opuppet/module-postfix
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: opuppet:58c687dcaa5c24d3258b34a2a75e7a964431fd91
Branches Tags
opuppet:master
opuppet:ortiche
...
compare: opuppet:969076a813b88dafd222c413bf6fbabab837eafb
Branches Tags
opuppet:master
opuppet:ortiche

4 commits
58c687dcaa ... 969076a813

Author SHA1 Message Date
varac
969076a813 join case statements in init.pp 2015-12-01 16:27:41 +01:00
varac
f4201357e5 [refactor] Dont use case statement in resource def 2015-12-01 16:26:44 +01:00
varac
1eea47c2f6 linted init.pp 2015-12-01 14:44:38 +01:00
varac
6751268f0f [deprec] Use @ in front of erb tags in debian master.cf 
Puppet 3 now throws a deprecation warning about this.
 2015-12-01 10:58:44 +01:00
4 changed files with 107 additions and 104 deletions
Show stats Expand all files Collapse all files

137
manifests/init.pp
View file

@ -34,41 +34,58 @@
# } # }
# #
class postfix( class postfix(
$smtp_listen = "127.0.0.1", $smtp_listen = '127.0.0.1',
$root_mail_recipient = "nobody", $root_mail_recipient = 'nobody',
$anon_sasl = "no", $anon_sasl = 'no',
$manage_header_checks = "no", $manage_header_checks = 'no',
$manage_tls_policy = "no", $manage_tls_policy = 'no',
$manage_transport_regexp = "no", $manage_transport_regexp = 'no',
$manage_virtual_regexp = "no", $manage_virtual_regexp = 'no',
$tls_fingerprint_digest = 'sha1', $tls_fingerprint_digest = 'sha1',
$use_amavisd = "no", $use_amavisd = 'no',
$use_dovecot_lda = "no", $use_dovecot_lda = 'no',
$use_schleuder = "no", $use_schleuder = 'no',
$use_sympa = "no", $use_sympa = 'no',
$use_firma = "no", $use_firma = 'no',
$use_mlmmj = "no", $use_mlmmj = 'no',
$use_submission = "no", $use_submission = 'no',
$use_smtps = "no", $use_smtps = 'no',
$mastercf_tail = "", $mastercf_tail = '',
$inet_interfaces = 'all', $inet_interfaces = 'all',
$myorigin = $::fqdn, $myorigin = $::fqdn,
$default_alias_maps = true $default_alias_maps = true
) { ) {
# selinux labels differ from one distribution to another
case $::operatingsystem { case $::operatingsystem {
RedHat, CentOS: { 'RedHat', 'CentOS': {
$master_cf_template = 'postfix/master.cf.redhat5.erb'
# selinux labels differ from one distribution to another
case $::operatingsystemmajrelease { case $::operatingsystemmajrelease {
"4": { $postfix_seltype = "etc_t" } '4': { $postfix_seltype = 'etc_t' }
"5": { $postfix_seltype = "postfix_etc_t" } '5': { $postfix_seltype = 'postfix_etc_t' }
default: { $postfix_seltype = undef } default: { $postfix_seltype = undef }
} }
postfix::config {
'sendmail_path': value => '/usr/sbin/sendmail.postfix';
'newaliases_path': value => '/usr/bin/newaliases.postfix';
'mailq_path': value => '/usr/bin/mailq.postfix';
}
}
'Debian': {
$master_cf_template = "postfix/master.cf.debian-${::operatingsystemmajrelease}.erb"
}
'Ubuntu': {
$master_cf_template = 'postfix/master.cf.debian-sid.erb'
} }
default: { default: {
$postfix_seltype = undef $postfix_seltype = undef
$master_cf_template = undef
} }
} }
@ -81,7 +98,8 @@ class postfix(
if $anon_sasl == 'yes' { if $anon_sasl == 'yes' {
include postfix::anonsasl include postfix::anonsasl
} }
if $header_checks == 'yes' { # this global variable needs to get parameterized as well
if $::header_checks == 'yes' {
include postfix::header_checks include postfix::header_checks
} }
if $manage_tls_policy == 'yes' { if $manage_tls_policy == 'yes' {
@ -99,7 +117,7 @@ class postfix(
