The Mailserver is based on customization of Postfix made by TOMAV in order to work properly on Kubernetes; on top of Postfix we have developed in JavaScript language some APIs to expose Postfix functionalities.

Each time that it is necessary to deploy a Mailserver it is very important that all the emails that are sent are validated and signed. In order for each MTA (Mail Transfer Agent) to recognize the Mailserver as a valid sender, so emails are not put in junk or spam folders we have used two important functionalities:
I. DKIM (Domain Keys Identified Mail) is a method to prevent spoofing and it allows trust in the sender
II. SPF (Sender Policy Framework) is an email-authentication technique, which is used to prevent spammers from sending messages on behalf of your domain.

For both functionalities to work properly, they require some configurations on DNS, in particular:

• A TXT record for KIM
• A TXT record for SPF
• A PTR record for Mailserver IP

The Mailserver architecture is shown in the figure below.

Two containers compose the Mailserver POD; the first is a Postfix container and the second one is API-server. All FINSEC POD can communicate with Mailserver POD by using the Mailserver service: the service forwards the requests coming from FINSEC PODs towards the API-server, and then it translates these requests in Postfix commands to send email.