mailserver: add docs@ paperless ingest mailbox (sieve sender allowlist)
Some checks failed
ci/woodpecker/push/default Pipeline failed
Some checks failed
ci/woodpecker/push/default Pipeline failed
Viktor asked to forward arbitrary emails with PDF attachments into paperless-ngx, with the forwarding sender mapping 1:1 to the paperless account that owns the document. paperless-ngx's built-in IMAP consumer already does the sender->owner mapping, so the infra half is a dedicated real mailbox docs@viktorbarzin.me: an explicit self-alias (the @domain catch-all would otherwise divert it into the TripIt-swept spam@ mailbox, whose sweeper LLM-parses and auto-replies to mail from linked senders) plus a per-user Dovecot sieve that discards non-family senders at delivery (chosen behaviour for unmatched senders: ignore and delete; also keeps spam out of the guessable address). The mailbox credential was added to Vault secret/platform.mailserver_accounts. Paperless-side mail account + 5 per-sender rules are DB state, configured via the API per the new runbook docs/runbooks/paperless-mail-ingest.md. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
parent
f5187806f9
commit
77fcb08e8e
6 changed files with 166 additions and 1 deletions
|
|
@ -161,6 +161,17 @@ https://mail.viktorbarzin.me → Traefik → Roundcubemail
|
|||
DB: MySQL (mysql.dbaas.svc.cluster.local)
|
||||
```
|
||||
|
||||
### Paperless ingest mailbox (docs@)
|
||||
|
||||
`docs@viktorbarzin.me` is a dedicated real mailbox (explicit self-alias in
|
||||
`extra/aliases.txt` so the `@domain → spam@` catch-all doesn't shadow it) that
|
||||
paperless-ngx polls over IMAP; family members forward document emails to it
|
||||
and the sender maps 1:1 to a paperless account. A per-user Dovecot sieve
|
||||
(`docs-at-viktorbarzin.me.dovecot.sieve` in the `mailserver.config` ConfigMap,
|
||||
mounted as `/tmp/docker-mailserver/docs@viktorbarzin.me.dovecot.sieve`)
|
||||
discards mail from non-allowlisted senders at delivery. Full flow, sender map,
|
||||
and add-a-sender procedure: [`runbooks/paperless-mail-ingest.md`](../runbooks/paperless-mail-ingest.md).
|
||||
|
||||
## DNS Records
|
||||
|
||||
All managed in Terraform at `stacks/cloudflared/modules/cloudflared/cloudflare.tf`.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue