Skip to content

Commit

Permalink
Add maddy
Browse files Browse the repository at this point in the history
  • Loading branch information
@Nols1000
Nols1000 committed Aug 15, 2024
1 parent 6ed42a7 commit 14a41a5
Show file tree
Hide file tree
Showing 6 changed files with 614 additions and 0 deletions.
27 changes: 27 additions & 0 deletions charts/maddy/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
---
apiVersion: v2
appVersion: 0.7.1
description: Maddy Mail Server
name: maddy
version: 5.0.0
kubeVersion: ">=1.16.0-0"
keywords:
- maddy
- mail
home: https://tw-esport.github.io/helm-charts
# Project has no icon yet
# icon: https://maddy.org/icon
sources:
- https://github.com/tw-esport/helm-charts/tree/main
- https://github.com/foxcpp/maddy
maintainers:
- name: nols1000
email: [email protected]
dependencies:
- name: postgresql
version: 15.5.21
repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled
- name: common
repository: https://bjw-s.github.io/helm-charts
version: 1.5.1
69 changes: 69 additions & 0 deletions charts/maddy/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
# maddy

![Version: 4.1.1](https://img.shields.io/badge/Version-4.1.1-informational?style=flat-square) ![AppVersion: 0.6.2](https://img.shields.io/badge/AppVersion-0.6.2-informational?style=flat-square)

Maddy Mail Server

**Homepage:** <https://github.com/k8s-at-home/charts/tree/master/charts/stable/maddy>

## Maintainers

| Name | Email | Url |
| ---- | ------ | --- |
| angelnu | <[email protected]> | |

## Source Code

* <https://github.com/foxcpp/maddy>

## Requirements

Kubernetes: `>=1.16.0-0`

| Repository | Name | Version |
|------------|------|---------|
| https://bjw-s.github.io/helm-charts | common | 1.5.1 |
| https://charts.bitnami.com/bitnami | postgresql | 12.1.0 |

## Values

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
| image.repository | string | `"ghcr.io/foxcpp/maddy"` | image repository |
| image.tag | string | chart.appVersion | image tag |
| maddy.auth.ldap | object | See [See Maddy auth](https://maddy.email/man/_generated_maddy-auth.5/#configuration-directives_5) | If type is ldap the following options are required |
| maddy.auth.ldap."bind plain" | string | `"\"cn=maddy,ou=people,dc=maddy,dc=test\" \"123456\""` | Specify initial bind credentials. Not required ('bind off') if DN template is used. |
| maddy.auth.ldap.base_dn | string | `"\"ou=people,dc=maddy,dc=test\""` | Specify base_dn to lookup DN. |
| maddy.auth.ldap.connect_timeout | string | `"1m"` | Timeout for initial connection to the directory server. |
| maddy.auth.ldap.debug | string | `"off"` | Enable verbose logging. You don't need that unless you are reporting a bug. |
| maddy.auth.ldap.dn_template | string | `"\"cn={username},ou=people,dc=maddy,dc=test\""` | Specify DN template to skip lookup. |
| maddy.auth.ldap.filter | string | `"\"(&(objectClass=posixAccount)(uid={username}))\""` | Specify filter to lookup DN. |
| maddy.auth.ldap.starttls | string | `"off"` | Whether to upgrade connection to TLS using STARTTLS. |
| maddy.auth.ldap.urls | string | `"ldap://maddy.test:389"` | URLs of the directory servers to use. First available server is used - no load-balancing is done. |
| maddy.auth.type | string | `"sql"` | Where to store authorised users. Valid values are `sql` and `ldap` |
| maddy.config_files.alias | string | `"## Replace 'cat' with any domain to 'dog'.\n## E.g. [email protected] -> [email protected]\n# cat: dog\n\n## Replace [email protected] with [email protected].\n## Takes priority over the previous line.\n#[email protected]: [email protected]\n"` | Alias file used in smtp_rule See [alias examples](https://maddy.email/man/_generated_maddy-filters.5/). |
| maddy.extra_settings.imap | object | `{}` | Additional settings for imap backend |
| maddy.extra_settings.local_mailboxes | object | `{}` | Additional settings for local_mailboxes storage |
| maddy.hostname | string | `"mx.example.com"` | Hostname the service will listen to (incoming SMTP and IMAP) |
| maddy.primary_domain | string | `"example.com"` | Primary domain - will be included in SMTP protocol |
| maddy.secondary_domains | string | `nil` | Space separated list of additional domains this server handles |
| maddy.smtp_rules | object | See values.yaml | The main part of the configuration - rules for the smtp pipelines. You can define multiple blocks. Content comes from the chart when setting `file` (see files/smtp_rules folder) and/or the custom block |
| maddy.sql.postgres_dsn | object | See [Go DSN](https://pkg.go.dev/github.com/lib/pq?utm_source=godoc#hdr-Connection_String_Parameters) | If type is postgres configure the Data Source Name (DSN) |
| maddy.sql.postgres_dsn.dbname | string | DB name set in embedded postgres chart | The name of the DB |
| maddy.sql.postgres_dsn.host | string | host of embedded postgres chart | The host to connect to |
| maddy.sql.postgres_dsn.password | string | user set in embedded postgres chart | The DB user password |
| maddy.sql.postgres_dsn.sslmode | string | `"disable"` | SSL model for the DB disable - No SSL require - Always SSL (skip verification) verify-ca - Always SSL (verify that the certificate presented by the server was signed by a trusted CA) verify-full - Always SSL (verify that the certification presented by the server was signed by a trusted CA and the server host name matches the one in the certificate) |
| maddy.sql.postgres_dsn.user | string | user set in embedded postgres chart | The DB user |
| maddy.sql.type | string | `"sqlite3"` | DB type to use. Supported are `sqlite3` and `postgres` Database is used to store IMAP indexes and (when not using LDAP) authorized users |
| maddy.tls_secret_name | string | `"myTLSSecret"` | name of K8S secret containing the cert and key to use by maddy. |
| persistence | object | See values.yaml | Configure persistence settings for the chart under this key. |
| postgresql | object | see bellow | Bitnami postgres chart. For more options see https://github.com/bitnami/charts/tree/master/bitnami/postgresql |
| postgresql.enabled | bool | `false` | Enable if you want to use the embedded postgresql chart (not neeeded if you use your own postgres DB). |
| postgresql.persistence.enabled | bool | `false` | if database is stored to a PVC. Set to true when you are done testing. |
| postgresql.postgresqlDatabase | string | `"postgres"` | Postgres database password |
| postgresql.postgresqlPassword | string | `"changeme"` | Postgres database password |
| postgresql.postgresqlUsername | string | `"postgres"` | Postgres database user name |
| service | object | See values.yaml | Configures service settings for the chart. |

