maddy

Fork https://github.com/foxcpp/maddy

git clone git://git.lin.moe/go/maddy.git

  1## Maddy Mail Server - default configuration file (2022-06-18)
  2## This is the copy of maddy.conf with changes necessary to run it in Docker.
  3# Suitable for small-scale deployments. Uses its own format for local users DB,
  4# should be managed via maddy subcommands.
  5#
  6# See tutorials at https://maddy.email for guidance on typical
  7# configuration changes.
  8
  9# ----------------------------------------------------------------------------
 10# Base variables
 11
 12$(hostname) = {env:MADDY_HOSTNAME}
 13$(primary_domain) = {env:MADDY_DOMAIN}
 14$(local_domains) = $(primary_domain)
 15
 16tls file /data/tls/fullchain.pem /data/tls/privkey.pem
 17
 18# ----------------------------------------------------------------------------
 19# Local storage & authentication
 20
 21# pass_table provides local hashed passwords storage for authentication of
 22# users. It can be configured to use any "table" module, in default
 23# configuration a table in SQLite DB is used.
 24# Table can be replaced to use e.g. a file for passwords. Or pass_table module
 25# can be replaced altogether to use some external source of credentials (e.g.
 26# PAM, /etc/shadow file).
 27#
 28# If table module supports it (sql_table does) - credentials can be managed
 29# using 'maddy creds' command.
 30
 31auth.pass_table local_authdb {
 32    table sql_table {
 33        driver sqlite3
 34        dsn credentials.db
 35        table_name passwords
 36    }
 37}
 38
 39# imapsql module stores all indexes and metadata necessary for IMAP using a
 40# relational database. It is used by IMAP endpoint for mailbox access and
 41# also by SMTP & Submission endpoints for delivery of local messages.
 42#
 43# IMAP accounts, mailboxes and all message metadata can be inspected using
 44# imap-* subcommands of maddy.
 45
 46storage.imapsql local_mailboxes {
 47    driver sqlite3
 48    dsn imapsql.db
 49}
 50
 51# ----------------------------------------------------------------------------
 52# SMTP endpoints + message routing
 53
 54hostname $(hostname)
 55
 56table.chain local_rewrites {
 57    optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
 58    optional_step static {
 59        entry postmaster postmaster@$(primary_domain)
 60    }
 61    optional_step file /etc/maddy/aliases
 62}
 63
 64msgpipeline local_routing {
 65    # Insert handling for special-purpose local domains here.
 66    # e.g.
 67    # destination lists.example.org {
 68    #     deliver_to lmtp tcp://127.0.0.1:8024
 69    # }
 70
 71    destination postmaster $(local_domains) {
 72        modify {
 73            replace_rcpt &local_rewrites
 74        }
 75
 76        deliver_to &local_mailboxes
 77    }
 78
 79    default_destination {
 80        reject 550 5.1.1 "User doesn't exist"
 81    }
 82}
 83
 84smtp tcp://0.0.0.0:25 {
 85    limits {
 86        # Up to 20 msgs/sec across max. 10 SMTP connections.
 87        all rate 20 1s
 88        all concurrency 10
 89    }
 90
 91    dmarc yes
 92    check {
 93        require_mx_record
 94        dkim
 95        spf
 96    }
 97
 98    source $(local_domains) {
 99        reject 501 5.1.8 "Use Submission for outgoing SMTP"
100    }
101    default_source {
102        destination postmaster $(local_domains) {
103            deliver_to &local_routing
104        }
105        default_destination {
106            reject 550 5.1.1 "User doesn't exist"
107        }
108    }
109}
110
111submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
112    limits {
113        # Up to 50 msgs/sec across any amount of SMTP connections.
114        all rate 50 1s
115    }
116
117    auth &local_authdb
118
119    source $(local_domains) {
120        check {
121            authorize_sender {
122                prepare_email &local_rewrites
123                user_to_email identity
124            }
125        }
126
127        destination postmaster $(local_domains) {
128            deliver_to &local_routing
129        }
130        default_destination {
131            modify {
132                dkim $(primary_domain) $(local_domains) default
133            }
134            deliver_to &remote_queue
135        }
136    }
137    default_source {
138        reject 501 5.1.8 "Non-local sender domain"
139    }
140}
141
142target.remote outbound_delivery {
143    limits {
144        # Up to 20 msgs/sec across max. 10 SMTP connections
145        # for each recipient domain.
146        destination rate 20 1s
147        destination concurrency 10
148    }
149    mx_auth {
150        dane
151        mtasts {
152            cache fs
153            fs_dir mtasts_cache/
154        }
155        local_policy {
156            min_tls_level encrypted
157            min_mx_level none
158        }
159    }
160}
161
162target.queue remote_queue {
163    target &outbound_delivery
164
165    autogenerated_msg_domain $(primary_domain)
166    bounce {
167        destination postmaster $(local_domains) {
168            deliver_to &local_routing
169        }
170        default_destination {
171            reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
172        }
173    }
174}
175
176# ----------------------------------------------------------------------------
177# IMAP endpoints
178
179imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
180    auth &local_authdb
181    storage &local_mailboxes
182}