wrenix/helm-charts
1
0
Fork 0
Code Issues 8 Pull requests 8 Projects Packages Activity

fix(stalwart-mail): update AppVersion to v0.7.2

Browse source
This commit is contained in:
Renovate Bot 2024-03-09 10:09:48 +00:00 committed by WrenIX
parent 13fff2b85e
commit ca4fe6f75f
Signed by: wrenix
GPG key ID: 7AFDB012974B1BB5
7 changed files with 103 additions and 690 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
stalwart-mail/Chart.yaml
View file

@ -3,9 +3,9 @@ name: stalwart-mail
description: Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IMAP, JMAP, SMTP) description: Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IMAP, JMAP, SMTP)
icon: https://stalw.art/home/apple-touch-icon.png icon: https://stalw.art/home/apple-touch-icon.png
type: application type: application
version: 0.0.2 version: 0.0.3
# renovate: image=docker.io/stalwartlabs/mail-server # renovate: image=docker.io/stalwartlabs/mail-server
appVersion: "0.5.3" appVersion: "0.7.2"
maintainers: maintainers:
- name: WrenIX - name: WrenIX
url: https://wrenix.eu url: https://wrenix.eu

10
stalwart-mail/templates/configmap.yaml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "stalwart-mail.fullname" . }}
labels:
{{- include "stalwart-mail.labels" . | nindent 4 }}
data:
"config.toml": |
{{- toToml .Values.config | replace ".0\n" "\n" | nindent 4 }}

18
stalwart-mail/templates/deployment.yaml
View file

@ -14,7 +14,8 @@ spec:
template: template:
metadata: metadata:
annotations: annotations:
confighash: {{ toYaml .Values.config | sha256sum | trunc 32 }} config-hash: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
secret-env-hash: {{ include (print $.Template.BasePath "/secrets-env.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }} {{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
@ -39,6 +40,13 @@ spec:
image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}" image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}"
imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }} imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
{{- end }} {{- end }}
{{- with .Values.env }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
envFrom:
- secretRef:
name: {{ include "stalwart-mail.fullname" . }}-env
ports: ports:
{{- range $name, $port := .Values.service.ports }} {{- range $name, $port := .Values.service.ports }}
- name: {{ $name }} - name: {{ $name }}
@ -62,9 +70,7 @@ spec:
- name: config - name: config
mountPath: "/opt/stalwart-mail/etc/config.toml" mountPath: "/opt/stalwart-mail/etc/config.toml"
subPath: "config.toml" subPath: "config.toml"
- name: config readOnly: true
mountPath: "/opt/stalwart-mail/etc/dkim/private.key"
subPath: "dkim.key"
{{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }} {{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }}
- name: certificate - name: certificate
mountPath: "/opt/stalwart-mail/etc/certs" mountPath: "/opt/stalwart-mail/etc/certs"
@ -74,8 +80,8 @@ spec:
{{- end }} {{- end }}
volumes: volumes:
- name: "config" - name: "config"
secret: configMap:
secretName: {{ include "stalwart-mail.fullname" . }} name: {{ include "stalwart-mail.fullname" . }}
{{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }} {{- if or .Values.certificate.secretName .Values.certificate.certmanager.enabled }}
- name: certificate - name: certificate
secret: secret:

11
stalwart-mail/templates/secrets-env.yaml Normal file
View file

@ -0,0 +1,11 @@
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "stalwart-mail.fullname" . }}-env
labels:
{{- include "stalwart-mail.labels" . | nindent 4 }}
data:
{{- range $key, $value := .Values.secrets.env }}
{{ $key }}: {{ $value | b64enc }}
{{- end }}

20
stalwart-mail/templates/secrets.yaml
View file

@ -1,20 +0,0 @@
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "stalwart-mail.fullname" . }}
labels:
{{- include "stalwart-mail.labels" . | nindent 4 }}
annotations:
confighash: {{ toYaml .Values.config | sha256sum | trunc 32 }}
data:
"config.toml": {{ regexReplaceAll
"trusted-networks = \\[(.*)\\]"
(
toToml .Values.config
| replace ".0\n" "\n"
| replace "fts-table-duplicated-workaround" "fts"
)
"trusted-networks = {${1}}"
| b64enc }}
"dkim.key": {{ genPrivateKey "rsa" | b64enc }}

