apiVersion: v1
kind: ConfigMap
metadata:
  name: postfix-config
data:
  main.cf: |
    myhostname = mail.chaos
    alias_maps = hash:/etc/postfix/aliases
    alias_database = $alias_maps
    mydestination = localhost, mail.chaos, chaos, localhost.localdomain, localhost
    relayhost =
    mynetworks = 172.17.0.0/16, 192.168.0.0/16, 10.0.0.0/8, 127.0.0.0/8
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    home_mailbox = Maildir/
    # Redirect Postfix logs to stdout and stderr
    syslog_name = postfix
    maillog_file = /dev/stdout

    # Dovecot LMTP configuration for receiving mail
    virtual_transport = lmtp:localhost:24
    smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

    # Authentication using Dovecot SASL
    broken_sasl_auth_clients = yes
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_security_options = noanonymous

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: dovecot-config
data:
  10-master.conf: |
    service imap-login {
      inet_listener imap {
        address = *
        port = 143
      }
    }

    service lmtp {
      unix_listener /var/spool/postfix/private/auth {
        mode = 0660
        user = postfix
        group = postfix
      }

      unix_listener lmtp {
        mode = 0600
        user = vmail
        group = vmail
      }
    }

    service auth {
      unix_listener /var/spool/postfix/private/auth {
        mode = 0660
        user = postfix
        group = postfix
      }

      # Authentication via PAM
      unix_listener auth-userdb {
        mode = 0666
        user = vmail
        group = vmail
      }
    }
    
    service auth-worker {
      # No additional settings required for worker processes
    }

  10-auth.conf: |
    disable_plaintext_auth = no

    auth_mechanisms = plain login

    passdb {
      driver = pam
      args = /etc/pam.d/dovecot
    }

    userdb {
      driver = passwd-file
      args = /etc/dovecot/users
    }
  
  10-mail.conf: |
    mail_location = maildir:/var/mail/%d/%n/Maildir

    first_valid_uid = 5000
    last_valid_uid = 5999

    first_valid_gid = 5000
    last_valid_gid = 5999
    # Redirect Dovecot logs to stdout and stderr
    log_path = /dev/stdout

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mail-storage
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 10Gi

---
apiVersion: v1
kind: Pod
metadata:
  name: mail
spec:
  containers:
  - name: postfix
    image: docker.io/mailcow/postfix
    ports:
    - containerPort: 25
      hostPort: 2525
    volumeMounts:
    - mountPath: /etc/postfix
      name: config-volume
    - mountPath: /var/mail
      name: mail-storage-pvc
    # Redirect Postfix logs to stdout and stderr
    command: ["sh", "-c"]
    args: ["/usr/sbin/postfix start-fg >>/dev/stdout 2>>/dev/stderr & tail -f /dev/null"]

  - name: dovecot
    image: cr.chaos/dovecot:latest
    ports:
    - containerPort: 143
      hostPort: 14343
    volumeMounts:
    - mountPath: /etc/dovecot/conf.d
      name: config-volume
    - mountPath: /var/mail
      name: mail-storage-pvc
    # Redirect Dovecot logs to stdout and stderr
    command: ["sh", "-c"]
    args: ["/usr/sbin/dovecot >>/dev/stdout 2>>/dev/stderr & tail -f /dev/null"]

  volumes:
  - name: config-volume
    configMap:
      name: dovecot-config

  - name: mail-storage-pvc
    persistentVolumeClaim:
      claimName: mail-storage