Merge branch 'bugfix/virtualaliases' into develop

2 files changed, 54 insertions, 17 deletions

diff --git a/puppet/modules/site_postfix/manifests/mx/static_aliases.pp b/puppet/modules/site_postfix/manifests/mx/static_aliases.pp
index e9118470..71c0555a 100644
--- a/puppet/modules/site_postfix/manifests/mx/static_aliases.pp
+++ b/puppet/modules/site_postfix/manifests/mx/static_aliases.pp
@@ -1,37 +1,75 @@
 #
 # Defines static, hard coded aliases that are not in the database.
+# These aliases take precedence over the database aliases.
+#
+# There are three classes of reserved names:
+#
+# (1) forbidden_usernames:
+#     Some usernames are forbidden and cannot be registered.
+#     this is defined in node property webapp.forbidden_usernames
+#     This is enforced by the webapp.
+#
+# (2) public aliases:
+#     Some aliases for root, and are publicly exposed so that anyone
+#     can deliver mail to them. For example, postmaster.
+#     These are implemented in the virtual alias map, which takes
+#     precedence over the local alias map.
+#
+# (3) local aliases:
+#     Some aliases are only available locally: mail can be delivered
+#     to the alias if the mail originates from the local host, or is
+#     hostname qualified, but otherwise it will be rejected.
+#     These are implemented in the local alias map.
+#
+# The alias for local 'root' is defined elsewhere. In this file, we
+# define the virtual 'root@domain' (which can be overwritten by
+# defining an entry for root in node property mx.aliases).
 #
 
 class site_postfix::mx::static_aliases {
 
   $mx = hiera('mx')
-  $aliases = $mx['aliases']
+  $root_recipients = hiera('contacts')
 
   #
-  # Predefined aliases.
-  #
-  # Defines which mail addresses shouldn't be available and where they should
-  # fwd
-  #
-  # TODO: reconcile this with the node property webapp.forbidden_usernames
+  # LOCAL ALIASES
   #
+
   # NOTE: if you remove one of these, they will still appear in the
   # /etc/aliases file
-  #
+  $local_aliases = [
+    'admin', 'administrator', 'bin', 'cron', 'games', 'ftp', 'lp', 'maildrop',
+    'mysql', 'news', 'nobody', 'noc', 'postgresql', 'ssladmin', 'sys',
+    'usenet', 'uucp', 'www', 'www-data'
+  ]
+
   postfix::mailalias {
-    [ 'abuse', 'admin', 'arin-admin', 'administrator', 'bin', 'cron',
-      'certmaster', 'domainadmin', 'games', 'ftp', 'hostmaster', 'lp',
-      'maildrop', 'mysql', 'news', 'nobody', 'noc', 'postmaster', 'postgresql',
-      'security', 'ssladmin', 'sys', 'usenet', 'uucp', 'webmaster', 'www',
-      'www-data',
-    ]:
+    $local_aliases:
       ensure    => present,
       recipient => 'root'
   }
 
   #
-  # Custom static virtual aliases.
+  # PUBLIC ALIASES
   #
+
+  $public_aliases = $mx['aliases']
+
+  $default_public_aliases = {
+    'root'          => $root_recipients,
+    'abuse'         => 'postmaster',
+    'arin-admin'    => 'root',
+    'certmaster'    => 'hostmaster',
+    'domainadmin'   => 'hostmaster',
+    'hostmaster'    => 'root',
+    'mailer-daemon' => 'postmaster',
+    'postmaster'    => 'root',
+    'security'      => 'root',
+    'webmaster'     => 'hostmaster',
+  }
+
+  $aliases = merge($default_public_aliases, $public_aliases)
+
   exec { 'postmap_virtual_aliases':
     command     => '/usr/sbin/postmap /etc/postfix/virtual-aliases',
     refreshonly => true,
diff --git a/puppet/modules/site_postfix/templates/virtual-aliases.erb b/puppet/modules/site_postfix/templates/virtual-aliases.erb
index c474e734..8373de97 100644
--- a/puppet/modules/site_postfix/templates/virtual-aliases.erb
+++ b/puppet/modules/site_postfix/templates/virtual-aliases.erb
@@ -1,8 +1,7 @@
 #
 # This file is managed by puppet.
 #
-# This is a map of custom, non-standard aliases. The contents of this file
-# are derived from the node property `mx.aliases`.
+# These virtual aliases take precedence over all other aliases.
 #
 
 #