maddy

Fork https://github.com/foxcpp/maddy

git clone git://git.lin.moe/go/maddy.git

  1## maddy 0.3 - default configuration file (2020-05-31)
  2# Suitable for small-scale deployments. Uses its own format for local users DB,
  3# should be managed via maddy subcommands.
  4#
  5# See tutorials at https://foxcpp.dev/maddy for guidance on typical
  6# configuration changes.
  7#
  8# See manual pages (also available at https://foxcpp.dev/maddy) for reference
  9# documentation.
 10
 11# ----------------------------------------------------------------------------
 12# Base variables
 13
 14$(hostname) = mx1.example.org
 15$(primary_domain) = example.org
 16$(local_domains) = $(primary_domain)
 17
 18tls file /etc/maddy/certs/fullchain.pem /etc/maddy/certs/privkey.pem
 19
 20# ----------------------------------------------------------------------------
 21# Local storage & authentication
 22
 23# pass_table provides local hashed passwords storage for authentication of
 24# users. It can be configured to use any "table" module, in default
 25# configuration a table in SQLite DB is used.
 26# Table can be replaced to use e.g. a file for passwords. Or pass_table module
 27# can be replaced altogether to use some external source of credentials (e.g.
 28# PAM, /etc/shadow file).
 29#
 30# If table module supports it (sql_table does) - credentials can be managed
 31# using 'maddy creds' command.
 32
 33auth.pass_table local_authdb {
 34    table sql_table {
 35        driver sqlite3
 36        dsn credentials.db
 37        table_name passwords
 38    }
 39}
 40
 41# imapsql module stores all indexes and metadata necessary for IMAP using a
 42# relational database. It is used by IMAP endpoint for mailbox access and
 43# also by SMTP & Submission endpoints for delivery of local messages.
 44#
 45# IMAP accounts, mailboxes and all message metadata can be inspected using
 46# imap-* subcommands of maddy.
 47
 48storage.imapsql local_mailboxes {
 49    driver sqlite3
 50    dsn imapsql.db
 51}
 52
 53# ----------------------------------------------------------------------------
 54# SMTP endpoints + message routing
 55
 56hostname $(hostname)
 57
 58msgpipeline local_routing {
 59    dmarc yes
 60    check {
 61        require_matching_ehlo
 62        require_mx_record
 63        dkim
 64        spf
 65    }
 66
 67    # Insert handling for special-purpose local domains here.
 68    # e.g.
 69    # destination lists.example.org {
 70    #     deliver_to lmtp tcp://127.0.0.1:8024
 71    # }
 72
 73    destination postmaster $(local_domains) {
 74        modify {
 75            replace_rcpt regexp "(.+)\+(.+)@(.+)" "$1@$3"
 76            replace_rcpt file /data/aliases
 77        }
 78
 79        deliver_to &local_mailboxes
 80    }
 81
 82    default_destination {
 83        reject 550 5.1.1 "User doesn't exist"
 84    }
 85}
 86
 87smtp tcp://0.0.0.0:25 {
 88    limits {
 89        # Up to 20 msgs/sec across max. 10 SMTP connections.
 90        all rate 20 1s
 91        all concurrency 10
 92    }
 93
 94    source $(local_domains) {
 95        reject 501 5.1.8 "Use Submission for outgoing SMTP"
 96    }
 97    default_source {
 98        destination postmaster $(local_domains) {
 99            deliver_to &local_routing
100        }
101        default_destination {
102            reject 550 5.1.1 "User doesn't exist"
103        }
104    }
105}
106
107submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
108    limits {
109        # Up to 50 msgs/sec across any amount of SMTP connections.
110        all rate 50 1s
111    }
112
113    auth &local_authdb
114
115    source $(local_domains) {
116        destination postmaster $(local_domains) {
117            deliver_to &local_routing
118        }
119        default_destination {
120            modify {
121                dkim $(primary_domain) $(local_domains) default
122            }
123            deliver_to &remote_queue
124        }
125    }
126    default_source {
127        reject 501 5.1.8 "Non-local sender domain"
128    }
129}
130
131target.remote outbound_delivery {
132    limits {
133        # Up to 20 msgs/sec across max. 10 SMTP connections
134        # for each recipient domain.
135        destination rate 20 1s
136        destination concurrency 10
137    }
138    mx_auth {
139        dane
140        mtasts {
141            cache fs
142            fs_dir mtasts_cache/
143        }
144        local_policy {
145            min_tls_level encrypted
146            min_mx_level none
147        }
148    }
149}
150
151target.queue remote_queue {
152    target &outbound_delivery
153
154    autogenerated_msg_domain $(primary_domain)
155    bounce {
156        destination postmaster $(local_domains) {
157            deliver_to &local_routing
158        }
159        default_destination {
160            reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
161        }
162    }
163}
164
165# ----------------------------------------------------------------------------
166# IMAP endpoints
167
168imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
169    auth &local_authdb
170    storage &local_mailboxes
171}