
|
||||
- content accept if { req_len 0 }
|
||||
fe_submission:
|
||||
description: 'Frontend for Stalwart SMTP Submission'
|
||||
bind:
|
||||
0.0.0.0:587: []
|
||||
mode: 'tcp'
|
||||
options:
|
||||
log: global
|
||||
default_backend: be_stalwart_submission
|
||||
tcp-request:
|
||||
- inspect-delay 5s
|
||||
- content accept if { req_len 0 }
|
||||
|
||||
profiles::haproxy::backends:
|
||||
be_letsencrypt:
|
||||
|
||||
@@ -8,9 +8,6 @@ hiera_include:
|
||||
profiles::pki::vault::alt_names:
|
||||
- mail.main.unkin.net
|
||||
- mail-webadmin.main.unkin.net
|
||||
- imap.main.unkin.net
|
||||
- imaps.main.unkin.net
|
||||
- smtp.main.unkin.net
|
||||
- main-in.main.unkin.net
|
||||
- autoconfig.main.unkin.net
|
||||
- autodiscovery.main.unkin.net
|
||||
@@ -41,6 +38,7 @@ stalwart::s3_region: "%{facts.region}"
|
||||
stalwart::domains:
|
||||
- 'mail.unkin.net'
|
||||
stalwart::postfix_relay_host: 'out-mta.main.unkin.net'
|
||||
stalwart::service_hostname: 'mail.main.unkin.net'
|
||||
stalwart::manage_dns_records: false
|
||||
|
||||
## With load balancer:
|
||||
|
||||
Reference in New Issue
Block a user