Merge branch 'master' of git://gaffer.ptitcanardnoir.org/puppet-module-postfix
This commit is contained in:
commit
e70609a148
8 changed files with 167 additions and 1 deletions
7
README
7
README
|
@ -7,6 +7,13 @@ A couple of classes will preconfigure postfix for common needs.
|
||||||
Config
|
Config
|
||||||
------
|
------
|
||||||
- set $postfix_use_amavisd="yes" to include postfix::amavis
|
- set $postfix_use_amavisd="yes" to include postfix::amavis
|
||||||
|
- set $postfix_anon_sasl="yes" to hide the originating IP in email
|
||||||
|
relayed for an authenticated SASL client; this needs Postfix
|
||||||
|
2.3 or later to work; beware! Postfix logs the header replacement
|
||||||
|
has been done, which means that you are storing this information,
|
||||||
|
unless you are anonymizing your logs.
|
||||||
|
- set $postfix_manage_header_checks="yes" to manage header checks (see
|
||||||
|
postfix::header_checks for details)
|
||||||
- set $postfix_manage_tls_policy="yes" to manage TLS policy (see
|
- set $postfix_manage_tls_policy="yes" to manage TLS policy (see
|
||||||
postfix::tlspolicy for details)
|
postfix::tlspolicy for details)
|
||||||
|
|
||||||
|
|
0
files/header_checks.d/.ignore
Normal file
0
files/header_checks.d/.ignore
Normal file
18
manifests/classes/postfix-anonsasl.pp
Normal file
18
manifests/classes/postfix-anonsasl.pp
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
class postfix::anonsasl {
|
||||||
|
|
||||||
|
include postfix::header_checks
|
||||||
|
|
||||||
|
postfix::config {
|
||||||
|
'smtpd_sasl_authenticated_header':
|
||||||
|
value => 'yes';
|
||||||
|
}
|
||||||
|
|
||||||
|
postfix::header_checks_snippet {
|
||||||
|
'anonsasl':
|
||||||
|
content => template("postfix/anonsasl_header_checks.erb"),
|
||||||
|
require => [
|
||||||
|
Postfix::Config['smtpd_sasl_authenticated_header'],
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
57
manifests/classes/postfix-header_checks.pp
Normal file
57
manifests/classes/postfix-header_checks.pp
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
#
|
||||||
|
# == Class: postfix::header_checks
|
||||||
|
#
|
||||||
|
# Manages Postfix header_checks by merging snippets shipped:
|
||||||
|
# - in the module's files/header_checks.d/ or puppet:///files/etc/postfix/header_checks.d
|
||||||
|
# (the latter takes precedence if present); site-postfix module is supported
|
||||||
|
# as well, see the source argument of file {"$postfix_header_checks_snippets_dir"
|
||||||
|
# bellow for details.
|
||||||
|
# - via postfix::header_checks_snippet defines
|
||||||
|
#
|
||||||
|
# Example usage:
|
||||||
|
#
|
||||||
|
# node "toto.example.com" {
|
||||||
|
# $postfix_manage_header_checks = yes
|
||||||
|
# include postfix
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
class postfix::header_checks {
|
||||||
|
|
||||||
|
include common::moduledir
|
||||||
|
module_dir{'postfix/header_checks': }
|
||||||
|
|
||||||
|
$postfix_header_checks_dir = "${common::moduledir::module_dir_path}/postfix/header_checks"
|
||||||
|
$postfix_header_checks_snippets_dir = "${postfix_header_checks_dir}/header_checks.d"
|
||||||
|
$postfix_merged_header_checks = "${postfix_header_checks_dir}/merged_header_checks"
|
||||||
|
|
||||||
|
file {"$postfix_header_checks_snippets_dir":
|
||||||
|
ensure => 'directory',
|
||||||
|
owner => 'root',
|
||||||
|
group => '0',
|
||||||
|
mode => '700',
|
||||||
|
source => [
|
||||||
|
"puppet:///modules/site-postfix/${fqdn}/header_checks.d",
|
||||||
|
"puppet:///modules/site-postfix/header_checks.d",
|
||||||
|
"puppet:///files/etc/postfix/header_checks.d",
|
||||||
|
"puppet:///modules/postfix/header_checks.d",
|
||||||
|
],
|
||||||
|
recurse => true,
|
||||||
|
purge => false,
|
||||||
|
}
|
||||||
|
|
||||||
|
concatenated_file { "$postfix_merged_header_checks":
|
||||||
|
dir => "${postfix_header_checks_snippets_dir}",
|
||||||
|
require => File["$postfix_header_checks_snippets_dir"],
|
||||||
|
}
|
||||||
|
|
||||||
|
config_file { '/etc/postfix/header_checks':
|
||||||
|
source => "$postfix_merged_header_checks",
|
||||||
|
subscribe => File["$postfix_merged_header_checks"],
|
||||||
|
}
|
||||||
|
|
||||||
|
postfix::config { "header_checks":
