bump email

nodes/server/config/nftables.rules

@@ -27,9 +27,6 @@ table inet SERVER_FIREWALL {
 
               tcp dport { 80, 443 } accept comment "accept http"
 
-              tcp dport { 25, 465 } accept comment "accept smtp"
-              tcp dport 993 accept comment "accept imaps"
-
               udp dport 995 accept comment "accept wireguard"
 
               #tcp dport 6443 accept comment "accept kubernetes"
@@ -38,15 +35,15 @@ table inet SERVER_FIREWALL {
         chain nat_pretrouting {
               type nat hook prerouting priority 0; policy accept;
 
-              tcp dport {22, 25, 465, 2222} ct state new, untracked limit rate over 5/minute add @denylist { ip saddr } comment "add to blacklist"
               ip saddr 46.148.40.0/24 drop comment "dont allow iran ip"
+              tcp dport {22, 25, 465, 2222} ct state new, untracked limit rate over 5/minute add @denylist { ip saddr } comment "add to blacklist"
               ip saddr @denylist drop comment "dont allow blacklisted ip"
 
               iif enp1s0 tcp dport 2222 dnat ip to 10.200.0.6:2222 comment "forward to warpgate ssh connections"
               iif enp1s0 tcp dport 2222 dnat ip6 to [fd00:cafe::6]:2222 comment "forward to warpgate ssh connections"
 
-#              iif enp1s0 tcp dport {25, 465, 587, 993} dnat ip to 10.200.0.5:25 comment "forward to smtp & imaps connections"
-#              iif enp1s0 tcp dport {25, 465, 587, 993} dnat ip6 to [fd00:cafe::5]:25 comment "forward to smtp & imaps connections"
+              iif enp1s0 tcp dport {25, 465, 587, 993} dnat ip to 10.200.0.5 comment "forward to smtp & imaps connections"
+              iif enp1s0 tcp dport {25, 465, 587, 993} dnat ip6 to [fd00:cafe::5] comment "forward to smtp & imaps connections"
         }
 
         chain forward {
@@ -64,8 +61,8 @@ table inet SERVER_FIREWALL {
         chain nat_postrouting {
               type nat hook postrouting priority 0; policy accept;
 
-#              iif enp1s0 tcp dport {25, 465, 587, 993} ip daddr 10.200.0.5 masquerade comment "forward smtp & imaps ssh connections"
-#              iif enp1s0 tcp dport {25, 465, 587, 993} ip6 daddr fd00:cafe::5 masquerade comment "forward smtp & imaps ssh connections"
+              iif enp1s0 tcp dport {25, 465, 587, 993} ip daddr 10.200.0.5 masquerade comment "forward smtp & imaps connections"
+              iif enp1s0 tcp dport {25, 465, 587, 993} ip6 daddr fd00:cafe::5 masquerade comment "forward smtp & imaps connections"
 
               iif enp1s0 tcp dport 2222 ip daddr 10.200.0.6 masquerade comment "forward to warpgate ssh connections"
               iif enp1s0 tcp dport 2222 ip6 daddr fd00:cafe::6 masquerade comment "forward to warpgate ssh connections"

services/email/Dockerfile

@@ -42,7 +42,7 @@ RUN sed -i 's/#port = 143/port = 0/' /etc/dovecot/conf.d/10-master.conf && \
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 COPY dovecot_purge /etc/cron.daily/dovecot_purge
 COPY dovecot_reload /etc/cron.weekly/reload_dovecot
-COPY fetchmail_remote /etc/cron.hourly/fetchmail_remote
+#COPY fetchmail_remote /etc/cron.hourly/fetchmail_remote
 COPY vsmtp/config.vsl /etc/vsmtp/conf.d/config.vsl
 COPY vsmtp/filter.vsl /etc/vsmtp/filter.vsl
 COPY vsmtp/erebe.eu /etc/vsmtp/domain-enabled/erebe.eu 