----------------------------------------------
130 changes: 130 additions & 0 deletions charts/maddy/files/maddy.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
## Maddy Mail Server - default configuration file (2021-08-16)
# Suitable for small-scale deployments. Uses its own format for local users DB,
# should be managed via maddyctl utility.
#
# See tutorials at https://maddy.email for guidance on typical
# configuration changes.
#
# See manual pages (also available at https://maddy.email) for reference
# documentation.

# ----------------------------------------------------------------------------
# Base variables

$(hostname) = {{ .Values.maddy.hostname }}
$(primary_domain) = {{ .Values.maddy.primary_domain }}
$(local_domains) = $(primary_domain) {{ if .Values.maddy.secondary_domains }}{{ .Values.maddy.secondary_domains }}{{ end }}
$(alias_file) = /config/aliases

# ----------------------------------------------------------------------------
# Persistency path

state_dir {{ .Values.persistence.data.mountPath }}

# ----------------------------------------------------------------------------
# TLS server certs (IMAP and SMTP)

tls file /certificates/tls.crt /certificates/tls.key

# ----------------------------------------------------------------------------
# Open Metrics

{{ if .Values.service.openmetrics.ports.openmetrics.enabled -}}
openmetrics tcp://127.0.0.1:{{ .Values.service.openmetrics.ports.openmetrics.port }} { }
{{- else -}}
# Not enabled in Helm
{{- end }}


# ----------------------------------------------------------------------------
# Local storage & authentication

# pass_table provides local hashed passwords storage for authentication of
# users. It can be configured to use any "table" module, in default
# configuration a table in SQLite DB is used.
# Table can be replaced to use e.g. a file for passwords. Or pass_table module
# can be replaced altogether to use some external source of credentials (e.g.
# PAM, /etc/shadow file).
#
# If table module supports it (sql_table does) - credentials can be managed
# using 'maddyctl creds' command.

