feat: add SMTP submission listener and enhance stalwart configuration (#425)
- add SMTP submission listener on port 587 with TLS requirement - configure HAProxy frontend/backend for submission with send-proxy-v2 support - add send-proxy-v2 support to all listeners - add dynamic HAProxy node discovery for proxy trusted networks - use service hostname instead of node FQDN for autoconfig/autodiscover - remove redundant IMAP/IMAPS/SMTP alt-names from TLS certificates - update VRRP CNAME configuration to use mail.main.unkin.net Reviewed-on: #425
This commit was merged in pull request #425.
This commit is contained in:
@@ -13,8 +13,7 @@ profiles::haproxy::dns::vrrp_cnames:
|
||||
- dashboard.ceph.unkin.net
|
||||
- mail-webadmin.main.unkin.net
|
||||
- mail-in.main.unkin.net
|
||||
- imap.main.unkin.net
|
||||
- imaps.main.unkin.net
|
||||
- mail.main.unkin.net
|
||||
- autoconfig.main.unkin.net
|
||||
- autodiscover.main.unkin.net
|
||||
|
||||
@@ -333,7 +332,7 @@ profiles::haproxy::backends:
|
||||
stick-table: 'type ip size 200k expire 30m'
|
||||
stick: 'on src'
|
||||
tcp-check:
|
||||
- connect port 143
|
||||
- connect port 143 send-proxy
|
||||
- expect string "* OK"
|
||||
- send "A001 STARTTLS\r\n"
|
||||
- expect rstring "A001 (OK|2.0.0)"
|
||||
@@ -349,7 +348,7 @@ profiles::haproxy::backends:
|
||||
stick-table: 'type ip size 200k expire 30m'
|
||||
stick: 'on src'
|
||||
tcp-check:
|
||||
- connect ssl
|
||||
- connect ssl send-proxy
|
||||
- expect string "* OK"
|
||||
be_stalwart_smtp:
|
||||
description: Backend for Stalwart SMTP
|
||||
@@ -363,7 +362,21 @@ profiles::haproxy::backends:
|
||||
stick-table: 'type ip size 200k expire 30m'
|
||||
stick: 'on src'
|
||||
tcp-check:
|
||||
- connect port 25
|
||||
- connect port 25 send-proxy
|
||||
- expect string "220 "
|
||||
be_stalwart_submission:
|
||||
description: Backend for Stalwart SMTP Submission
|
||||
collect_exported: false
|
||||
options:
|
||||
mode: tcp
|
||||
balance: roundrobin
|
||||
option:
|
||||
- tcp-check
|
||||
- prefer-last-server
|
||||
stick-table: 'type ip size 200k expire 30m'
|
||||
stick: 'on src'
|
||||
tcp-check:
|
||||
- connect port 587 send-proxy
|
||||
- expect string "220 "
|
||||
|
||||
profiles::haproxy::certlist::enabled: true
|
||||
|
||||
Reference in New Issue
Block a user