160 lines
3.7 KiB
YAML
160 lines
3.7 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: haraka
|
|
data:
|
|
loglevel: info
|
|
plugin_timeout: "180"
|
|
queue_dir: /var/lib/haraka/queue
|
|
plugins: |-
|
|
spf
|
|
clamd
|
|
rspamd
|
|
wildduck
|
|
rspamd.ini: |-
|
|
host = rspamd
|
|
port = 11333
|
|
add_headers = always
|
|
timeout = 30
|
|
[dkim]
|
|
enabled = true
|
|
[header]
|
|
bar = X-Rspamd-Bar
|
|
report = X-Rspamd-Report
|
|
score = X-Rspamd-Score
|
|
spam = X-Rspamd-Spam
|
|
[check]
|
|
authenticated = true
|
|
private_ip = true
|
|
[reject]
|
|
spam = false
|
|
[soft_reject]
|
|
enabled = true
|
|
[rmilter_headers]
|
|
enabled = true
|
|
[spambar]
|
|
positive = +
|
|
negative = -
|
|
neutral = /
|
|
clamd.ini: |-
|
|
clamd_socket = clamav:3310
|
|
[reject]
|
|
virus=true
|
|
error=false
|
|
smtp.ini: |-
|
|
listen=0.0.0.0:2525
|
|
nodes=1
|
|
tls.ini: |-
|
|
key=/cert/tls.key
|
|
cert=/cert/tls.crt
|
|
wildduck.js: |-
|
|
module.exports = {
|
|
"redis": process.env.REDIS_URI,
|
|
"mongo": {
|
|
"url": process.env.MONGO_URI,
|
|
"sender": "application"
|
|
},
|
|
"sender": {
|
|
"enabled": true,
|
|
"zone": "default",
|
|
"gfs": "mail",
|
|
"collection": "zone-queue"
|
|
},
|
|
"srs": {
|
|
"secret": "foobar"
|
|
},
|
|
"attachments": {
|
|
"type": "gridstore",
|
|
"bucket": "attachments",
|
|
"decodeBase64": true
|
|
},
|
|
"log": {
|
|
"authlogExpireDays": 30
|
|
},
|
|
"limits": {
|
|
"windowSize": 3600,
|
|
"rcptIp": 100,
|
|
"rcptWindowSize": 60,
|
|
"rcpt": 60
|
|
},
|
|
"gelf": {
|
|
"enabled": false
|
|
},
|
|
"rspamd": {
|
|
"forwardSkip": 10,
|
|
"blacklist": [
|
|
"DMARC_POLICY_REJECT"
|
|
],
|
|
"softlist": [
|
|
"RBL_ZONE"
|
|
],
|
|
"responses": {
|
|
"DMARC_POLICY_REJECT": "Unauthenticated email from {host} is not accepted due to domain's DMARC policy",
|
|
"RBL_ZONE": "[{host}] was found from Zone RBL"
|
|
}
|
|
}
|
|
}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: haraka
|
|
spec:
|
|
replicas: 2
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: wildduck
|
|
app.kubernetes.io/component: haraka
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: wildduck
|
|
app.kubernetes.io/component: haraka
|
|
spec:
|
|
containers:
|
|
- name: haraka
|
|
image: docker.io/codemowers/wildduck-haraka-inbound:latest@sha256:a130cc6a60ab2a47cb5971355ed2474136254613b4b8bd30aeabc6e123695ea3
|
|
imagePullPolicy: IfNotPresent
|
|
ports:
|
|
- containerPort: 2525
|
|
name: haraka-mta
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 65534
|
|
volumeMounts:
|
|
- name: wildduck-haraka-config
|
|
mountPath: /etc/haraka
|
|
readOnly: true
|
|
- name: wildduck-haraka-config
|
|
mountPath: /etc/haraka/config
|
|
readOnly: true
|
|
- name: var-lib-haraka
|
|
mountPath: /var/lib/haraka
|
|
- mountPath: /cert
|
|
name: cert
|
|
env:
|
|
- name: REDIS_URI
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: redis-wildduck-owner-secrets
|
|
key: REDIS_MASTER_0_URI
|
|
- name: MONGO_URI
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: wildduck
|
|
key: MONGO_URI
|
|
volumes:
|
|
- name: cert
|
|
secret:
|
|
secretName: wildduck-tls
|
|
- name: wildduck-haraka-config
|
|
projected:
|
|
sources:
|
|
- configMap:
|
|
name: haraka
|
|
- name: var-lib-haraka
|
|
emptyDir:
|
|
sizeLimit: 500Mi
|