include postfix::virtual_regexp include postfix::virtual_regexp
} }
package { ["postfix", "mailx"]: package { ['postfix', 'mailx']:
ensure => installed ensure => installed
} }
@ -107,86 +125,71 @@ class postfix(
Package[mailx] { name => 'bsd-mailx' } Package[mailx] { name => 'bsd-mailx' }
} }
service { "postfix": service { 'postfix':
ensure => running, ensure => running,
require => Package["postfix"], require => Package['postfix'],
} }
file { "/etc/mailname": file { '/etc/mailname':
ensure => present, ensure => present,
content => "${fqdn}\n", content => "${::fqdn}\n",
seltype => $postfix_seltype, seltype => $postfix_seltype,
} }
# Aliases # Aliases
file { "/etc/aliases": file { '/etc/aliases':
ensure => present, ensure => present,
content => "# file managed by puppet\n", content => "# file managed by puppet\n",
replace => false, replace => false,
seltype => $postfix_seltype, seltype => $postfix_seltype,
notify => Exec["newaliases"], notify => Exec['newaliases'],
} }
# Aliases # Aliases
exec { "newaliases": exec { 'newaliases':
command => "/usr/bin/newaliases", command => '/usr/bin/newaliases',
refreshonly => true, refreshonly => true,
require => Package["postfix"], require => Package['postfix'],
subscribe => File["/etc/aliases"], subscribe => File['/etc/aliases'],
} }
# Config files # Config files
file { "/etc/postfix/master.cf": file { '/etc/postfix/master.cf':
ensure => present, ensure => present,
owner => "root", owner => 'root',
group => "root", group => 'root',
mode => "0644", mode => '0644',
content => $::operatingsystem ? { content => template($master_cf_template),
Redhat => template("postfix/master.cf.redhat5.erb"),
CentOS => template("postfix/master.cf.redhat5.erb"),
Debian => template("postfix/master.cf.debian-${::operatingsystemmajrelease}.erb"),
Ubuntu => template("postfix/master.cf.debian-etch.erb"),
},
seltype => $postfix_seltype, seltype => $postfix_seltype,
notify => Service["postfix"], notify => Service['postfix'],
require => Package["postfix"], require => Package['postfix'],
} }
# Config files # Config files
file { "/etc/postfix/main.cf": file { '/etc/postfix/main.cf':
ensure => present, ensure => present,
owner => "root", owner => 'root',
group => "root", group => 'root',
mode => "0644", mode => '0644',
source => "puppet:///modules/postfix/main.cf", source => 'puppet:///modules/postfix/main.cf',
replace => false, replace => false,
seltype => $postfix_seltype, seltype => $postfix_seltype,
notify => Service["postfix"], notify => Service['postfix'],
require => Package["postfix"], require => Package['postfix'],
} }
# Default configuration parameters # Default configuration parameters
if $default_alias_maps { if $default_alias_maps {
postfix::config { postfix::config {
"alias_maps": value => "hash:/etc/aliases"; 'alias_maps': value => 'hash:/etc/aliases';
} }
} }
postfix::config { postfix::config {
"myorigin": value => "${myorigin}"; 'myorigin': value => $myorigin;
"inet_interfaces": value => "${inet_interfaces}"; 'inet_interfaces': value => $inet_interfaces;
} }
case $::operatingsystem { postfix::mailalias {'root':
RedHat, CentOS: {
postfix::config {
"sendmail_path": value => "/usr/sbin/sendmail.postfix";
"newaliases_path": value => "/usr/bin/newaliases.postfix";
"mailq_path": value => "/usr/bin/mailq.postfix";
}
}
}
postfix::mailalias {"root":
recipient => $root_mail_recipient, recipient => $root_mail_recipient,
} }
} }

