From 5258f09230053bb84fd31fd7212c0c6de7dd052c Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Fri, 22 May 2026 20:08:38 +0000 Subject: [PATCH] mailserver: decommission SendGrid MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove leftover SendGrid references after the Brevo migration was completed: - Delete TF `cloudflare_record.mail_domainkey` (TXT at `s1._domainkey`, SendGrid-era DKIM, hidden behind the SendGrid CNAME but would re-emerge once the CNAME is removed). - Clean up commented-out `smtp.sendgrid.net` relayhost references and the `# For sendgrid` comment on `sasl_passwd` in the mailserver module. DNS records deleted out-of-band (not TF-managed): - CF: `s1._domainkey CNAME` + `s2._domainkey CNAME` → sendgrid.net (manual entries) - Technitium internal `viktorbarzin.me`: `em7107`, `s1._domainkey`, `s2._domainkey` CNAMEs → sendgrid.net Verified end-to-end mail flow unaffected (Brevo outbound + IMAP receive, roundtrip 20.4s — identical to baseline). Active DKIM (`mail._domainkey` local + `brevo1/brevo2._domainkey` Brevo) untouched. --- stacks/cloudflared/modules/cloudflared/cloudflare.tf | 10 ---------- stacks/mailserver/modules/mailserver/main.tf | 3 +-- stacks/mailserver/modules/mailserver/variables.tf | 1 - 3 files changed, 1 insertion(+), 13 deletions(-) diff --git a/stacks/cloudflared/modules/cloudflared/cloudflare.tf b/stacks/cloudflared/modules/cloudflared/cloudflare.tf index 05afd6b6..b5eb0490 100644 --- a/stacks/cloudflared/modules/cloudflared/cloudflare.tf +++ b/stacks/cloudflared/modules/cloudflared/cloudflare.tf @@ -145,16 +145,6 @@ resource "cloudflare_record" "mail_mx" { } -resource "cloudflare_record" "mail_domainkey" { - content = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIDLB8mhAHNqs1s6GeZMQHOxWweoNKIrqo5tqRM3yFilgfPUX34aTIXNZg9xAmlK+2S/xXO1ymt127ZGMjnoFKOEP8/uZ54iHTCnioHaPZWMfJ7o6TYIXjr+9ShKfoJxZLv7lHJ2wKQK3yOw4lg4cvja5nxQ6fNoGRwo+mQ/mgJQIDAQAB\"" - name = "s1._domainkey.viktorbarzin.me" - proxied = false - ttl = 1 - type = "TXT" - priority = 1 - zone_id = var.cloudflare_zone_id -} - resource "cloudflare_record" "mail_spf" { # Brevo replaced Mailgun as the outbound relay on 2026-04-12 (see docs/architecture/mailserver.md). # Soft-fail (~all) is intentional during cutover — revisit once relay delivery is stable. diff --git a/stacks/mailserver/modules/mailserver/main.tf b/stacks/mailserver/modules/mailserver/main.tf index cd502cf2..df193048 100644 --- a/stacks/mailserver/modules/mailserver/main.tf +++ b/stacks/mailserver/modules/mailserver/main.tf @@ -3,7 +3,7 @@ variable "tier" { type = string } variable "mailserver_accounts" {} variable "postfix_account_aliases" {} variable "opendkim_key" {} -variable "sasl_passwd" {} # For sendgrid i.e relayhost +variable "sasl_passwd" {} # SMTP relay (Brevo) SASL credentials variable "nfs_server" { type = string } # Build the virtual-alias map, dropping aliases where BOTH the source and # target are real mailboxes in var.mailserver_accounts (and are different). @@ -83,7 +83,6 @@ resource "kubernetes_config_map" "mailserver_env_config" { POSTFIX_MESSAGE_SIZE_LIMIT = 1024 * 1024 * 200 # 200 MB POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME = "1" # TLS_LEVEL = "intermediate" - # DEFAULT_RELAY_HOST = "[smtp.sendgrid.net]:587" DEFAULT_RELAY_HOST = "[smtp-relay.brevo.com]:587" SPOOF_PROTECTION = "1" SSL_TYPE = "manual" diff --git a/stacks/mailserver/modules/mailserver/variables.tf b/stacks/mailserver/modules/mailserver/variables.tf index 72d8f308..29d6665c 100644 --- a/stacks/mailserver/modules/mailserver/variables.tf +++ b/stacks/mailserver/modules/mailserver/variables.tf @@ -2,7 +2,6 @@ # see defaults - https://github.com/docker-mailserver/docker-mailserver/blob/master/target/postfix/main.cf variable "postfix_cf" { default = <