# Postfix MTA for the Messages email platform. # # MTA-out: accepts SMTP from cluster-internal services (Kratos, Messages Django), # signs with DKIM, and relays outbound via Scaleway TEM. # # MTA-in: receives inbound email from the internet (routed via Pingora on port 25). # In local dev, no MX record points here so inbound never arrives. # # Credentials: Secret "postfix-tem-credentials" with keys: # smtp_user — Scaleway TEM SMTP username (project ID) # smtp_password — Scaleway TEM SMTP password (API key) # # DKIM keys: Secret "postfix-dkim" with key: # private.key — DKIM private key for sunbeam.pt (generated once; add DNS TXT record) # selector — DKIM selector (e.g. "mail") # apiVersion: apps/v1 kind: Deployment metadata: name: postfix namespace: lasuite spec: replicas: 1 selector: matchLabels: app: postfix template: metadata: labels: app: postfix spec: automountServiceAccountToken: false containers: - name: postfix image: boky/postfix:latest ports: - name: smtp containerPort: 25 protocol: TCP env: # Accept mail from all cluster-internal pods. - name: MYNETWORKS value: "10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 127.0.0.0/8" # Sending domain — replaced by sed at deploy time. - name: ALLOWED_SENDER_DOMAINS value: "DOMAIN_SUFFIX" # Scaleway TEM outbound relay. - name: RELAYHOST value: "[smtp.tem.scw.cloud]:587" - name: SASL_USER valueFrom: secretKeyRef: name: postfix-tem-credentials key: smtp_user optional: true # allows pod to start before secret exists - name: SASL_PASSWORD valueFrom: secretKeyRef: name: postfix-tem-credentials key: smtp_password optional: true resources: limits: memory: 64Mi requests: memory: 32Mi cpu: 10m --- apiVersion: v1 kind: Service metadata: name: postfix namespace: lasuite spec: selector: app: postfix ports: - name: smtp port: 25 targetPort: 25 protocol: TCP