--- apiVersion: v1 kind: ConfigMap metadata: name: haraka data: loglevel: info plugin_timeout: "180" queue_dir: /var/lib/haraka/queue me: |- mail.k-space.ee plugins: |- spf clamd rspamd dkim_verify wildduck tls rspamd.ini: |- host = rspamd port = 11333 add_headers = always timeout = 30 [dkim] enabled = true [header] bar = X-Rspamd-Bar report = X-Rspamd-Report score = X-Rspamd-Score spam = X-Rspamd-Spam [check] authenticated = true private_ip = true [reject] spam = false [soft_reject] enabled = true [rmilter_headers] enabled = true [spambar] positive = + negative = - neutral = / clamd.ini: |- clamd_socket = clamav:3310 [reject] virus=true error=false smtp.ini: |- listen=0.0.0.0:2525 nodes=1 tls.ini: |- key=/cert/tls.key cert=/cert/tls.crt dhparam=dhparams.pem wildduck.js: |- module.exports = { "redis": process.env.REDIS_URI, "mongo": { "url": process.env.MONGO_URI, "sender": "wildduck", }, "sender": { "enabled": true, "zone": "default", "gfs": "mail", "collection": "zone-queue" }, "srs": { "secret": process.env.SRS_SECRET }, "attachments": { "type": "gridstore", "bucket": "attachments", "decodeBase64": true }, "log": { "authlogExpireDays": 30 }, "limits": { "windowSize": 3600, "rcptIp": 100, "rcptWindowSize": 60, "rcpt": 60 }, "gelf": { "enabled": false }, "rspamd": { "forwardSkip": 10, "blacklist": [ "DMARC_POLICY_REJECT" ], "softlist": [ "RBL_ZONE" ], "responses": { "DMARC_POLICY_REJECT": "Unauthenticated email from {host} is not accepted due to domain's DMARC policy", "RBL_ZONE": "[{host}] was found from Zone RBL" } } } --- apiVersion: apps/v1 kind: Deployment metadata: name: haraka spec: strategy: type: Recreate replicas: 2 selector: matchLabels: app.kubernetes.io/name: wildduck app.kubernetes.io/component: haraka template: metadata: labels: app.kubernetes.io/name: wildduck app.kubernetes.io/component: haraka spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - wildduck - key: app.kubernetes.io/component operator: In values: - haraka topologyKey: topology.kubernetes.io/zone podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - wildduck - key: app.kubernetes.io/component operator: In values: - wildduck topologyKey: kubernetes.io/hostname containers: - name: haraka image: mirror.gcr.io/codemowers/wildduck-haraka-inbound:latest@sha256:5b9ec221d9686604a8f247e894727dfaa3413ac75d31428773441d31bb4feaa6 imagePullPolicy: IfNotPresent ports: - containerPort: 2525 name: haraka-mta securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 65534 volumeMounts: - name: wildduck-haraka-config mountPath: /etc/haraka readOnly: true - name: wildduck-haraka-config mountPath: /etc/haraka/config readOnly: true - name: var-lib-haraka mountPath: /var/lib/haraka - mountPath: /cert name: cert env: - name: SRS_SECRET valueFrom: secretKeyRef: name: srs key: secret - name: REDIS_URI valueFrom: secretKeyRef: name: session-storage key: REDIS_WILDDUCK_URI - name: MONGO_URI valueFrom: secretKeyRef: name: wildduck-mongodb key: MONGO_URI volumes: - name: cert secret: secretName: wildduck-tls - name: wildduck-haraka-config projected: sources: - secret: name: dhparams - configMap: name: haraka - name: var-lib-haraka emptyDir: sizeLimit: 500Mi