Fix postfix connection to opendkim milter (#8020)

In order for postfix to access the opendkim milter socket, we need to remove the chroot option for the cleanup service. See e97a9d3800b173375a630e18e4b1aa0894eb96e1 for opendkim implementation. Change-Id: I2742650965e61273fb804ebe9ce3f9bd38796582
author: Micah <micah@leap.se> 2016-04-12 09:30:44 -0400
committer: Micah <micah@leap.se> 2016-04-12 14:20:22 -0400
commit: 15b83d88dcedab496a19cef57f11c5c8e091dd4a (patch)
tree: 3f8989421924265f2cb20bf31767714320490e9b /puppet/modules/site_postfix/manifests
parent: aec082688b8c20b5cd549feb81d1003847d5f744 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 7837f415..c269946b 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -92,6 +92,15 @@ class site_postfix::mx {
       value => 'enforce';
   }
 
+  # Make sure that the cleanup serivce is not chrooted, otherwise it cannot
+  # access the opendkim milter socket (#8020)
+  exec { 'unset_cleanup_chroot':
+    command => '/usr/sbin/postconf -F "cleanup/unix/chroot=n"',
+    onlyif  => '/usr/sbin/postconf -h -F "cleanup/unix/chroot" | egrep -q ^n',
+    notify  => Service['postfix'],
+    require => File['/etc/postfix/master.cf']
+  }
+
   include ::site_postfix::mx::smtpd_checks
   include ::site_postfix::mx::checks
   include ::site_postfix::mx::smtp_tls
author	Micah <micah@leap.se>	2016-04-12 09:30:44 -0400
committer	Micah <micah@leap.se>	2016-04-12 14:20:22 -0400
commit	15b83d88dcedab496a19cef57f11c5c8e091dd4a (patch)
tree	3f8989421924265f2cb20bf31767714320490e9b /puppet/modules/site_postfix/manifests
parent	aec082688b8c20b5cd549feb81d1003847d5f744 (diff)