Maddy Mail Server - default configuration file (2021-03-07)
Suitable for small-scale deployments. Uses its own format for local users DB,
should be managed via maddyctl utility.
See tutorials at https://maddy.email for guidance on typical
configuration changes.
See manual pages (also available at https://maddy.email) for reference
documentation.
----------------------------------------------------------------------------
Base variables
state_dir ${stateDir}
$(hostname) = mx.mydomain.com
hostname $(hostname)
$(primary_domain) = mydomain.com
$(local_domains) = $(primary_domain)
tls file /etc/letsencrypt/live/$(hostname)/fullchain.pem /etc/letsencrypt/live/$(hostname)/privkey.pem
----------------------------------------------------------------------------
Local storage & authentication
pass_table provides local hashed passwords storage for authentication of
users. It can be configured to use any "table" module, in default
configuration a table in SQLite DB is used.
Table can be replaced to use e.g. a file for passwords. Or pass_table module
can be replaced altogether to use some external source of credentials (e.g.
PAM, /etc/shadow file).
If table module supports it (sql_table does) - credentials can be managed
using 'maddyctl creds' command.
TODO replace with a static table with password hashes stored in the
config, if possible
auth.pass_table local_authdb {
table sql_table {
driver sqlite3
dsn credentials.db
table_name passwords
}
}
----------------------------------------------------------------------------
Outgoing SMTP
target.remote outbound_delivery {
mx_auth {
dane
mtasts {
cache fs
fs_dir mtasts_cache/
}
local_policy {
min_tls_level encrypted
min_mx_level none
}
}
}
submission tcp://0.0.0.0:587 {
auth &local_authdb
insecure_auth true
modify {
dkim $(primary_domain) $(local_domains) default
}
deliver_to &outbound_delivery
}
----------------------------------------------------------------------------
Incoming SMTP
target.smtp forward_to_desktop {
targets tcp://mediocre-desktop.private-domain.com:25
}
smtp tcp://0.0.0.0:25 {
limits {
all rate 5 1s
all concurrency 2
}
dmarc yes
check {
require_mx_record
dkim
spf
}
source $(local_domains) {
reject 501 5.1.8 "Use Submission for outgoing SMTP"
}
default_source {
destination postmaster $(local_domains) {
deliver_to &forward_to_desktop
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
}