# Mailu Helm values to use internal database and Redis # Domain configuration domain: bakery-ia.local hostnames: - mail.bakery-ia.local # Mailu version mailuVersion: "2024.06" secretKey: "cb61b934d47029a64117c0e4110c93f66bbcf5eaa15c84c42727fad78f7" # Timezone timezone: "Etc/UTC" # Postmaster configuration postmaster: "admin" # TLS configuration tls: flavor: "notls" # Since we're using ingress for TLS # Limits configuration limits: messageSizeLimitInMegabytes: 50 authRatelimit: ip: "60/hour" user: "100/day" messageRatelimit: value: "200/day" # External relay configuration (Mailgun) externalRelay: host: "[smtp.mailgun.org]:587" username: "postmaster@bakery-ia.local" password: "mailgun-api-key-replace-in-production" # Webmail configuration webmail: enabled: true flavor: "roundcube" # Antivirus and antispam configuration antivirus: enabled: false # Disabled in dev to save resources antispam: enabled: true flavor: "rspamd" # Welcome message welcomeMessage: enabled: false # Disabled during development # Logging logLevel: "DEBUG" # Network configuration subnet: "10.42.0.0/16" # Use internal database instead of external externalDatabase: enabled: false # PostgreSQL configuration (internal) postgresql: enabled: true architecture: standalone auth: enablePostgresUser: true postgresPassword: "strong-postgres-password" username: "mailu" password: "mailu-db-password" database: "mailu" primary: persistence: enabled: true size: 8Gi storageClass: "standard" # Use internal Redis instead of external externalRedis: enabled: false # Redis configuration (internal) redis: enabled: true architecture: standalone auth: enabled: false # Disable authentication for internal use master: persistence: enabled: true size: 1Gi storageClass: "standard" # Persistence configuration persistence: single_pvc: true size: 10Gi storageClass: "" accessModes: [ReadWriteOnce] # Ingress configuration - disabled to use with existing ingress ingress: enabled: false # Disable chart's Ingress; use existing one tls: false # Disable TLS in chart since ingress handles it tlsFlavorOverride: notls # No TLS on internal NGINX; expect external proxy to handle TLS realIpHeader: X-Forwarded-For # Header for client IP from your Ingress realIpFrom: 0.0.0.0/0 # Trust all proxies (restrict to your Ingress pod CIDR for security) path: / pathType: ImplementationSpecific # Optional: Enable PROXY protocol for mail protocols if your Ingress supports TCP proxying proxyProtocol: smtp: false smtps: false submission: false imap: false imaps: false pop3: false pop3s: false manageSieve: false # Front configuration front: image: tag: "2024.06" replicaCount: 1 service: type: ClusterIP ports: http: 80 https: 443 resources: requests: cpu: 100m memory: 128Mi limits: cpu: 200m memory: 256Mi # Admin configuration admin: image: tag: "2024.06" replicaCount: 1 service: type: ClusterIP port: 80 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 300m memory: 512Mi # Postfix configuration postfix: image: tag: "2024.06" replicaCount: 1 service: type: ClusterIP ports: smtp: 25 submission: 587 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi # Dovecot configuration dovecot: image: tag: "2024.06" replicaCount: 1 service: type: ClusterIP ports: imap: 143 imaps: 993 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi # Rspamd configuration rspamd: image: tag: "2024.06" replicaCount: 1 service: type: ClusterIP ports: rspamd: 11333 rspamd-admin: 11334 resources: requests: cpu: 200m memory: 512Mi limits: cpu: 1000m memory: 1Gi # Network Policy networkPolicy: enabled: true ingressController: namespace: ingress-nginx podSelector: | matchLabels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/component: controller monitoring: namespace: monitoring podSelector: | matchLabels: app: signoz-prometheus