💾 Archived View for mediocregopher.com › assets › maddy-vultr.conf captured on 2023-03-20 at 17:54:24.
-=-=-=-=-=-=-
## Maddy Mail Server - default configuration file (2021-03-07)
# Suitable for small-scale deployments. Uses its own format for local users DB,
# should be managed via maddyctl utility.
#
# See tutorials at https://maddy.email for guidance on typical
# configuration changes.
#
# See manual pages (also available at https://maddy.email) for reference
# documentation.
# ----------------------------------------------------------------------------
# Base variables
state_dir ${stateDir}
$(hostname) = mx.mydomain.com
hostname $(hostname)
$(primary_domain) = mydomain.com
$(local_domains) = $(primary_domain)
tls file /etc/letsencrypt/live/$(hostname)/fullchain.pem /etc/letsencrypt/live/$(hostname)/privkey.pem
# ----------------------------------------------------------------------------
# Local storage & authentication
# pass_table provides local hashed passwords storage for authentication of
# users. It can be configured to use any "table" module, in default
# configuration a table in SQLite DB is used.
# Table can be replaced to use e.g. a file for passwords. Or pass_table module
# can be replaced altogether to use some external source of credentials (e.g.
# PAM, /etc/shadow file).
#
# If table module supports it (sql_table does) - credentials can be managed
# using 'maddyctl creds' command.
# TODO replace with a static table with password hashes stored in the
# config, if possible
auth.pass_table local_authdb {
table sql_table {
driver sqlite3
dsn credentials.db
table_name passwords
}
}
# ----------------------------------------------------------------------------
# Outgoing SMTP
target.remote outbound_delivery {
mx_auth {
dane
mtasts {
cache fs
fs_dir mtasts_cache/
}
local_policy {
min_tls_level encrypted
min_mx_level none
}
}
}
submission tcp://0.0.0.0:587 {
auth &local_authdb
insecure_auth true
modify {
dkim $(primary_domain) $(local_domains) default
}
deliver_to &outbound_delivery
}
# ----------------------------------------------------------------------------
# Incoming SMTP
target.smtp forward_to_desktop {
targets tcp://mediocre-desktop.private-domain.com:25
}
smtp tcp://0.0.0.0:25 {
limits {
all rate 5 1s
all concurrency 2
}
dmarc yes
check {
require_mx_record
dkim
spf
}
source $(local_domains) {
reject 501 5.1.8 "Use Submission for outgoing SMTP"
}
default_source {
destination postmaster $(local_domains) {
deliver_to &forward_to_desktop
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
}