4
stalwart-mail/templates/traefik.yaml
View file

@ -9,10 +9,10 @@ spec:
entryPoints: entryPoints:
- {{ $entryport }} - {{ $entryport }}
routes: routes:
- match: HostSNI(`{{ $.Values.config.macros.host }}`) - match: HostSNI(`{{ $.Values.traefik.host }}`)
services: services:
- name: {{ include "stalwart-mail.fullname" $ }} - name: {{ include "stalwart-mail.fullname" $ }}
port: {{ $port}} port: {{ $port }}
proxyProtocol: proxyProtocol:
version: 2 version: 2
tls: tls:

724
stalwart-mail/values.yaml
View file

@ -21,701 +21,105 @@ imagePullSecrets: []
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
##
# Configuration of stalwart mail-server
# defaults taken from: https://github.com/stalwartlabs/mail-server/tree/6aeadb9cda301ec5f210d8e8390515e6292592fa/resources/config
#
# files import completed:
# - config.toml
# - common/*.toml
# - imap/*.toml
#
##
config: config:
##
# macros
##
# -- macros (from: config.toml)
macros:
host: "__HOST__"
default_domain: "__DOMAIN__"
default_directory: "memory"
default_store: "sqlite"
##
# global
##
global:
shared-map:
# -- global shared-map capacity (from: common/server.toml)
capacity: 10
# -- global shared-map shard (from: common/server.toml)
shard: 32
# -- global thead-pool (from: common/server.toml)
thread-pool:
# -- global tracing (from: common/tracing.toml)
tracing:
method: "stdout"
level: "info"
##
# server
##
server: server:
# -- server hostname (from: common/server.toml)
hostname: "%{HOST}%"
security:
# -- server security blocked-networks (from: common/server.toml)
blocked-networks: {}
# -- server security fail2ban (from: common/server.toml)
fail2ban: "100/1d"
run-as:
# -- server run-as user (from: common/server.toml)
user: "stalwart-mail"
# -- server run-as group (from: common/server.toml)
group: "stalwart-mail"
socket:
# -- server socket nodelay (from: common/server.toml)
nodelay: true
# -- server socket reuse-addr (from: common/server.toml)
reuse-addr: true
# -- server socket reuse-port (from: common/server.toml)
reuse-port: false
# -- server socket backlog (from: common/server.toml)
backlog: 1024
# -- server socket ttl (from: common/server.toml)
ttl: 3600
# -- server socket send-buffer-size (from: common/server.toml)
send-buffer-size: 65535
# -- server socket recv-buffer-size (from: common/server.toml)
recv-buffer-size: 65535
# -- server socket linger (from: common/server.toml)
linger: 1
# -- server socket tos (from: common/server.toml)
tos: 1
tls:
# -- server tls enable (from: common/tls.toml)
enable: true
# -- server tls implicit (from: common/tls.toml)
implicit: false
# -- server tls timeout (from: common/tls.toml)
timeout: "1m"
# -- server tls certificate (from: common/tls.toml)
certificate: "default"
# -- server tls acme (from: common/tls.toml)
# example: "letsencrypt"
acme:
# -- server tls sni (from: common/tls.toml)
# example: [{subject: "", certificate: ""}]
sni:
# -- server tls protocols (from: common/tls.toml)
# example: ["TLSv1.2", "TLSv1.3"]
protocols:
# -- server tls #ciphers (from: common/tls.toml)
# example: [ "TLS13_AES_256_GCM_SHA384", "TLS13_AES_128_GCM_SHA256",
# "TLS13_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
# "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
# "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
# "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"]
ciphers:
# -- server tls ignore-client-order (from: common/tls.toml)
ignore-client-order: true
# -- server listener
listener: listener:
smtp: smtp:
protocol: "smtp"
bind: ["[::]:25"] bind: ["[::]:25"]
smtp-submission:
protocol: "smtp" protocol: "smtp"
submission:
bind: ["[::]:587"] bind: ["[::]:587"]
