email: disable old port

erebe · Dec 29, 2023 · 9ff9c7a · 9ff9c7a
1 parent 5b5ee6f
commit 9ff9c7a
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 6 deletions.
diff --git a/nodes/server/config/nftables.rules b/nodes/server/config/nftables.rules
@@ -27,7 +27,7 @@ table inet SERVER_FIREWALL {
 
               tcp dport { 80, 443 } accept comment "accept http"
 
-              tcp dport {25, 465, 587, 993} accept comment "accept email"
+              tcp dport {25, 587, 993} accept comment "accept email"
 
               udp dport 995 accept comment "accept wireguard"
 
@@ -38,14 +38,14 @@ table inet SERVER_FIREWALL {
               type nat hook prerouting priority 0; policy accept;
 
               ip saddr 46.148.40.0/24 drop comment "dont allow iran ip"
-              tcp dport {22, 25, 465, 2222} ct state new, untracked limit rate over 5/minute add @denylist { ip saddr } comment "add to blacklist"
+              tcp dport {22, 25, 587, 2222} ct state new, untracked limit rate over 5/minute add @denylist { ip saddr } comment "add to blacklist"
               ip saddr @denylist drop comment "dont allow blacklisted ip"
 
               iif eth0 tcp dport 2222 dnat ip to 10.200.0.6:2222 comment "forward to warpgate ssh connections"
               iif eth0 tcp dport 2222 dnat ip6 to [fd00:cafe::6]:2222 comment "forward to warpgate ssh connections"
 
-              #iif eth0 tcp dport {25, 465, 587, 993} dnat ip to 10.200.0.5 comment "forward to smtp & imaps connections"
-              #iif eth0 tcp dport {25, 465, 587, 993} dnat ip6 to [fd00:cafe::5] comment "forward to smtp & imaps connections"
+              #iif eth0 tcp dport {25, 587, 993} dnat ip to 10.200.0.5 comment "forward to smtp & imaps connections"
+              #iif eth0 tcp dport {25, 587, 993} dnat ip6 to [fd00:cafe::5] comment "forward to smtp & imaps connections"
         }
 
         chain forward {
@@ -63,8 +63,8 @@ table inet SERVER_FIREWALL {
         chain nat_postrouting {
               type nat hook postrouting priority 0; policy accept;
 
-              #iif eth0 tcp dport {25, 465, 587, 993} ip daddr 10.200.0.5 masquerade comment "forward smtp & imaps connections"
-              #iif eth0 tcp dport {25, 465, 587, 993} ip6 daddr fd00:cafe::5 masquerade comment "forward smtp & imaps connections"
+              #iif eth0 tcp dport {25, 465, 993} ip daddr 10.200.0.5 masquerade comment "forward smtp & imaps connections"
+              #iif eth0 tcp dport {25, 465, 993} ip6 daddr fd00:cafe::5 masquerade comment "forward smtp & imaps connections"
 
               iif eth0 tcp dport 2222 ip daddr 10.200.0.6 masquerade comment "forward to warpgate ssh connections"
               iif eth0 tcp dport 2222 ip6 daddr fd00:cafe::6 masquerade comment "forward to warpgate ssh connections"

diff --git a/services/email/deployment.yml b/services/email/deployment.yml
@@ -28,6 +28,7 @@ spec:
         imagePullPolicy: Always
         ports:
         - containerPort: 25
+        - containerPort: 587
         - containerPort: 993
         env:
         - name: SMTP_PASSWORD
@@ -40,6 +41,12 @@ spec:
             secretKeyRef:
               name: dovecot-users-password
               key: GANDI_RELAI_URL
+        livenessProbe:
+          tcpSocket:
+            port: 25
+          initialDelaySeconds: 10
+          failureThreshold: 3
+          periodSeconds: 30
         volumeMounts:
         - name: email-tls
           mountPath: /etc/dovecot/private/