services/email/deployment.yml

@@ -21,7 +21,7 @@ spec:
       tolerations:
       - key: "kubernetes.io/hostname"
         operator: "Equal"
-        value: "server"
+        value: "mail"
       containers:
       - name: mail
         image: ghcr.io/erebe/email:latest

services/secrets/dovecot.yml

@@ -5,16 +5,16 @@ metadata:
 type: ENC[AES256_GCM,data:S4XtnAID,iv:igm9vs40GFqx6U3CBbNWol9GqcNpZMQhaWWmZHEuUgU=,tag:6y/P0s2mMeue0mAKZjgG5g==,type:str]
 stringData:
     SMTP_PASSWORD: ENC[AES256_GCM,data:GdKd1Ws0LQ5ZtvC9oA==,iv:N+vwiVexeqNZl3fLVJE5mZvvdLDbkGKTwo+PGxqBg3o=,tag:qH0JKnxjUXPXqmzIDTB1iA==,type:str]
-    GANDI_RELAI_URL: ENC[AES256_GCM,data:l09/t6cvBifJkUyN6lFFpj8IdRLmDcZzR4/tVZpqxBsHtvXKPu0iDjToFW0jevMckUi2qUF+YgMlY3LNxXtXttyP9sCAyd5faFlDYd+vai8LNUYgk6cazESLGAJTBEsE8Z1RaLFWFJA=,iv:r3fazBI5krHQ1q7BcZgn0SGYJ+cgYkIO/MrJpJRC+A8=,tag:Z87gJ/c2g+Zi732AAR+YJg==,type:str]
+    GANDI_RELAI_URL: ENC[AES256_GCM,data:/UaCAD2lC+csfzA0ee28EKEYkCtVYDhdBtckHMly1Gq082sKNQs0UStsCbHXV7mny+NeBNfGaMqdqvY11WjLZC29BnFhjsCyXgAiscal1abz2mOZ3QHIumvvOnwkniBZi1mFTLpCauru,iv:1TqQLVGj0c1ULqW5GXuyAkhdolz8H8FuY3YjK2u6Lks=,tag:HsWpZFi4jmkFAL5432oECA==,type:str]
     users: ENC[AES256_GCM,data:tpFvvbjb1T66OvakOY9IhSdrsyZljpHw/UT0/1kxdPjK59z0fAbCg6qebBG0RNe5zQ6DJ3WO06mPNz8E+0OsSyySh5+CANKv3zGABGc=,iv:xA7Qz+A3P2aHhXGZkIaqqpEbNqJqgQKR6hBBRBc5A2c=,tag:ZywriWEIOscUGGYwwf+0MQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-08-01T20:31:05Z"
-    mac: ENC[AES256_GCM,data:UnYQWnFkiIxamzAV0YEyDGwLq6ikrVITD5oy9T/cAi1oJND+mPNYqRNg/CcDuURJkDwtX+nIvKs32Mg/F7TmaafKg036NaZ4Bq6ThCDP1AOD53vKo7/clQ4J4S3n7zZdqWyLOHMHzF3EtBz7CigWpvY1JodVFe6K7CjKstrS84U=,iv:Rb/vvncn3tn9SCPL9gGmBauBVyc0atNnluV1Vxo+DP4=,tag:Rw455JZ1B9JK+PHYmmT/+w==,type:str]
+    lastmodified: "2023-08-27T20:19:49Z"
+    mac: ENC[AES256_GCM,data:rO92D0eH4E/lFywjfd3t1lhfBrdCFVSicl3GXtdqrA26XSvKLYmFrND03fCdwEqe5Dhoyn9bc/KavTmZlJcubD2YdlmZHV+XOw+53mf2n81O3fpDWLLTfJXDH9EDHy87VF8Fng2jBFhgeXxkXP1SSUMrY4ZYZwVbaC+J45liLJU=,iv:82yG+RekfddWeVP5et3ZtegXNcurl0lcwPjpkTnIi70=,tag:dIfA/ekLDc1pe7JaJZgjvw==,type:str]
     pgp:
         - created_at: "2020-12-18T14:24:09Z"
           enc: |-