feat: add SMTP submission listener and enhance stalwart configuration
Build / precommit (pull_request) Successful in 5m1s

- add SMTP submission listener on port 587 with TLS requirement
- configure HAProxy frontend/backend for submission with send-proxy-v2 support
- add send-proxy-v2 support to all listeners
- add dynamic HAProxy node discovery for proxy trusted networks
- use service hostname instead of node FQDN for autoconfig/autodiscover
- remove redundant IMAP/IMAPS/SMTP alt-names from TLS certificates
- update VRRP CNAME configuration to use mail.main.unkin.net
This commit is contained in:
2025-11-09 14:07:49 +11:00
parent 35614060bd
commit 368a8a5e89
7 changed files with 112 additions and 9 deletions
+1 -3
View File
@@ -8,9 +8,6 @@ hiera_include:
profiles::pki::vault::alt_names:
- mail.main.unkin.net
- mail-webadmin.main.unkin.net
- imap.main.unkin.net
- imaps.main.unkin.net
- smtp.main.unkin.net
- main-in.main.unkin.net
- autoconfig.main.unkin.net
- autodiscovery.main.unkin.net
@@ -41,6 +38,7 @@ stalwart::s3_region: "%{facts.region}"
stalwart::domains:
- 'mail.unkin.net'
stalwart::postfix_relay_host: 'out-mta.main.unkin.net'
stalwart::service_hostname: 'mail.main.unkin.net'
stalwart::manage_dns_records: false
## With load balancer: