feat: add SMTP submission listener and enhance stalwart configuration (#425)
- add SMTP submission listener on port 587 with TLS requirement - configure HAProxy frontend/backend for submission with send-proxy-v2 support - add send-proxy-v2 support to all listeners - add dynamic HAProxy node discovery for proxy trusted networks - use service hostname instead of node FQDN for autoconfig/autodiscover - remove redundant IMAP/IMAPS/SMTP alt-names from TLS certificates - update VRRP CNAME configuration to use mail.main.unkin.net Reviewed-on: #425
This commit was merged in pull request #425.
This commit is contained in:
@@ -8,9 +8,6 @@ hiera_include:
|
||||
profiles::pki::vault::alt_names:
|
||||
- mail.main.unkin.net
|
||||
- mail-webadmin.main.unkin.net
|
||||
- imap.main.unkin.net
|
||||
- imaps.main.unkin.net
|
||||
- smtp.main.unkin.net
|
||||
- main-in.main.unkin.net
|
||||
- autoconfig.main.unkin.net
|
||||
- autodiscovery.main.unkin.net
|
||||
@@ -41,6 +38,7 @@ stalwart::s3_region: "%{facts.region}"
|
||||
stalwart::domains:
|
||||
- 'mail.unkin.net'
|
||||
stalwart::postfix_relay_host: 'out-mta.main.unkin.net'
|
||||
stalwart::service_hostname: 'mail.main.unkin.net'
|
||||
stalwart::manage_dns_records: false
|
||||
|
||||
## With load balancer:
|
||||
|
||||
Reference in New Issue
Block a user