{{ if eq .Values.maddy.auth.type "sql" -}}
auth.pass_table local_authdb {
table sql_table {
{{- if eq .Values.maddy.sql.type "sqlite3" }}
driver sqlite3
dsn credentials.db
table_name passwords
{{- else if eq .Values.maddy.sql.type "postgres" }}
driver postgres
dsn {{ $.Values.maddy.sql.postgres_dsn_line }}
table_name passwords
{{- else }}
{{- fail (printf "Not a valid sql type (%s)" .Values.maddy.sql.type ) }}
{{- end }}
}
}
{{- else if eq .Values.maddy.auth.type "ldap" -}}
auth.ldap local_authdb {
{{- range $option, $value := .Values.maddy.auth.ldap }}
{{ $option}} {{ $value }}
{{- end }}
}
{{- else -}}
{{- fail (printf "Not a valid auth type (%s)" .Values.maddy.auth.type ) }}
{{- end }}

# imapsql module stores all indexes and metadata necessary for IMAP using a
# relational database. It is used by IMAP endpoint for mailbox access and
# also by SMTP & Submission endpoints for delivery of local messages.
#
# IMAP accounts, mailboxes and all message metadata can be inspected using
# imap-* subcommands of maddyctl utility.

storage.imapsql local_mailboxes {
{{- if eq .Values.maddy.sql.type "sqlite3" }}
driver sqlite3
dsn imapsql.db
{{- else if eq .Values.maddy.sql.type "postgres" }}
driver postgres
dsn {{ $.Values.maddy.sql.postgres_dsn_line }}
{{- else }}
{{- fail (printf "Not a valid sql type (%s)" .Values.maddy.sql.type ) }}
{{- end }}
# Other settings
{{- range $option, $value := .Values.maddy.extra_settings.local_mailboxes }}
{{ $option }} {{ tpl $value $ }}
{{- end }}
}

# ----------------------------------------------------------------------------
# SMTP endpoints + message routing

hostname $(hostname)

{{ range $name, $rule := .Values.maddy.smtp_rules -}}
{{- if $rule.enabled }}
## Rule {{ $name }}
{{- if $rule.file }}
### from file "{{ $rule.file }}"
{{ tpl ($.Files.Get (printf "files/smtp_rules/%s" $rule.file) ) $ }}
{{- end }}
{{- if $rule.custom }}
### from custom block"
{{ tpl $rule.custom $ }}
{{- end }}
{{- end }}
{{- end }}

# ----------------------------------------------------------------------------
# IMAP endpoints

imap tls://0.0.0.0:{{ .Values.service.main.ports.imaps.port }} tcp://0.0.0.0:{{ .Values.service.main.ports.imap.port }} {
auth &local_authdb
storage &local_mailboxes
# Other settings
{{- range $option, $value := .Values.maddy.extra_settings.imap }}
{{ $option }} {{ tpl $value $ }}
{{- end }}
}
122 changes: 122 additions & 0 deletions charts/maddy/files/smtp_rules/default.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
table.chain local_rewrites {
optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
optional_step static {
entry postmaster postmaster@$(primary_domain)
}
optional_step file $(alias_file)
}

msgpipeline local_routing {
# Insert handling for special-purpose local domains here.
# e.g.
# destination lists.example.org {
# deliver_to lmtp tcp://127.0.0.1:8024
# }

destination postmaster $(local_domains) {
modify {
replace_rcpt &local_rewrites
}

deliver_to &local_mailboxes
}

default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}

smtp tcp://0.0.0.0:25 {
limits {
# Up to 20 msgs/sec across max. 10 SMTP connections.
all rate 20 1s
all concurrency 10
}

dmarc yes
check {
require_mx_record
dkim
spf
}

source $(local_domains) {
reject 501 5.1.8 "Use Submission for outgoing SMTP"
}
default_source {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
}


# Outgoing email

submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
limits {
# Up to 50 msgs/sec across any amount of SMTP connections.
all rate 50 1s
}

auth &local_authdb

source $(local_domains) {
check {
authorize_sender {
prepare_email &local_rewrites
user_to_email identity
}
}

destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
modify {
dkim $(primary_domain) $(local_domains) default
}
deliver_to &remote_queue
}
}
default_source {
reject 501 5.1.8 "Non-local sender domain"
}
}

target.remote outbound_delivery {
limits {
# Up to 20 msgs/sec across max. 10 SMTP connections
# for each recipient domain.
destination rate 20 1s
destination concurrency 10
}
mx_auth {
dane
mtasts {
cache fs
fs_dir mtasts_cache/
}
local_policy {
min_tls_level encrypted
min_mx_level none
}
}
}

target.queue remote_queue {
target &outbound_delivery

autogenerated_msg_domain $(primary_domain)
bounce {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
}
}
}
Loading

0 comments on commit 14a41a5

Please sign in to comment.