# MailerSend SMTP Credentials Secret for Mailu # # This secret stores MailerSend credentials for outbound email relay. # Mailu uses MailerSend as an external SMTP relay to send all outbound emails. # # ============================================================================ # HOW TO CONFIGURE: # ============================================================================ # # 1. Go to https://accounts.mailersend.com/signup and create an account # # 2. Add and verify your domain: # - For dev: bakery-ia.dev # - For prod: bakewise.ai # - Go to Email -> Domains -> Add domain # - Follow the DNS verification steps (add TXT records) # # 3. Generate SMTP credentials: # - Go to Email -> Domains -> Click on your domain # - Go to SMTP section # - Click "Generate new user" # - Save the generated username and password # # 4. Note your SMTP credentials: # - SMTP hostname: smtp.mailersend.net # - Port: 587 (TLS/STARTTLS) # - Username: generated by MailerSend (e.g., MS_xxxxxx@trial-xxxxx.mlsender.net) # - Password: generated SMTP password # # 5. Replace the placeholder values below with your credentials # # 6. Apply this secret: # kubectl apply -f mailersend-credentials-secret.yaml -n bakery-ia # # ============================================================================ # IMPORTANT NOTES: # ============================================================================ # # - MailerSend requires TLS 1.2 or higher (supported by default) # - SMTP credentials are account-wide (work for any verified domain) # - Free tier: 3,000 emails/month (12,000 with verified domain) # - Rate limit: 120 requests/minute # # ============================================================================ # CRITICAL: AFTER UPDATING THIS SECRET # ============================================================================ # # Mailu's Postfix reads SASL credentials ONLY at pod startup. It does NOT # automatically reload when this secret changes. You MUST do one of: # # Option 1: Update the credentials-version annotation in values.yaml and run helm upgrade # - Edit prod/values.yaml: postfix.podAnnotations.credentials-version # - Set to current timestamp: date +%s # - Run: helm upgrade mailu mailu/mailu -f values.yaml -f prod/values.yaml -n bakery-ia # # Option 2: Manually restart Postfix pod # kubectl rollout restart deployment/mailu-postfix -n bakery-ia # # Option 3: Delete the Postfix pod (it will be recreated) # kubectl delete pod -l app.kubernetes.io/component=postfix -n bakery-ia # # ============================================================================ # DNS RECORDS REQUIRED FOR MAILERSEND: # ============================================================================ # # Add these DNS records to your domain (Cloudflare) for proper email delivery: # # 1. SPF Record (TXT): # Name: @ # Value: v=spf1 include:mailersend.net ~all # # 2. DKIM Records (TXT): # MailerSend will provide DKIM keys after domain verification # Typically: mlsend._domainkey and mlsend2._domainkey # (check your MailerSend domain settings for exact values) # # 3. DMARC Record (TXT): # Name: _dmarc # Value: v=DMARC1; p=quarantine; rua=mailto:admin@bakewise.ai # # 4. MX Records (for receiving mail via Mailu): # Priority 10: mail.bakewise.ai # # 5. A Record: # Name: mail # Value: # # ============================================================================ --- apiVersion: v1 kind: Secret metadata: name: mailu-mailersend-credentials namespace: bakery-ia labels: app: mailu component: external-relay annotations: description: "MailerSend SMTP credentials for Mailu external relay" type: Opaque stringData: # ============================================================================ # REPLACE THESE VALUES WITH YOUR MAILERSEND CREDENTIALS # ============================================================================ # Key names match Mailu Helm chart defaults (relay-username, relay-password) # relay-username: "MS_d34ZtW@bakewise.ai" relay-password: "mssp.Z6GRHQ8.zr6ke4nvq6egon12.IDyvEi7"