1
0
forked from k-space/kube
kube/wildduck
2023-09-16 14:49:01 +03:00
..
.gitignore wildduck: Clean up configs 2023-08-27 20:24:36 +03:00
certificate.yaml Migrate the rest of Wildduck stack 2023-08-24 19:53:07 +03:00
clamav.yaml wildduck: Add ClamAV 2023-08-24 08:34:30 +03:00
dns.yaml Migrate the rest of Wildduck stack 2023-08-24 19:53:07 +03:00
haraka.yaml wildduck: Bump replica count to 4 2023-09-16 14:49:01 +03:00
loadbalancer.yaml wildduck: Clean up configs 2023-08-27 20:24:36 +03:00
mongo.yaml wildduck: Switch to operator managed Mongo 2023-09-15 18:09:17 +03:00
mongodb-support.yml wildduck: Update dedicated Mongo for Wildduck 2023-08-24 20:04:32 +03:00
README.md wildduck: Clean up configs 2023-08-27 20:24:36 +03:00
rspamd.yaml Migrate the rest of Wildduck stack 2023-08-24 19:53:07 +03:00
srs.yaml wildduck: Clean up configs 2023-08-27 20:24:36 +03:00
webmail.yaml Migrate the rest of Wildduck stack 2023-08-24 19:53:07 +03:00
wildduck-exporter.yaml wildduck: Switch to operator managed Mongo 2023-09-15 18:09:17 +03:00
wildduck-operator-rbac.yaml wildduck: Add operator 2023-08-24 08:48:33 +03:00
wildduck-operator.yaml wildduck: Clean up configs 2023-08-27 20:24:36 +03:00
wildduck.yaml wildduck: Bump replica count to 4 2023-09-16 14:49:01 +03:00
wildflock.yaml wildduck: Clean up configs 2023-08-27 20:24:36 +03:00
zonemta.yaml wildduck: Bump replica count to 4 2023-09-16 14:49:01 +03:00

Wildduck stack

This application is managed by ArgoCD

The mail stack consists of several moving parts:

  • Haraka with several plugins
    • Wildduck plugin to handle incoming mail on port 25 of mail.k-space.ee
    • Fight spam with Rspamd
    • Fight viruses with ClamAV
  • Wildduck
    • Provide API for interfacing with other systems such as Wildduck webmail, Wildflock e-mail alias generator and Wildduck Kubernetes operator which deals with account provisioning
    • Provide IMAP endpoint for accessing mailbox with traditional MUA (mail user agents): Android, iPhone, Thunderbird, Evolution etc
  • ZoneMTA for handling outbound mail
    • Including mail submission from MUA with the help of Wildduck plugin

Outside Kubernetes there is NAT rule on the Mikrotik router which rewrites source IP of any TCP port 25 headed traffic to originate from the IP address of the mail exchange.

TODO: Figure out how to automate DH parameters generation:

openssl dhparam -out dhparams.pem 2048
kubectl create secret generic -n wildduck dhparams --from-file=dhparams.pem