smtps:
protocol: "smtp" protocol: "smtp"
submissions:
bind: ["[::]:465"] bind: ["[::]:465"]
protocol: "smtp"
tls: tls:
implicit: true implicit: true
# -- server listener with name imap (from: imap/listener.toml)
imap: imap:
bind: ["[::]:143"] bind: ["[::]:143"]
protocol: "imap" protocol: "imap"
imaptls:
# -- server listener with name imaps (from: imap/listener.toml)
imaps:
bind: ["[::]:993"] bind: ["[::]:993"]
protocol: "imap" protocol: "imap"
tls: tls:
implicit: true implicit: true
# -- server listener with name sieve (from: imap/listener.toml)
sieve: sieve:
bind: ["[::]:4190"] bind: ["[::]:4190"]
protocol: "managesieve" protocol: "managesieve"
https:
protocol: "http"
bind: ["[::]:80"]
tls: tls:
implicit: true implicit: true
# -- jmap/listener.yaml run-as:
http: # -- server run-as user
protocol: "jmap" user: "stalwart-mail"
bind: ["[::]:80"] # -- server run-as group
url: "https://%{HOST}%" group: "stalwart-mail"
##
# sieve
##
sieve:
untrusted:
# -- sieve untrusted disable-capabilities (from: common/sieve.toml)
disable-capabilities: []
# -- sieve untrusted notification-uris (from: common/sieve.toml)
notification-uris: ["mailto"]
# -- sieve untrusted protected-headers (from: common/sieve.toml)
protected-headers: ["Original-Subject", "Original-From", "Received", "Auto-Submitted"]
limits:
# -- sieve untrusted limit name-length (from: common/sieve.toml)
name-length: 512
# -- sieve untrusted limit max-scripts (from: common/sieve.toml)
max-scripts: 256
# -- sieve untrusted limit script-size (from: common/sieve.toml)
script-size: 102400
# -- sieve untrusted limit string-length (from: common/sieve.toml)
string-length: 4096
# -- sieve untrusted limit variable-name-length (from: common/sieve.toml)
variable-name-length: 32
# -- sieve untrusted limit variable-size (from: common/sieve.toml)
variable-size: 4096
# -- sieve untrusted limit nested-blocks (from: common/sieve.toml)
nested-blocks: 15
# -- sieve untrusted limit nested-tests (from: common/sieve.toml)
nested-tests: 15
# -- sieve untrusted limit nested-foreverypart (from: common/sieve.toml)
nested-foreverypart: 3
# -- sieve untrusted limit match-variables (from: common/sieve.toml)
match-variables: 30
# -- sieve untrusted limit local-variables (from: common/sieve.toml)
local-variables: 128
# -- sieve untrusted limit header-size (from: common/sieve.toml)
header-size: 1024
# -- sieve untrusted limit includes (from: common/sieve.toml)
includes: 3
# -- sieve untrusted limit nested-includes (from: common/sieve.toml)
nested-includes: 3
# -- sieve untrusted limit cpu (from: common/sieve.toml)
cpu: 5000
# -- sieve untrusted limit redirects (from: common/sieve.toml)
redirects: 1
# -- sieve untrusted limit received-headers (from: common/sieve.toml)
received-headers: 10
# -- sieve untrusted limit outgoing-messages (from: common/sieve.toml)
outgoing-messages: 3
vacation:
# -- sieve untrusted vacation default-subject (from: common/sieve.toml)
default-subject: "Automated reply"
# -- sieve untrusted vacation subject-prefix (from: common/sieve.toml)
subject-prefix: "Auto: "
default-expiry:
# -- sieve untrusted default-expiry vacation (from: common/sieve.toml)
vacation: "30d"
# -- sieve untrusted default-expiry duplicate (from: common/sieve.toml)
duplicate: "7d"
trusted:
# -- sieve trusted from-name (from: common/sieve.toml)
from-name: "Automated Message"
# -- sieve trusted from-addr (from: common/sieve.toml)
from-addr: "no-reply@%{DEFAULT_DOMAIN}%"
# -- sieve trusted return-path (from: common/sieve.toml)
return-path: ""
# -- sieve trusted hostname (from: common/sieve.toml)
hostname: "%{HOST}%"