26
templates/master.cf.debian-7.erb
View file

@ -8,25 +8,25 @@
# service type private unpriv chroot wakeup maxproc command + args # service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100) # (yes) (yes) (yes) (never) (100)
# ========================================================================== # ==========================================================================
<% if smtp_listen == 'all' %>smtp inet n - - - - smtpd <% if @smtp_listen == 'all' %>smtp inet n - - - - smtpd
<% else %><%= smtp_listen %>:smtp inet n - - - - smtpd<% end %> <% else %><%= @smtp_listen %>:smtp inet n - - - - smtpd<% end %>
#smtp inet n - - - 1 postscreen #smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd #smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog #dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy #tlsproxy unix - - - - 0 tlsproxy
<% if use_submission == 'yes' %>submission inet n - - - - smtpd <% if @use_submission == 'yes' %>submission inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING -o milter_macro_daemon_name=ORIGINATING
<% end %> <% end %>
<% if use_smtps == 'yes' %>smtps inet n - - - - smtpd <% if @use_smtps == 'yes' %>smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING -o milter_macro_daemon_name=ORIGINATING
<% end %> <% end %>
#628 inet n - - - - qmqpd #628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr qmgr fifo n - n 300 1 qmgr
@ -114,7 +114,7 @@ mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user} ${nexthop} ${user}
<% if use_amavisd == 'yes' %> <% if @use_amavisd == 'yes' %>
amavis unix - - - - 2 smtp amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200 -o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes -o smtp_send_xforward_command=yes
@ -133,25 +133,25 @@ amavis unix - - - - 2 smtp
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1 -o smtpd_bind_address=127.0.0.1
<% end %> <% end %>
<% if use_dovecot_lda == 'yes' %> <% if @use_dovecot_lda == 'yes' %>
dovecot unix - n n - - pipe dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension} flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}
<% end %> <% end %>
<% if use_schleuder == 'yes' %> <% if @use_schleuder == 'yes' %>
schleuder unix - n n - - pipe schleuder unix - n n - - pipe
flags=DRhu user=schleuder argv=/usr/bin/schleuder ${user} flags=DRhu user=schleuder argv=/usr/bin/schleuder ${user}
<% end %> <% end %>
<% if use_sympa == 'yes' %> <% if @use_sympa == 'yes' %>
sympa unix - n n - - pipe sympa unix - n n - - pipe
flags=R user=sympa argv=/usr/lib/sympa/bin/queue ${recipient} flags=R user=sympa argv=/usr/lib/sympa/bin/queue ${recipient}
sympabounce unix - n n - - pipe sympabounce unix - n n - - pipe
flags=R user=sympa argv=/usr/lib/sympa/bin/bouncequeue ${user} flags=R user=sympa argv=/usr/lib/sympa/bin/bouncequeue ${user}
<% end %> <% end %>
<% if use_mlmmj == 'yes' %> <% if @use_mlmmj == 'yes' %>
mlmmj unix - n n - - pipe mlmmj unix - n n - - pipe
flags=DORhu user=mlmmj argv=/usr/bin/mlmmj-recieve -F -L /var/spool/mlmmj/$nexthop/ flags=DORhu user=mlmmj argv=/usr/bin/mlmmj-recieve -F -L /var/spool/mlmmj/$nexthop/
<%- end -%> <%- end -%>
<%- unless mastercf_tail.to_s.empty? then -%> <%- unless @mastercf_tail.to_s.empty? then -%>
<%= mastercf_tail %> <%= @mastercf_tail %>
<%- end -%> <%- end -%>

22
templates/master.cf.debian-8.erb
View file

@ -8,19 +8,19 @@
# service type private unpriv chroot wakeup maxproc command + args # service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100) # (yes) (yes) (yes) (never) (100)
# ========================================================================== # ==========================================================================
<% if smtp_listen == 'all' %>smtp inet n - - - - smtpd <% if @smtp_listen == 'all' %>smtp inet n - - - - smtpd
<% else %><%= smtp_listen %>:smtp inet n - - - - smtpd<% end %> <% else %><%= @smtp_listen %>:smtp inet n - - - - smtpd<% end %>
#smtp inet n - - - 1 postscreen #smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd #smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog #dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy #tlsproxy unix - - - - 0 tlsproxy
<% if use_submission == 'yes' %>submission inet n - - - - smtpd <% if @use_submission == 'yes' %>submission inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING -o milter_macro_daemon_name=ORIGINATING
<% end %> <% end %>
<% if use_smtps == 'yes' %>smtps inet n - - - - smtpd <% if @use_smtps == 'yes' %>smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_sasl_authenticated,reject
@ -114,7 +114,7 @@ mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user} ${nexthop} ${user}
<% if use_amavisd == 'yes' %> <% if @use_amavisd == 'yes' %>
amavis unix - - - - 2 smtp amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200 -o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes -o smtp_send_xforward_command=yes
@ -133,25 +133,25 @@ amavis unix - - - - 2 smtp
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1 -o smtpd_bind_address=127.0.0.1
<% end %> <% end %>
<% if use_dovecot_lda == 'yes' %> <% if @use_dovecot_lda == 'yes' %>
dovecot unix - n n - - pipe dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension} flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}
<% end %> <% end %>
<% if use_schleuder == 'yes' %> <% if @use_schleuder == 'yes' %>
schleuder unix - n n - - pipe schleuder unix - n n - - pipe
flags=DRhu user=schleuder argv=/usr/bin/schleuder ${user} flags=DRhu user=schleuder argv=/usr/bin/schleuder ${user}
<% end %> <% end %>
<% if use_sympa == 'yes' %> <% if @use_sympa == 'yes' %>
sympa unix - n n - - pipe sympa unix - n n - - pipe
flags=R user=sympa argv=/usr/lib/sympa/bin/queue ${recipient} flags=R user=sympa argv=/usr/lib/sympa/bin/queue ${recipient}
sympabounce unix - n n - - pipe sympabounce unix - n n - - pipe
flags=R user=sympa argv=/usr/lib/sympa/bin/bouncequeue ${user} flags=R user=sympa argv=/usr/lib/sympa/bin/bouncequeue ${user}
<% end %> <% end %>
<% if use_mlmmj == 'yes' %> <% if @use_mlmmj == 'yes' %>
mlmmj unix - n n - - pipe mlmmj unix - n n - - pipe
flags=DORhu user=mlmmj argv=/usr/bin/mlmmj-recieve -F -L /var/spool/mlmmj/$nexthop/ flags=DORhu user=mlmmj argv=/usr/bin/mlmmj-recieve -F -L /var/spool/mlmmj/$nexthop/
<%- end -%> <%- end -%>
<%- unless mastercf_tail.to_s.empty? then -%> <%- unless @mastercf_tail.to_s.empty? then -%>
<%= mastercf_tail %> <%= @mastercf_tail %>
<%- end -%> <%- end -%>