|
||||||
|
value => 'regexp:/etc/postfix/header_checks',
|
||||||
|
require => File['/etc/postfix/header_checks'],
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -2,7 +2,10 @@
|
||||||
# == Class: postfix::tlspolicy
|
# == Class: postfix::tlspolicy
|
||||||
#
|
#
|
||||||
# Manages Postfix TLS policy by merging policy snippets shipped:
|
# Manages Postfix TLS policy by merging policy snippets shipped:
|
||||||
# - in the module's files/tls_policy.d/
|
# - in the module's files/tls_policy.d/ or puppet:///files/etc/postfix/tls_policy.d
|
||||||
|
# (the latter takes precedence if present); site-postfix module is supported
|
||||||
|
# as well, see the source argument of file {"$postfix_tlspolicy_snippets_dir"
|
||||||
|
# bellow for details.
|
||||||
# - via postfix::tlspolicy_snippet defines
|
# - via postfix::tlspolicy_snippet defines
|
||||||
#
|
#
|
||||||
# Parameters:
|
# Parameters:
|
||||||
|
|
|
@ -40,6 +40,12 @@ class postfix {
|
||||||
case $root_mail_recipient {
|
case $root_mail_recipient {
|
||||||
"": { $root_mail_recipient = "nobody" }
|
"": { $root_mail_recipient = "nobody" }
|
||||||
}
|
}
|
||||||
|
case $postfix_anon_sasl {
|
||||||
|
"": { $postfix_anon_sasl = "no" }
|
||||||
|
}
|
||||||
|
case $postfix_manage_header_checks {
|
||||||
|
"": { $postfix_manage_header_checks = "no" }
|
||||||
|
}
|
||||||
case $postfix_manage_tls_policy {
|
case $postfix_manage_tls_policy {
|
||||||
"": { $postfix_manage_tls_policy = "no" }
|
"": { $postfix_manage_tls_policy = "no" }
|
||||||
}
|
}
|
||||||
|
@ -64,6 +70,12 @@ class postfix {
|
||||||
module_dir{'postfix': }
|
module_dir{'postfix': }
|
||||||
|
|
||||||
# Include optional classes
|
# Include optional classes
|
||||||
|
if $postfix_anon_sasl == 'yes' {
|
||||||
|
include postfix::anonsasl
|
||||||
|
}
|
||||||
|
if $postfix_manage_header_checks == 'yes' {
|
||||||
|
include postfix::header_checks
|
||||||
|
}
|
||||||
if $postfix_manage_tls_policy == 'yes' {
|
if $postfix_manage_tls_policy == 'yes' {
|
||||||
include postfix::tlspolicy
|
include postfix::tlspolicy
|
||||||
}
|
}
|
||||||
|
|
67
manifests/definitions/header_checks_snippet.pp
Normal file
67
manifests/definitions/header_checks_snippet.pp
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
/*
|
||||||
|
== Definition: postfix::header_checks_snippet
|
||||||
|
|
||||||
|
Adds a header_checks snippets to /etc/postfix/header_checks.
|
||||||
|
See the postfix::header_checks class for details.
|
||||||
|
|
||||||
|
Parameters:
|
||||||
|
- *source* or *content*: source or content of the header_checks snippet
|
||||||
|
- *ensure*: present (default) or absent
|
||||||
|
|
||||||
|
Requires:
|
||||||
|
- Class["postfix"]
|
||||||
|
|
||||||
|
Example usage:
|
||||||
|
|
||||||
|
node "toto.example.com" {
|
||||||
|
include postfix
|
||||||
|
postfix::header_checks {
|
||||||
|
'wrong_date': content => 'FIXME';
|
||||||
|
'bla': source => 'puppet:///files/etc/postfix/header_checks.d/bla';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
define postfix::header_checks_snippet (
|
||||||
|
$ensure = "present",
|
||||||
|
$source = '',
|
||||||
|
$content = undef
|
||||||
|
) {
|
||||||
|
|
||||||
|
if $source == '' and $content == undef {
|
||||||
|
fail("One of \$source or \$content must be specified for postfix::header_checks_snippet ${name}")
|
||||||
|
}
|
||||||
|
|
||||||
|
if $source != '' and $content != undef {
|
||||||
|
fail("Only one of \$source or \$content must specified for postfix::header_checks_snippet ${name}")
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($value == false) and ($ensure == "present") {
|
||||||
|
fail("The value parameter must be set when using the postfix::header_checks_snippet define with ensure=present.")
|
||||||
|
}
|
||||||
|
|
||||||
|
include postfix::header_checks
|
||||||
|
|
||||||
|
$snippetfile = "${postfix::header_checks::postfix_header_checks_snippets_dir}/${name}"
|
||||||
|
|
||||||
|
file { "$snippetfile":
|
||||||
|
ensure => "$ensure",
|
||||||
|
mode => 600,
|
||||||
|
owner => root,
|
||||||
|
group => 0,
|
||||||
|
notify => Exec["concat_${postfix::header_checks::postfix_merged_header_checks}"],
|
||||||
|
}
|
||||||
|
|
||||||
|
if $source {
|
||||||
|
File["$snippetfile"] {
|
||||||
|
source => $source,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
File["$snippetfile"] {
|
||||||
|
content => $content,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
2
templates/anonsasl_header_checks.erb
Normal file
2
templates/anonsasl_header_checks.erb
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\)).*?([[:space:]]+).*\(Authenticated sender: ([^)]+)\).*by (<%= fqdn.gsub(/\./, '\.') %>) \(([^)]+)\) with (E?SMTPS?A?) id ([A-F[:digit:]]+).*/
|
||||||
|
REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])$2(Authenticated sender: $3)${2}with $6 id $7
|
Loading…
Reference in a new issue