diff --git a/charts/mok/Chart.yaml b/charts/mok/Chart.yaml
index cf23cbfbb54f0dedb2a124d218d8bbdadc723d40..2db9d72ff12596124d10763377460ba94f6a9065 100644
--- a/charts/mok/Chart.yaml
+++ b/charts/mok/Chart.yaml
@@ -3,7 +3,7 @@ name: mok
description: |
Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that runs without a database server on Kubernetes, taking advantage of configmaps and secret.
type: application
-version: 0.10.9
+version: 0.11.0
sources:
- https://de.postfix.org/ftpmirror/index.html
- https://github.com/dovecot/core
diff --git a/charts/mok/README.md b/charts/mok/README.md
index d843f94224274cc7839e29ac5126cf11bfe41fe5..9dab7bc73418b7a85a572ac96fc942b9be333cf0 100644
--- a/charts/mok/README.md
+++ b/charts/mok/README.md
@@ -1,6 +1,6 @@
# mok
- 
+ 
Mail on Kubernetes (MoK) is a project to deploy a functional mailserver that runs without a database server on Kubernetes, taking advantage of configmaps and secret.
diff --git a/charts/mok/templates/postfix-config.yaml b/charts/mok/templates/postfix-config.yaml
index 32d2db47f504b8285742ccf7b8a8c39e32d2fa74..fabf83b41360970ca9800bcfeb8e553196dbdf8b 100644
--- a/charts/mok/templates/postfix-config.yaml
+++ b/charts/mok/templates/postfix-config.yaml
@@ -304,7 +304,7 @@ data:
# check_recipient_access pgsql:/srv/tmp/recipient-access.cf
# check_client_access cidr:/srv/config/access_client,
# check_helo_access btree:/srv/config/access_helo,
- # check_sender_access btree:/srv/config/access_sender,
+ check_sender_access lmdb:/srv/tmp/access_sender,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
diff --git a/charts/mok/templates/secret.yaml b/charts/mok/templates/secret.yaml
index b710d88e2d64cf89987b29567088585a4f67ede8..f88f18546836ad0afce479adc2354d5db18ce45c 100644
--- a/charts/mok/templates/secret.yaml
+++ b/charts/mok/templates/secret.yaml
@@ -32,6 +32,21 @@ stringData:
{{- end }}
{{- end }}
{{- end }}
+ access_sender: |
+ {{- $domainList := list }}
+ {{- range $domain,$config := .Values.domains }}
+ {{- $domainList = (append $domainList $domain | uniq) }}
+ {{- range $config.users }}
+ {{- $username := .name }}
+ {{- range .aliases }}
+ {{- $domainList = (append $domainList (regexFind "@.*" .) | uniq) }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+
+ {{- range $domainList }}
+ {{ trimPrefix "@" . }} REJECT
+ {{- end }}
domains: |
{{- $domainList := list }}
{{- range $domain,$config := .Values.domains }}
diff --git a/charts/mok/tests/__snapshot__/domains_test.yaml.snap b/charts/mok/tests/__snapshot__/domains_test.yaml.snap
index 3b58bb924686d5ccabe3dec0b02435f6b2b132a3..4909af5a2fb3ab730efad27149fa588bb2bb6849 100644
--- a/charts/mok/tests/__snapshot__/domains_test.yaml.snap
+++ b/charts/mok/tests/__snapshot__/domains_test.yaml.snap
@@ -26,6 +26,10 @@ keeps stays the same:
helm.sh/chart: mok-1.2.3
name: RELEASE-NAME-mok-postfix-maps
stringData:
+ access_sender: |
+ example.com REJECT
+ example.net REJECT
+ example.info REJECT
aliases: |
steve@example.net john@example.com
@example.info john@example.com
diff --git a/charts/mok/tests/__snapshot__/dovecot_test.yaml.snap b/charts/mok/tests/__snapshot__/dovecot_test.yaml.snap
index e23581c401219dcf43e7b899e3f175ad3d67768c..dedef714825dcd54e7385bffd4cbc154fc3926c5 100644
--- a/charts/mok/tests/__snapshot__/dovecot_test.yaml.snap
+++ b/charts/mok/tests/__snapshot__/dovecot_test.yaml.snap
@@ -79,7 +79,7 @@ should match snapshot:
template:
metadata:
annotations:
- checksum/config: 8169e727a431edd14dee881a9db5779aa38f2dad6008da57bf280862cfed621c
+ checksum/config: 4a9a25e04ee01efbca95ac61fbbeb7adc3623a3494e86cd91f2b0cabc281f936
labels:
app.kubernetes.io/component: dovecot
app.kubernetes.io/instance: RELEASE-NAME
@@ -192,6 +192,7 @@ should match snapshot:
helm.sh/chart: mok-1.2.3
name: RELEASE-NAME-mok-postfix-maps
stringData:
