-- KumoMTA policy skeleton for AWS production (example only) -- Context: Rocky 9 / Amazon Linux 2023, KumoMTA from official repo -- Replace mail1.example.com, CIDRs, cert paths, and pool names before use local kumo = require 'kumo' kumo.on('init', function() kumo.set_listener { listen = '0.0.0.0:25', hostname = 'mail1.example.com', relay_hosts = { '10.40.0.0/16' }, } kumo.set_listener { listen = '0.0.0.0:587', hostname = 'mail1.example.com', tls_certificate = '/etc/pki/kumomta/mail.crt', tls_private_key = '/etc/pki/kumomta/mail.key', require_auth = true, } end) kumo.on('get_queue_config', function(domain, tenant, campaign) if domain:match('gmail%.com$') then return { max_age = '72h', retry_interval = '5m', max_retry_interval = '1h', connection_limit = 50, } end return { max_age = '48h', retry_interval = '10m', max_retry_interval = '2h', connection_limit = 30, } end) kumo.on('select_egress_path', function(msg) local tenant = msg:meta('tenant') or 'default' if tenant == 'transactional' then return 'ip_pool_txn' end if tenant == 'marketing' then return 'ip_pool_mkt' end return 'ip_pool_default' end)