mailserver: add docs@ paperless ingest mailbox (sieve sender allowlist)
Some checks failed
ci/woodpecker/push/default Pipeline failed
Some checks failed
ci/woodpecker/push/default Pipeline failed
Viktor asked to forward arbitrary emails with PDF attachments into paperless-ngx, with the forwarding sender mapping 1:1 to the paperless account that owns the document. paperless-ngx's built-in IMAP consumer already does the sender->owner mapping, so the infra half is a dedicated real mailbox docs@viktorbarzin.me: an explicit self-alias (the @domain catch-all would otherwise divert it into the TripIt-swept spam@ mailbox, whose sweeper LLM-parses and auto-replies to mail from linked senders) plus a per-user Dovecot sieve that discards non-family senders at delivery (chosen behaviour for unmatched senders: ignore and delete; also keeps spam out of the guessable address). The mailbox credential was added to Vault secret/platform.mailserver_accounts. Paperless-side mail account + 5 per-sender rules are DB state, configured via the API per the new runbook docs/runbooks/paperless-mail-ingest.md. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
parent
f5187806f9
commit
77fcb08e8e
6 changed files with 166 additions and 1 deletions
|
|
@ -110,6 +110,12 @@ resource "kubernetes_config_map" "mailserver_config" {
|
|||
"postfix-main.cf" = var.postfix_cf
|
||||
"postfix-virtual.cf" = local.postfix_virtual
|
||||
|
||||
# Per-user Dovecot sieve for the paperless-ngx ingest mailbox: DMS installs
|
||||
# any /tmp/docker-mailserver/<login>.dovecot.sieve at startup. ConfigMap
|
||||
# keys can't contain '@', so the key is sanitized ("-at-") and the
|
||||
# volume_mount below restores the real filename.
|
||||
"docs-at-viktorbarzin.me.dovecot.sieve" = file("${path.module}/extra/docs-at-viktorbarzin.me.dovecot.sieve")
|
||||
|
||||
KeyTable = "mail._domainkey.viktorbarzin.me viktorbarzin.me:mail:/etc/opendkim/keys/viktorbarzin.me-mail.key\n"
|
||||
SigningTable = "*@viktorbarzin.me mail._domainkey.viktorbarzin.me\n"
|
||||
TrustedHosts = "127.0.0.1\nlocalhost\n"
|
||||
|
|
@ -404,6 +410,12 @@ resource "kubernetes_deployment" "mailserver" {
|
|||
sub_path = "postfix-virtual.cf"
|
||||
read_only = true
|
||||
}
|
||||
volume_mount {
|
||||
name = "config"
|
||||
mount_path = "/tmp/docker-mailserver/docs@viktorbarzin.me.dovecot.sieve"
|
||||
sub_path = "docs-at-viktorbarzin.me.dovecot.sieve"
|
||||
read_only = true
|
||||
}
|
||||
volume_mount {
|
||||
name = "config"
|
||||
mount_path = "/tmp/docker-mailserver/fetchmail.cf"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue