maddy

Fork https://github.com/foxcpp/maddy

git clone git://git.lin.moe/go/maddy.git

  1## Maddy Mail Server - default configuration file (2022-06-18)
  2# Suitable for small-scale deployments. Uses its own format for local users DB,
  3# should be managed via maddy subcommands.
  4#
  5# See tutorials at https://maddy.email for guidance on typical
  6# configuration changes.
  7
  8# ----------------------------------------------------------------------------
  9# Base variables
 10
 11$(hostname) = example.org
 12$(primary_domain) = example.org
 13$(local_domains) = $(primary_domain)
 14
 15tls file /etc/maddy/certs/$(hostname)/fullchain.pem /etc/maddy/certs/$(hostname)/privkey.pem
 16
 17# ----------------------------------------------------------------------------
 18# Local storage & authentication
 19
 20# pass_table provides local hashed passwords storage for authentication of
 21# users. It can be configured to use any "table" module, in default
 22# configuration a table in SQLite DB is used.
 23# Table can be replaced to use e.g. a file for passwords. Or pass_table module
 24# can be replaced altogether to use some external source of credentials (e.g.
 25# PAM, /etc/shadow file).
 26#
 27# If table module supports it (sql_table does) - credentials can be managed
 28# using 'maddy creds' command.
 29
 30auth.pass_table local_authdb {
 31    table sql_table {
 32        driver sqlite3
 33        dsn credentials.db
 34        table_name passwords
 35    }
 36}
 37
 38# imapsql module stores all indexes and metadata necessary for IMAP using a
 39# relational database. It is used by IMAP endpoint for mailbox access and
 40# also by SMTP & Submission endpoints for delivery of local messages.
 41#
 42# IMAP accounts, mailboxes and all message metadata can be inspected using
 43# imap-* subcommands of maddy.
 44
 45storage.imapsql local_mailboxes {
 46    driver sqlite3
 47    dsn imapsql.db
 48}
 49
 50# ----------------------------------------------------------------------------
 51# SMTP endpoints + message routing
 52
 53hostname $(hostname)
 54
 55table.chain local_rewrites {
 56    optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
 57    optional_step static {
 58        entry postmaster postmaster@$(primary_domain)
 59    }
 60    optional_step file /etc/maddy/aliases
 61}
 62
 63msgpipeline local_routing {
 64    # Insert handling for special-purpose local domains here.
 65    # e.g.
 66    # destination lists.example.org {
 67    #     deliver_to lmtp tcp://127.0.0.1:8024
 68    # }
 69
 70    destination postmaster $(local_domains) {
 71        modify {
 72            replace_rcpt &local_rewrites
 73        }
 74
 75        deliver_to &local_mailboxes
 76    }
 77
 78    default_destination {
 79        reject 550 5.1.1 "User doesn't exist"
 80    }
 81}
 82
 83smtp tcp://0.0.0.0:25 {
 84    limits {
 85        # Up to 20 msgs/sec across max. 10 SMTP connections.
 86        all rate 20 1s
 87        all concurrency 10
 88    }
 89
 90    dmarc yes
 91    check {
 92        require_mx_record
 93        dkim
 94        spf
 95    }
 96
 97    source $(local_domains) {
 98        reject 501 5.1.8 "Use Submission for outgoing SMTP"
 99    }
100    default_source {
101        destination postmaster $(local_domains) {
102            deliver_to &local_routing
103        }
104        default_destination {
105            reject 550 5.1.1 "User doesn't exist"
106        }
107    }
108}
109
110submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
111    limits {
112        # Up to 50 msgs/sec across any amount of SMTP connections.
113        all rate 50 1s
114    }
115
116    auth &local_authdb
117
118    source $(local_domains) {
119        check {
120            authorize_sender {
121                prepare_email &local_rewrites
122                user_to_email identity
123            }
124        }
125
126        destination postmaster $(local_domains) {
127            deliver_to &local_routing
128        }
129        default_destination {
130            modify {
131                dkim $(primary_domain) $(local_domains) default
132            }
133            deliver_to &remote_queue
134        }
135    }
136    default_source {
137        reject 501 5.1.8 "Non-local sender domain"
138    }
139}
140
141target.remote outbound_delivery {
142    limits {
143        # Up to 20 msgs/sec across max. 10 SMTP connections
144        # for each recipient domain.
145        destination rate 20 1s
146        destination concurrency 10
147    }
148    mx_auth {
149        dane
150        mtasts {
151            cache fs
152            fs_dir mtasts_cache/
153        }
154        local_policy {
155            min_tls_level encrypted
156            min_mx_level none
157        }
158    }
159}
160
161target.queue remote_queue {
162    target &outbound_delivery
163
164    autogenerated_msg_domain $(primary_domain)
165    bounce {
166        destination postmaster $(local_domains) {
167            deliver_to &local_routing
168        }
169        default_destination {
170            reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
171        }
172    }
173}
174
175# ----------------------------------------------------------------------------
176# IMAP endpoints
177
178imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
179    auth &local_authdb
180    storage &local_mailboxes
181}