# Corrected Mailu Helm values to work with existing infrastructure # Domain configuration domain: bakery-ia.local hostnames: - mail.bakery-ia.local # Mailu version mailuVersion: "2024.06" secretKey: "cb61b934d47029a64117c0e4110c93f66bbcf5eaa15c84c42727fad78f7" # Timezone timezone: "Etc/UTC" # Postmaster configuration postmaster: "admin" # TLS configuration tls: flavor: "notls" # Since we're using ingress for TLS # Limits configuration limits: messageSizeLimitInMegabytes: 50 authRatelimit: ip: "60/hour" user: "100/day" messageRatelimit: value: "200/day" # External relay configuration (Mailgun) externalRelay: host: "[smtp.mailgun.org]:587" username: "postmaster@bakery-ia.local" password: "mailgun-api-key-replace-in-production" # Webmail configuration webmail: enabled: true flavor: "roundcube" # Antivirus and antispam configuration antivirus: enabled: false # Disabled in dev to save resources antispam: enabled: true flavor: "rspamd" # Welcome message welcomeMessage: enabled: false # Disabled during development # Logging logLevel: "DEBUG" # Network configuration subnet: "10.42.0.0/16" # Redis configuration - using external Redis (shared cluster Redis) externalRedis: enabled: true host: "redis-service" # Using the service name in the same namespace port: 6380 # Using plain TCP port for internal cluster communication adminQuotaDbId: 15 adminRateLimitDbId: 15 rspamdDbId: 15 # Database configuration - using existing PostgreSQL service externalDatabase: enabled: true type: "postgresql" host: "auth-db-service" # Using an existing PostgreSQL service in the namespace port: 5432 database: "mailu" # This database needs to be created manually username: "mailu" password: "E8Kz47YmVzDlHGs1M9wAbJzxcKnGONCT" # Persistence configuration persistence: single_pvc: true size: 10Gi storageClass: "" accessModes: [ReadWriteOnce] # Ingress configuration - disabled to use with existing ingress ingress: enabled: false # Disable chart's Ingress; use existing one tls: false # Disable TLS in chart since ingress handles it tlsFlavorOverride: notls # No TLS on internal NGINX; expect external proxy to handle TLS realIpHeader: X-Forwarded-For # Header for client IP from your Ingress realIpFrom: 0.0.0.0/0 # Trust all proxies (restrict to your Ingress pod CIDR for security) path: / pathType: ImplementationSpecific # Optional: Enable PROXY protocol for mail protocols if your Ingress supports TCP proxying proxyProtocol: smtp: false smtps: false submission: false imap: false imaps: false pop3: false pop3s: false manageSieve: false # Front configuration front: image: tag: "2024.06" replicaCount: 1 service: type: ClusterIP ports: http: 80 https: 443 resources: requests: cpu: 100m memory: 128Mi limits: cpu: 200m memory: 256Mi # Admin configuration admin: image: tag: "2024.06" replicaCount: 1 service: type: ClusterIP port: 80 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 300m memory: 512Mi # Postfix configuration postfix: image: tag: "2024.06" replicaCount: 1 service: type: ClusterIP ports: smtp: 25 submission: 587 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi # Dovecot configuration dovecot: image: tag: "2024.06" replicaCount: 1 service: type: ClusterIP ports: imap: 143 imaps: 993 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi # Rspamd configuration rspamd: image: tag: "2024.06" replicaCount: 1 service: type: ClusterIP ports: rspamd: 11333 rspamd-admin: 11334 resources: requests: cpu: 200m memory: 512Mi limits: cpu: 1000m memory: 1Gi # Network Policy networkPolicy: enabled: true ingressController: namespace: ingress-nginx podSelector: | matchLabels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/component: controller monitoring: namespace: monitoring podSelector: | matchLabels: app: signoz-prometheus