# -- sieve trusted no-capability-check (from: common/sieve.toml)
no-capability-check: true
# -- sieve trusted sign (from: common/sieve.toml)
sign: ["rsa"]
limits:
# -- sieve trusted limits redirects (from: common/sieve.toml)
redirects: 3
# -- sieve trusted limits out-messages (from: common/sieve.toml)
out-messages: 5
# -- sieve trusted limits received-headers (from: common/sieve.toml)
received-headers: 50
# -- sieve trusted limits cpu (from: common/sieve.toml)
cpu: 1048576
# -- sieve trusted limits nested-includes (from: common/sieve.toml)
nested-includes: 5
# -- sieve trusted limits duplicate-expiry (from: common/sieve.toml)
duplicate-expiry: "7d"
scripts:
# -- sieve trusted scripts connect (from: common/sieve.toml)
connect:
# -- sieve trusted scripts ehlo (from: common/sieve.toml)
ehlo:
# -- sieve trusted scripts mail (from: common/sieve.toml)
mail:
##
# storage
##
storage: storage:
# -- storage data (from: common/store.toml) data: "rocksdb"
data: "%{DEFAULT_STORE}%" fts: "rocksdb"
# -- storage fts (from: common/store.toml) blob: "rocksdb"
# BROKEN / TODO lookup: "rocksdb"
# see: https://github.com/stalwartlabs/mail-server/issues/211 directory: "internal"
fts: "%{DEFAULT_STORE}%"
# -- storage blob (from: common/store.toml)
blob: "%{DEFAULT_STORE}%"
# -- storage lookup (from: common/store.toml)
lookup: "%{DEFAULT_STORE}%"
# -- storage directory (from: common/store.toml)
directory: "%{DEFAULT_DIRECTORY}%"
encryption:
# -- storage encryption enable (from: common/store.toml)
enable: true
# -- storage encryption append (from: common/store.toml)
append: false
spam:
# -- storage spam header (from: common/store.toml)
header: "X-Spam-Status: Yes"
# BROKEN / TODO
# should be fts:
# see: https://github.com/stalwartlabs/mail-server/issues/211
fts-table-duplicated-workaround:
# -- storage - fts - default-language (from: common/store.toml)
default-language: "en"
cluster:
# -- storage - cluster - node-id (from: common/store.toml)
node-id:
##
# ACME
##
acme:
# -- acme with name letsencrypt (from: common/tls.toml)
letsencrypt:
# -- acme directory (from: common/tls.toml)
directory: "https://acme-v02.api.letsencrypt.org/directory"
# -- acme contact (from: common/tls.toml)
contact: ["postmaster@%{DEFAULT_DOMAIN}%"]
# -- acme cache (from: common/tls.toml)
cache: "/opt/stalwart-mail/etc/acme"
# -- acme port (from: common/tls.toml)
port: 443
# -- acme renew-before (from: common/tls.toml)
renew-before: "30d"
##
# certificate
##
certificate:
# -- certificate with name default (from: common/tls.toml)
default:
# -- certificate cert (from: common/tls.toml)
cert: "file:///opt/stalwart-mail/etc/certs/tls.crt"
# -- certificate private-key (from: common/tls.toml)
private-key: "file:///opt/stalwart-mail/etc/certs/tls.key"
##
# directory
##
directory:
# -- directory - with name memory (from: directory/internal.yaml)
memory:
type: memory
# -- overwrite me, if not wanted
disable: false
options:
catch-all: true
subaddressing: true
principals:
- type: "admin"
description: "Superuser"
name: "admin"
secret: "changeme"
mail:
- "postmaster@%{DEFAULT_DOMAIN}%"
##
# store
##
store: store:
rocksdb:
type: rocksdb
path: "/data"
compression: "lz4"
# -- store - with name sqlite directory:
sqlite: internal:
type: "sqlite" type: "internal"
# -- overwrite me, if not wanted store: "rocksdb"
disable: false
path: "/data/index.sqlite3"
purge:
frequency: "0 3 *"
query:
name: "SELECT name, type, secret, description, quota FROM accounts WHERE name = ? AND active = true"
members: "SELECT member_of FROM group_members WHERE name = ?"
recipients: "SELECT name FROM emails WHERE address = ?"
