--- apiVersion: v1 kind: ConfigMap metadata: name: haraka data: loglevel: info plugin_timeout: "180" queue_dir: /var/lib/haraka/queue plugins: |- spf clamd rspamd dkim_verify wildduck tls rspamd.ini: |- host = rspamd port = 11333 add_headers = always timeout = 30 [dkim] enabled = true [header] bar = X-Rspamd-Bar report = X-Rspamd-Report score = X-Rspamd-Score spam = X-Rspamd-Spam [check] authenticated = true private_ip = true [reject] spam = false [soft_reject] enabled = true [rmilter_headers] enabled = true [spambar] positive = + negative = - neutral = / clamd.ini: |- clamd_socket = clamav:3310 [reject] virus=true error=false smtp.ini: |- listen=0.0.0.0:2525 nodes=1 tls.ini: |- key=/cert/tls.key cert=/cert/tls.crt wildduck.js: |- module.exports = { "redis": process.env.REDIS_URI, "mongo": { "url": process.env.MONGO_URI, "sender": "wildduck", }, "sender": { "enabled": true, "zone": "default", "gfs": "mail", "collection": "zone-queue" }, "srs": { "secret": process.env.SRS_SECRET }, "attachments": { "type": "gridstore", "bucket": "attachments", "decodeBase64": true }, "log": { "authlogExpireDays": 30 }, "limits": { "windowSize": 3600, "rcptIp": 100, "rcptWindowSize": 60, "rcpt": 60 }, "gelf": { "enabled": false }, "rspamd": { "forwardSkip": 10, "blacklist": [ "DMARC_POLICY_REJECT" ], "softlist": [ "RBL_ZONE" ], "responses": { "DMARC_POLICY_REJECT": "Unauthenticated email from {host} is not accepted due to domain's DMARC policy", "RBL_ZONE": "[{host}] was found from Zone RBL" } } } --- apiVersion: apps/v1 kind: Deployment metadata: name: haraka spec: replicas: 2 selector: matchLabels: app.kubernetes.io/name: wildduck app.kubernetes.io/component: haraka template: metadata: labels: app.kubernetes.io/name: wildduck app.kubernetes.io/component: haraka spec: containers: - name: haraka image: docker.io/codemowers/wildduck-haraka-inbound:latest@sha256:a130cc6a60ab2a47cb5971355ed2474136254613b4b8bd30aeabc6e123695ea3 imagePullPolicy: IfNotPresent ports: - containerPort: 2525 name: haraka-mta securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 65534 volumeMounts: - name: wildduck-haraka-config mountPath: /etc/haraka readOnly: true - name: wildduck-haraka-config mountPath: /etc/haraka/config readOnly: true - name: var-lib-haraka mountPath: /var/lib/haraka - mountPath: /cert name: cert env: - name: SRS_SECRET valueFrom: secretKeyRef: name: srs key: secret - name: REDIS_URI valueFrom: secretKeyRef: name: redis-wildduck-owner-secrets key: REDIS_MASTER_0_URI - name: MONGO_URI valueFrom: secretKeyRef: name: wildduck-mongodb-wildduck-readwrite key: connectionString.standard volumes: - name: cert secret: secretName: wildduck-tls - name: wildduck-haraka-config projected: sources: - secret: name: dhparams - configMap: name: haraka - name: var-lib-haraka emptyDir: sizeLimit: 500Mi