26
templates/master.cf.debian-sid.erb
View file

@ -8,25 +8,25 @@
# service type private unpriv chroot wakeup maxproc command + args # service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100) # (yes) (yes) (yes) (never) (100)
# ========================================================================== # ==========================================================================
<% if smtp_listen == 'all' %>smtp inet n - - - - smtpd <% if @smtp_listen == 'all' %>smtp inet n - - - - smtpd
<% else %><%= smtp_listen %>:smtp inet n - - - - smtpd<% end %> <% else %><%= @smtp_listen %>:smtp inet n - - - - smtpd<% end %>
#smtp inet n - - - 1 postscreen #smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd #smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog #dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy #tlsproxy unix - - - - 0 tlsproxy
<% if use_submission == 'yes' %>submission inet n - - - - smtpd <% if @use_submission == 'yes' %>submission inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING -o milter_macro_daemon_name=ORIGINATING
<% end %> <% end %>
<% if use_smtps == 'yes' %>smtps inet n - - - - smtpd <% if @use_smtps == 'yes' %>smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING -o milter_macro_daemon_name=ORIGINATING
<% end %> <% end %>
#628 inet n - - - - qmqpd #628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr qmgr fifo n - n 300 1 qmgr
@ -114,7 +114,7 @@ mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user} ${nexthop} ${user}
<% if use_amavisd == 'yes' %> <% if @use_amavisd == 'yes' %>
amavis unix - - - - 2 smtp amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200 -o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes -o smtp_send_xforward_command=yes
@ -133,25 +133,25 @@ amavis unix - - - - 2 smtp
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1 -o smtpd_bind_address=127.0.0.1
<% end %> <% end %>
<% if use_dovecot_lda == 'yes' %> <% if @use_dovecot_lda == 'yes' %>
dovecot unix - n n - - pipe dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}
<% end %> <% end %>
<% if use_schleuder == 'yes' %> <% if @use_schleuder == 'yes' %>
schleuder unix - n n - - pipe schleuder unix - n n - - pipe
flags=DRhu user=schleuder argv=/usr/bin/schleuder ${user} flags=DRhu user=schleuder argv=/usr/bin/schleuder ${user}
<% end %> <% end %>
<% if use_sympa == 'yes' %> <% if @use_sympa == 'yes' %>
sympa unix - n n - - pipe sympa unix - n n - - pipe
flags=R user=sympa argv=/usr/lib/sympa/bin/queue ${recipient} flags=R user=sympa argv=/usr/lib/sympa/bin/queue ${recipient}
sympabounce unix - n n - - pipe sympabounce unix - n n - - pipe
flags=R user=sympa argv=/usr/lib/sympa/bin/bouncequeue ${user} flags=R user=sympa argv=/usr/lib/sympa/bin/bouncequeue ${user}
<% end %> <% end %>
<% if use_mlmmj == 'yes' %> <% if @use_mlmmj == 'yes' %>
mlmmj unix - n n - - pipe mlmmj unix - n n - - pipe
flags=DORhu user=mlmmj argv=/usr/bin/mlmmj-recieve -F -L /var/spool/mlmmj/$nexthop/ flags=DORhu user=mlmmj argv=/usr/bin/mlmmj-recieve -F -L /var/spool/mlmmj/$nexthop/
<%- end -%> <%- end -%>
<%- unless mastercf_tail.to_s.empty? then -%> <%- unless @mastercf_tail.to_s.empty? then -%>
<%= mastercf_tail %> <%= @mastercf_tail %>
<%- end -%> <%- end -%>