feat: add SMTP submission listener and enhance stalwart configuration
Build / precommit (pull_request) Successful in 5m1s

- add SMTP submission listener on port 587 with TLS requirement
- configure HAProxy frontend/backend for submission with send-proxy-v2 support
- add send-proxy-v2 support to all listeners
- add dynamic HAProxy node discovery for proxy trusted networks
- use service hostname instead of node FQDN for autoconfig/autodiscover
- remove redundant IMAP/IMAPS/SMTP alt-names from TLS certificates
- update VRRP CNAME configuration to use mail.main.unkin.net
This commit is contained in:
2025-11-09 14:07:49 +11:00
parent 35614060bd
commit 368a8a5e89
7 changed files with 112 additions and 9 deletions
@@ -15,6 +15,7 @@ class profiles::stalwart::haproxy (
'inter 2s',
'rise 3',
'fall 2',
'send-proxy-v2',
]
}
@@ -27,6 +28,7 @@ class profiles::stalwart::haproxy (
'inter 3s',
'rise 2',
'fall 3',
'send-proxy-v2',
]
}
@@ -41,6 +43,7 @@ class profiles::stalwart::haproxy (
'inter 3s',
'rise 2',
'fall 3',
'send-proxy-v2',
]
}
@@ -53,6 +56,20 @@ class profiles::stalwart::haproxy (
'inter 3s',
'rise 2',
'fall 3',
'send-proxy-v2',
]
}
# smtp submission
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_587":
service => 'be_stalwart_submission',
ports => [587],
options => [
'check',
'inter 3s',
'rise 2',
'fall 3',
'send-proxy-v2',
]
}