+ access_sender: ""
aliases: ""
domains: ""
header_checks: |
diff --git a/charts/mok/tests/__snapshot__/postfix_test.yaml.snap b/charts/mok/tests/__snapshot__/postfix_test.yaml.snap
index deaf8686759d6a3c4b240a9494bca8cd64f7a5e8..11c748d043ac0a4c3a2cf630238abec88475a17f 100644
--- a/charts/mok/tests/__snapshot__/postfix_test.yaml.snap
+++ b/charts/mok/tests/__snapshot__/postfix_test.yaml.snap
@@ -113,7 +113,7 @@ should match snapshot:
# check_recipient_access pgsql:/srv/tmp/recipient-access.cf
# check_client_access cidr:/srv/config/access_client,
# check_helo_access btree:/srv/config/access_helo,
- # check_sender_access btree:/srv/config/access_sender,
+ check_sender_access lmdb:/srv/tmp/access_sender,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
@@ -418,8 +418,8 @@ should match snapshot:
template:
metadata:
annotations:
- checksum/config: 7957f3df6d998c42c57e91d61ff347f0fcc9d0f89b3d09b5716f60c019b7528c
- checksum/secret: 8169e727a431edd14dee881a9db5779aa38f2dad6008da57bf280862cfed621c
+ checksum/config: ae779e82df8eab92d5ed337c3cae34b82ea65cc7e11637e47b3f91cf130e8de9
+ checksum/secret: 4a9a25e04ee01efbca95ac61fbbeb7adc3623a3494e86cd91f2b0cabc281f936
labels:
app.kubernetes.io/component: postfix
app.kubernetes.io/instance: RELEASE-NAME
@@ -663,6 +663,7 @@ should match snapshot:
helm.sh/chart: mok-1.2.3
name: RELEASE-NAME-mok-postfix-maps
stringData:
+ access_sender: ""
aliases: ""
domains: ""
header_checks: |
diff --git a/charts/mok/tests/__snapshot__/relay_test.yaml.snap b/charts/mok/tests/__snapshot__/relay_test.yaml.snap
index 339525ec533f93675dbae1ee3b03b071047f40bc..dd9f02e9b50be689d8e88663e966742f68716a25 100644
--- a/charts/mok/tests/__snapshot__/relay_test.yaml.snap
+++ b/charts/mok/tests/__snapshot__/relay_test.yaml.snap
@@ -25,6 +25,7 @@ keeps stays the same:
helm.sh/chart: mok-1.2.3
name: RELEASE-NAME-mok-postfix-maps
stringData:
+ access_sender: ""
aliases: ""
domains: ""
header_checks: |
diff --git a/charts/mok/tests/dovecot_test.yaml b/charts/mok/tests/dovecot_test.yaml
index 4c3c75825410b48ac28f2e3b7e5230514e34342a..7b4f890d8bc0c402131ed97a74c3ef7d7481cc9b 100644
--- a/charts/mok/tests/dovecot_test.yaml
+++ b/charts/mok/tests/dovecot_test.yaml
@@ -97,7 +97,7 @@ tests:
asserts:
- equal:
path: spec.template.metadata.annotations["checksum/config"]
- value: 8169e727a431edd14dee881a9db5779aa38f2dad6008da57bf280862cfed621c
+ value: 4a9a25e04ee01efbca95ac61fbbeb7adc3623a3494e86cd91f2b0cabc281f936
documentIndex: 2
template: dovecot.yaml
- it: has a changing config hash for auto-reload
@@ -114,7 +114,7 @@ tests:
asserts:
- equal:
path: spec.template.metadata.annotations["checksum/config"]
- value: 6ee744494b7b05190228983d6f941dbf677e8211991a887c2995597942e7eedf
+ value: 62bd4dba04cb98321727fed0c6f6885e1144139422581895130e64ecad6f6ab2
documentIndex: 2
template: dovecot.yaml
- it: scales with replicaCount
diff --git a/charts/mok/tests/postfix_test.yaml b/charts/mok/tests/postfix_test.yaml
index a784202840929cb560971cf0f693e440bf9f6c04..4fada3b54d210dcb7f7e9790d83ad2c8e17a5dba 100644
--- a/charts/mok/tests/postfix_test.yaml
+++ b/charts/mok/tests/postfix_test.yaml
@@ -84,7 +84,7 @@ tests:
asserts:
- equal:
path: spec.template.metadata.annotations["checksum/secret"]
- value: 8169e727a431edd14dee881a9db5779aa38f2dad6008da57bf280862cfed621c
+ value: 4a9a25e04ee01efbca95ac61fbbeb7adc3623a3494e86cd91f2b0cabc281f936
documentIndex: 1
template: postfix.yaml
- it: has a changing config hash for auto-reload
@@ -101,7 +101,7 @@ tests:
asserts:
- equal:
path: spec.template.metadata.annotations["checksum/secret"]
- value: 6ee744494b7b05190228983d6f941dbf677e8211991a887c2995597942e7eedf
+ value: 62bd4dba04cb98321727fed0c6f6885e1144139422581895130e64ecad6f6ab2
documentIndex: 1
template: postfix.yaml
- it: has a PDB by default if the replica count is > 1