emails: "SELECT address FROM emails WHERE name = ? AND type != 'list' ORDER BY type DESC, address ASC"
verify: "SELECT address FROM emails WHERE address LIKE '%' || ? || '%' AND type = 'primary' ORDER BY address LIMIT 5"
expand: "SELECT p.address FROM emails AS p JOIN emails AS l ON p.name = l.name WHERE p.type = 'primary' AND l.address = ? AND l.type = 'list' ORDER BY p.address LIMIT 50"
domains: "SELECT 1 FROM emails WHERE address LIKE '%@' || ? LIMIT 1"
# -- store - with name fs tracer:
fs: otel:
type: "fs" enable: false
# -- overwrite me, if not wanted type: "open-telemetry"
disable: false level: "info"
path: "/data/blobs" # -- grpc or http
depth: 2 transport: "grpc"
purge: endpoint: "https://127.0.0.1/otel"
frequency: "0 3 *" # -- headers for usage with http (e.g. 'Authorization: <place_auth_here>')
headers: []
stdout:
enable: true
type: "stdout"
level: "info"
ansi: false
##
# OAuth
##
oauth:
# -- oauth - key
key: "__OAUTH_KEY__"
# -- oauth - auth
auth: auth:
max-attempts: 3
# -- oauth - expiry
expiry:
user-code: "30m"
auth-code: "10m"
token: "1h"
refresh-token: "30d"
refresh-token-renew: "4d"
# -- oauth - cache
cache:
size: 128
##
# SMTP configuration (smtp/*.yaml)
##
##
# query (from: smtp/queue.yaml)
##
queue:
# -- queue-path
path: "/data/queue"
# -- queue-hash
hash: 64
# -- queue-schedule
schedule:
retry: ["2m", "5m", "10m", "15m", "30m", "1h", "2h"]
notify: ["1d", "3d"]
expire: "5d"
# -- queue-outbound
outbound:
# hostname: "%{HOST}%"
next-hop:
- if: "rcpt-domain"
in-list: "%{DEFAULT_DIRECTORY}%/domains"
then: "local"
- else: false
ip-strategy: "ipv4-then-ipv6"
tls:
dane: "optional"
mta-sts: "optional"
starttls: "require"
allow-invalid-certs: false
limits:
mx: 7
multihomed: 2
timeouts:
connect: "3m"
greeting: "3m"
tls: "2m"
ehlo: "3m"
mail-from: "3m"
rcpt-to: "3m"
data: "10m"
mta-sts: "2m"
##
# Report (from: smtp/report.yaml)
##
report:
# -- report-path
path: "/data/reports"
# -- report-hash
hash: 64
# submitter: "%{HOST}%"
# -- report-analysis
analysis:
addresses: ["dmarc@*", "abuse@*", "postmaster@*"]
forward: true
# store: "/data/incoming"
# -- report-dsn
dsn:
from-name: "Mail Delivery Subsystem"
from-address: "MAILER-DAEMON@%{DEFAULT_DOMAIN}%"
sign: ["rsa"]
# -- report-dkim
dkim: dkim:
from-name: "Report Subsystem" # -- auth rule for signing with dkim
from-address: "noreply-dkim@%{DEFAULT_DOMAIN}%" # @section -- DKIM
subject: "DKIM Authentication Failure Report" sign:
sign: ["rsa"] - if: "listener != 'smtp'"
send: "1/1d" then: "['rsa', 'ed25519']"
- else: false
# -- verify of dkim signature (relaxed, strict, disable)
# @section -- DKIM
verify: "relaxed"
# -- report-spf authentication:
spf: fallback-admin:
from-name: "Report Subsystem" # -- username for fallback authentfication
from-address: "noreply-spf@%{DEFAULT_DOMAIN}%" # @section -- Authentification
subject: "SPF Authentication Failure Report" user: "admin"
send: "1/1d" # -- password for fallback authentfication (use env for store in secrets of kubernetes)
sign: ["rsa"] # @section -- Authentification
secret: "%{env:FALLBACK_ADMIN_SECRET}%"
# -- report-dmarc secrets:
dmarc: env:
from-name: "Report Subsystem" # -- password for fallback authentfication (env)
from-address: "noreply-dmarc@%{DEFAULT_DOMAIN}%" # @section -- Authentification
subject: "DMARC Authentication Failure Report" FALLBACK_ADMIN_SECRET: supersecret
send: "1/1d"
sign: ["rsa"]
aggregate:
from-name: "DMARC Report"
from-address: "noreply-dmarc@%{DEFAULT_DOMAIN}%"
org-name: "%{DEFAULT_DOMAIN}%"
# contact-info: ""
send: "daily"
# -- default: 25 mb
max-size: 26214400
sign: ["rsa"]
# -- report-tls
tls:
aggregate:
