mailserver: decommission SendGrid

Remove leftover SendGrid references after the Brevo migration was completed: - Delete TF `cloudflare_record.mail_domainkey` (TXT at `s1._domainkey`, SendGrid-era DKIM, hidden behind the SendGrid CNAME but would re-emerge once the CNAME is removed). - Clean up commented-out `smtp.sendgrid.net` relayhost references and the `# For sendgrid` comment on `sasl_passwd` in the mailserver module. DNS records deleted out-of-band (not TF-managed): - CF: `s1._domainkey CNAME` + `s2._domainkey CNAME` → sendgrid.net (manual entries) - Technitium internal `viktorbarzin.me`: `em7107`, `s1._domainkey`, `s2._domainkey` CNAMEs → sendgrid.net Verified end-to-end mail flow unaffected (Brevo outbound + IMAP receive, roundtrip 20.4s — identical to baseline). Active DKIM (`mail._domainkey` local + `brevo1/brevo2._domainkey` Brevo) untouched.
2026-05-22 20:08:38 +00:00 · 2026-05-22 20:08:38 +00:00 · 5258f09230
commit 5258f09230
parent b233aba710
3 changed files with 1 additions and 13 deletions
--- a/stacks/cloudflared/modules/cloudflared/cloudflare.tf
+++ b/stacks/cloudflared/modules/cloudflared/cloudflare.tf
@ -145,16 +145,6 @@ resource "cloudflare_record" "mail_mx" {
 }


-resource "cloudflare_record" "mail_domainkey" {
-  content  = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIDLB8mhAHNqs1s6GeZMQHOxWweoNKIrqo5tqRM3yFilgfPUX34aTIXNZg9xAmlK+2S/xXO1ymt127ZGMjnoFKOEP8/uZ54iHTCnioHaPZWMfJ7o6TYIXjr+9ShKfoJxZLv7lHJ2wKQK3yOw4lg4cvja5nxQ6fNoGRwo+mQ/mgJQIDAQAB\""
-  name     = "s1._domainkey.viktorbarzin.me"
-  proxied  = false
-  ttl      = 1
-  type     = "TXT"
-  priority = 1
-  zone_id  = var.cloudflare_zone_id
-}
-
 resource "cloudflare_record" "mail_spf" {
  # Brevo replaced Mailgun as the outbound relay on 2026-04-12 (see docs/architecture/mailserver.md).
  # Soft-fail (~all) is intentional during cutover — revisit once relay delivery is stable.
--- a/stacks/mailserver/modules/mailserver/main.tf
+++ b/stacks/mailserver/modules/mailserver/main.tf
@ -3,7 +3,7 @@ variable "tier" { type = string }
 variable "mailserver_accounts" {}
 variable "postfix_account_aliases" {}
 variable "opendkim_key" {}
-variable "sasl_passwd" {} # For sendgrid i.e relayhost
+variable "sasl_passwd" {} # SMTP relay (Brevo) SASL credentials
 variable "nfs_server" { type = string }
 # Build the virtual-alias map, dropping aliases where BOTH the source and
 # target are real mailboxes in var.mailserver_accounts (and are different).
@ -83,7 +83,6 @@ resource "kubernetes_config_map" "mailserver_env_config" {
    POSTFIX_MESSAGE_SIZE_LIMIT             = 1024 * 1024 * 200 # 200 MB
    POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME = "1"
    # TLS_LEVEL                              = "intermediate"
-    # DEFAULT_RELAY_HOST = "[smtp.sendgrid.net]:587"
    DEFAULT_RELAY_HOST = "[smtp-relay.brevo.com]:587"
    SPOOF_PROTECTION   = "1"
    SSL_TYPE           = "manual"
--- a/stacks/mailserver/modules/mailserver/variables.tf
+++ b/stacks/mailserver/modules/mailserver/variables.tf
@ -2,7 +2,6 @@
 # see defaults - https://github.com/docker-mailserver/docker-mailserver/blob/master/target/postfix/main.cf
 variable "postfix_cf" {
  default = <<EOT
-#relayhost = [smtp.sendgrid.net]:587
 relayhost = [smtp-relay.brevo.com]:587
 smtp_sasl_auth_enable = yes
 smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd