Add mailcow

03frontends.cfg

@@ -309,6 +309,7 @@ frontend frontend_default
   acl kanboard hdr(host) -i kanboard.benoit.jp.net
   acl laminar hdr(host) -i laminar.benoit.jp.net
   acl linkding hdr(host) -i linkding.benoit.jp.net
+  acl mailcow hdr(host) -i mail.benoit.jp.net
   acl mastodon hdr(host) -i mastodon.benoit.jp.net
   acl miniflux hdr(host) -i miniflux.benoit.jp.net
   acl navidrome hdr(host) -i navidrome.benoit.jp.net
@@ -319,6 +320,7 @@ frontend frontend_default
 
   http-request deny if adguard !JP !SG !letsencrypt
   http-request deny if kanboard !JP !SG !letsencrypt
+  http-request deny if mailcow !JP !SG !letsencrypt
   http-request deny if miniflux !JP !SG !letsencrypt
   http-request deny if navidrome !JP !SG !letsencrypt
   http-request deny if photoprism !JP !SG !letsencrypt
@@ -331,6 +333,7 @@ frontend frontend_default
   use_backend laminar if laminar
   use_backend letsencrypt if letsencrypt
   use_backend linkding if linkding
+  use_backend mailcow if mailcow
   use_backend mastodon if mastodon
   use_backend miniflux if miniflux
   use_backend navidrome if navidrome

04listen.cfg

@@ -8,30 +8,30 @@ listen ssh
   server git-ssh forgejo.incus:10022 send-proxy check
 
 # Mailcow
-#  listen smtp
+  listen smtp
-#    bind :25
+    bind :25
-#    bind :::25 v6only
+    bind :::25 v6only
-#      mode tcp
+      mode tcp
-#      option tcplog
+      option tcplog
-#    server mail 10.78.127.231:10025 send-proxy
+    server mailcow mailcow.incus:10025 send-proxy
-#  listen smtps
+  listen smtps
-#    bind :465
+    bind :465
-#    bind :::465 v6only
+    bind :::465 v6only
-#      mode tcp
+      mode tcp
-#      option tcplog
+      option tcplog
-#    server mail 10.78.127.231:10465 send-proxy
+    server mailcow mailcow.incus:10465 send-proxy
-#  listen imaps
+  listen imaps
-#    bind :993
+    bind :993
-#    bind :::993 v6only
+    bind :::993 v6only
-#      mode tcp
+      mode tcp
-#      option tcplog
+      option tcplog
-#    server mail 10.78.127.231:10993 send-proxy
+    server mailcow mailcow.incus:10993 send-proxy
-#  listen sieve
+  listen sieve
-#    bind :4190
+    bind :4190
-#    bind :::4190 v6only
+    bind :::4190 v6only
-#      mode tcp
+      mode tcp
-#      option tcplog
+      option tcplog
-#    server mail 10.78.127.231:14190 send-proxy
+    server mailcow mailcow.incus:14190 send-proxy
 
 # Adguard
 listen adguard-dot

05backends.cfg

@@ -127,3 +127,13 @@ backend navidrome
   http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
   http-response set-header Cross-Origin-Resource-Policy "same-origin"
   server navidrome navidrome.incus:4533 check
+
+backend mailcow
+  # set HSTS for one year after all responses
+  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+  # add some Security headers
+  http-response set-header X-Frame-Options "SAMEORIGIN"
+  http-response set-header X-Content-Type-Options "nosniff"
+  http-response set-header Referrer-Policy "strict-origin-when-cross-origin"
+  http-response set-header Cross-Origin-Resource-Policy "same-origin"
+  server navidrome mailcow.incus:80 check