***********
Mail Module
***********

The Mail Module is a native stack of mail services integrated into Libre Workspace, including **Postfix** (MTA), **Dovecot** (IMAP/LMTP), and **SnappyMail** (Webmail) running behind the Caddy reverse proxy. 

It provides secure mailboxes and outgoing delivery, integrated directly with the workspace identity provider.

Architecture
============

The Mail Module is installed locally on the client instance but routes outgoing mail through the Central MTA:

* **Samba AD LDAP Integration:** Dovecot and Postfix bind to the local Samba AD-DC via LDAP. This enables users to log into Webmail or IMAP clients using their standard domain credentials. Virtual mailbox paths and aliases are resolved directly via LDAP database queries.
* **Smart-Host Outbound Relay:** Local Postfix is configured to route all outgoing emails to the Central MTA (smart-host) on port 587. It uses unique, instance-specific SASL credentials to authenticate against the Central MTA.
* **DKIM Signing and Rate Limits:** All outbound emails are signed with DKIM keys and rate-limited on the Central MTA, protecting the IP reputation of the service.

Admin and User Portal Functions
================================

Administrators and users can configure their email experiences directly in the Libre Workspace portal interface:
* **Allowed Senders Quota:** Administrators can add, edit, or delete registered allowed sender addresses. These are synchronized dynamically with the Central MTA database using REST API calls with the client instance API key. The quota limit (maximum allowed senders) is enforced by the Central MTA based on the workspace flavor.
* **SnappyMail Webmail:** Users can access the webmail interface at ``webmail.your-domain.org`` to read and send messages, change personal mailbox settings, and organize emails.

Creating Mailing Lists
======================

To create a mailing list (distribution list) for mail accounts within the same Libre Workspace instance, you do not need external mailing list software. Instead, you can leverage Active Directory's proxy addresses:

1. Identify the email address for the mailing list (e.g., ``team@your-domain.org``).
2. For each user who should belong to the mailing list, add the value ``smtp:team@your-domain.org`` (or ``SMTP:team@your-domain.org``) to their ``proxyAddresses`` LDAP attribute in the Samba AD-DC.
3. When Postfix receives a message addressed to ``team@your-domain.org``, it queries the LDAP database using ``virtual-alias-maps.cf``.
4. The LDAP query searches for all user objects containing that address in their ``proxyAddresses`` attribute and resolves it to their respective ``mail`` attributes.
5. Postfix then automatically delivers a copy of the email to each member's mailbox.