from-name: "TLS Report"
from-address: "noreply-tls@%{DEFAULT_DOMAIN}%"
org-name: "%{DEFAULT_DOMAIN}%"
# contact-info: ""
send: "daily"
# -- default: 25 mb
max-size: 26214400
sign: ["rsa"]
##
# resolver (from: smtp/resolver.yaml)
##
resolver:
# -- resolver-type
type: "system"
# -- resolver-preserve-intermediates
preserve-intermediates: true
# -- resolver-concurrency
concurrency: 2
# -- resolver-timeout
timeout: "5s"
# -- resolver-attempts
attempts: 2
# -- resolver-try-tcp-on-error
try-tcp-on-error: true
# -- resolver-public-suffix
public-suffix:
- "https://publicsuffix.org/list/public_suffix_list.dat"
- "file:///opt/stalwart-mail/etc/spamfilter/maps/suffix_list.dat.gz"
# -- resolver-cache
cache:
txt: 2048
mx: 1024
ipv4: 1024
ipv6: 1024
ptr: 1024
tlsa: 1024
mta-sts: 1024
##
# signature (from: smtp/signature.yaml)
##
signature:
# -- signature-rsa
rsa:
# public-key: "file://opt/stalwart-mail/etc/dkim/%{DEFAULT_DOMAIN}%.cert"
private-key: "file://opt/stalwart-mail/etc/dkim/private.key"
domain: "%{DEFAULT_DOMAIN}%"
selector: "stalwart"
headers: ["From", "To", "Date", "Subject", "Message-ID"]
algorithm: "rsa-sha256"
canonicalization: "relaxed/relaxed"
# expire: "10d"
# third-party: ""
# third-party-algo: ""
# auid: ""
set-body-length: false
report: true
##
# IMAP
##
imap:
request:
# -- imap request max-size (from: imap/settings.toml)
max-size: 52428800
auth:
# -- imap auth max-failures(from: imap/settings.toml)
max-failures: 3
# -- imap auth allow-plain-text (from: imap/settings.toml)
allow-plain-text: false
folders:
name:
# -- imap folders name shared (from: imap/settings.toml)
shared: "Shared Folders"
timeout:
# -- imap timeout authenticated (from: imap/settings.toml)
authenticated: "30m"
# -- imap timeout anonymous (from: imap/settings.toml)
anonymous: "1m"
# -- imap timeout idle (from: imap/settings.toml)
idle: "30m"
rate-limit:
# -- imap rate-limit requests (from: imap/settings.toml)
requests: "2000/1m"
# -- imap rate-limit concurrent (from: imap/settings.toml)
concurrent: 6
protocol:
# -- imap protocol uidplus (from: imap/settings.toml)
uidplus: false
##
# JMAP
##
jmap:
# -- jmap-directory (from: jmap/auth.yaml)
directory: "%{DEFAULT_DIRECTORY}%"
# -- jmap-session (from: jmap/auth.yaml)
session:
cache:
ttl: "1h"
size: 100
purge:
frequency: "0 3 *"
# -- jmap-protocol (from: jmap/protocol.yaml)
protocol:
get:
max-objects: 500
set:
max-objects: 500
request:
max-concurrent: 4
max-size: 10000000
max-calls: 16
query:
max-results: 5000
upload:
max-size: 50000000
max-concurrent: 4
ttl: "1h"
quota:
files: 1000
size: 50000000
changes:
max-results: 5000
# -- jmap-mailbox
mailbox:
max-depth: 10
max-name-length: 255
# -- jmap-email
email:
max-attachment-size: 50000000
max-size: 75000000
parse:
max-items: 10
# -- jmap-principal
principal:
allow-lookups: true
# -- jmap-push (from: jmap/push.yaml)
push:
max-total: 100
throttle: "1ms"
attempts:
interval: "1m"
max: 3
retry:
interval: "1s"
timeout:
request: "10s"
verify: "1s"
# -- jmap-event-source
event-source:
throttle: "1s"
# -- jmap-rate-limit (from: jmap/ratelimit.yaml)
rate-limit:
account: "1000/1m"
authentication: "10/1m"
anonymous: "100/1m"
use-forwarded: true
cache:
size: 1024
# -- jmap-web-sockets (from: jmap/websocket.yaml)
web-sockets:
throttle: "1s"
timeout: "10m"
heartbeat: "1m"
serviceAccount: serviceAccount:
# Specifies whether a service account should be created # Specifies whether a service account should be created
@ -731,6 +135,8 @@ serviceAccount:
podAnnotations: {} podAnnotations: {}
podLabels: {} podLabels: {}
env: []
podSecurityContext: {} podSecurityContext: {}
# fsGroup: 2000 # fsGroup: 2000