diff options
author | Micah Anderson <micah@leap.se> | 2015-09-03 13:03:01 -0400 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2015-09-08 12:06:51 -0400 |
commit | ffd340e7b014bc9f35fb6f9365230d483650cc1d (patch) | |
tree | d82df5b52f7bbe3407a9166bfd85ee8e7b3243c8 /puppet/modules/site_postfix/manifests | |
parent | be8f7335cc273f85a1949557962dd65d88548679 (diff) |
rewrite openpgp header to be always correct (#7413)
The openpgp header added by the client is sometimes incorrect, because
the client doesn't actually know what the proper URL is for the
webapp. The server knows, however.
Change-Id: I2243b19a6337d8e0be97590e2ca9c9c0b0fffdac
Diffstat (limited to 'puppet/modules/site_postfix/manifests')
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 6 | ||||
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx/rewrite_openpgp_header.pp | 11 |
2 files changed, 16 insertions, 1 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 334d04d0..2b311e06 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -52,6 +52,7 @@ class site_postfix::mx { include site_postfix::mx::smtp_tls include site_postfix::mx::smtpd_tls include site_postfix::mx::static_aliases + include site_postfix::mx::rewrite_openpgp_header # greater verbosity for debugging, take out for production #include site_postfix::debug @@ -74,7 +75,10 @@ class site_postfix::mx { -o smtpd_tls_wrappermode=yes -o smtpd_tls_security_level=encrypt -o smtpd_recipient_restrictions=\$smtps_recipient_restrictions - -o smtpd_helo_restrictions=\$smtps_helo_restrictions", + -o smtpd_helo_restrictions=\$smtps_helo_restrictions + -o cleanup_service_name=clean_smtps +clean_smtps unix n - n - 0 cleanup + -o header_checks=pcre:/etc/postfix/checks/rewrite_openpgp_headers", require => [ Class['Site_config::X509::Key'], Class['Site_config::X509::Cert'], diff --git a/puppet/modules/site_postfix/manifests/mx/rewrite_openpgp_header.pp b/puppet/modules/site_postfix/manifests/mx/rewrite_openpgp_header.pp new file mode 100644 index 00000000..71f945b8 --- /dev/null +++ b/puppet/modules/site_postfix/manifests/mx/rewrite_openpgp_header.pp @@ -0,0 +1,11 @@ +class site_postfix::mx::rewrite_openpgp_header { + $mx = hiera('mx') + $correct_domain = $mx['key_lookup_domain'] + + file { '/etc/postfix/checks/rewrite_openpgp_headers': + content => template('site_postfix/checks/rewrite_openpgp_headers.erb'), + mode => '0644', + owner => root, + group => root; + } +} |