💾 Archived View for mediocregopher.com › assets › maddy-vultr.conf captured on 2023-04-19 at 22:31:33.

View Raw

More Information

⬅️ Previous capture (2023-03-20)

➡️ Next capture (2023-09-08)

-=-=-=-=-=-=-

## Maddy Mail Server - default configuration file (2021-03-07)
# Suitable for small-scale deployments. Uses its own format for local users DB,
# should be managed via maddyctl utility.
#
# See tutorials at https://maddy.email for guidance on typical
# configuration changes.
#
# See manual pages (also available at https://maddy.email) for reference
# documentation.

# ----------------------------------------------------------------------------
# Base variables

state_dir ${stateDir}
$(hostname) = mx.mydomain.com
hostname $(hostname)

$(primary_domain) = mydomain.com
$(local_domains) = $(primary_domain)

tls file /etc/letsencrypt/live/$(hostname)/fullchain.pem /etc/letsencrypt/live/$(hostname)/privkey.pem

# ----------------------------------------------------------------------------
# Local storage & authentication

# pass_table provides local hashed passwords storage for authentication of
# users. It can be configured to use any "table" module, in default
# configuration a table in SQLite DB is used.
# Table can be replaced to use e.g. a file for passwords. Or pass_table module
# can be replaced altogether to use some external source of credentials (e.g.
# PAM, /etc/shadow file).
#
# If table module supports it (sql_table does) - credentials can be managed
# using 'maddyctl creds' command.

# TODO replace with a static table with password hashes stored in the
# config, if possible
auth.pass_table local_authdb {
    table sql_table {
        driver sqlite3
        dsn credentials.db
        table_name passwords
    }
}

# ----------------------------------------------------------------------------
# Outgoing SMTP

target.remote outbound_delivery {

    mx_auth {
        dane
        mtasts {
            cache fs
            fs_dir mtasts_cache/
        }
        local_policy {
            min_tls_level encrypted
            min_mx_level none
        }
    }

}

submission tcp://0.0.0.0:587 {

    auth &local_authdb
    insecure_auth true

    modify {
        dkim $(primary_domain) $(local_domains) default
    }

    deliver_to &outbound_delivery
}

# ----------------------------------------------------------------------------
# Incoming SMTP

target.smtp forward_to_desktop {
  targets tcp://mediocre-desktop.private-domain.com:25
}

smtp tcp://0.0.0.0:25 {

    limits {
        all rate 5 1s
        all concurrency 2
    }

    dmarc yes

    check {
        require_mx_record
        dkim
        spf
    }

    source $(local_domains) {
        reject 501 5.1.8 "Use Submission for outgoing SMTP"
    }

    default_source {

        destination postmaster $(local_domains) {
            deliver_to &forward_to_desktop
        }

        default_destination {
            reject 550 5.1.1 "User doesn't exist"
        }
    }
}