diff options
author | kwadronaut <kwadronaut@leap.se> | 2015-11-12 10:00:27 +0100 |
---|---|---|
committer | kwadronaut <kwadronaut@leap.se> | 2015-11-12 10:00:27 +0100 |
commit | 92cc2b1118e98a4fb086d7c62a140dbfc845f4b0 (patch) | |
tree | 92896619c0cf4ace177cecfbdea6cbbbb9bc8419 /puppet/modules/site_postfix/manifests/mx.pp | |
parent | 81467100826ad95266a4c29b11a2ecef759dd782 (diff) | |
parent | 7d0b6b25e49a1ccb70c4f502f7dfc58878b900cc (diff) |
Merge remote-tracking branch 'origin/develop' into HEAD
Diffstat (limited to 'puppet/modules/site_postfix/manifests/mx.pp')
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 49692d24..71d61621 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -7,7 +7,8 @@ class site_postfix::mx { $domain = $domain_hash['full_suffix'] $host_domain = $domain_hash['full'] $cert_name = hiera('name') - $mynetworks = join(hiera('mynetworks'), ' ') + $mynetworks = join(hiera('mynetworks', ''), ' ') + $rbls = suffix(prefix(hiera('rbls', []), 'reject_rbl_client '), ',') $root_mail_recipient = hiera('contacts') $postfix_smtp_listen = 'all' @@ -20,16 +21,20 @@ class site_postfix::mx { postfix::config { 'mynetworks': value => "127.0.0.0/8 [::1]/128 [fe80::]/64 ${mynetworks}"; + # Note: mydestination should not include @domain, because this is + # used in virtual alias maps. 'mydestination': - value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}"; + value => "\$myorigin, localhost, localhost.\$mydomain"; 'myhostname': value => $host_domain; 'mailbox_size_limit': value => '0'; 'home_mailbox': value => 'Maildir/'; + # Note: virtual-aliases map will take precedence over leap_mx + # lookup (tcp:localhost) 'virtual_alias_maps': - value => 'tcp:localhost:4242'; + value => 'hash:/etc/postfix/virtual-aliases tcp:localhost:4242'; 'luser_relay': value => 'vmail'; 'smtpd_tls_received_header': @@ -44,13 +49,20 @@ class site_postfix::mx { # alias map 'local_recipient_maps': value => '$alias_maps'; + 'smtpd_milters': + value => 'unix:/run/clamav/milter.ctl,unix:/var/run/opendkim/opendkim.sock'; + 'milter_default_action': + value => 'accept'; } include site_postfix::mx::smtpd_checks include site_postfix::mx::checks include site_postfix::mx::smtp_tls include site_postfix::mx::smtpd_tls - include site_postfix::mx::reserved_aliases + include site_postfix::mx::static_aliases + include site_postfix::mx::rewrite_openpgp_header + include clamav + include postfwd # greater verbosity for debugging, take out for production #include site_postfix::debug @@ -72,7 +84,11 @@ class site_postfix::mx { -o smtpd_tls_wrappermode=yes -o smtpd_tls_security_level=encrypt -o smtpd_recipient_restrictions=\$smtps_recipient_restrictions - -o smtpd_helo_restrictions=\$smtps_helo_restrictions", + -o smtpd_helo_restrictions=\$smtps_helo_restrictions + -o smtpd_client_restrictions= + -o cleanup_service_name=clean_smtps +clean_smtps unix n - n - 0 cleanup + -o header_checks=pcre:/etc/postfix/checks/rewrite_openpgp_headers", require => [ Class['Site_config::X509::Key'], Class['Site_config::X509::Cert'], |