summaryrefslogtreecommitdiff
path: root/puppet/modules/site_postfix/manifests
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2015-09-03 13:03:01 -0400
committerMicah Anderson <micah@leap.se>2015-09-08 12:06:51 -0400
commitffd340e7b014bc9f35fb6f9365230d483650cc1d (patch)
treed82df5b52f7bbe3407a9166bfd85ee8e7b3243c8 /puppet/modules/site_postfix/manifests
parentbe8f7335cc273f85a1949557962dd65d88548679 (diff)
rewrite openpgp header to be always correct (#7413)
The openpgp header added by the client is sometimes incorrect, because the client doesn't actually know what the proper URL is for the webapp. The server knows, however. Change-Id: I2243b19a6337d8e0be97590e2ca9c9c0b0fffdac
Diffstat (limited to 'puppet/modules/site_postfix/manifests')
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp6
-rw-r--r--puppet/modules/site_postfix/manifests/mx/rewrite_openpgp_header.pp11
2 files changed, 16 insertions, 1 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 334d04d0..2b311e06 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -52,6 +52,7 @@ class site_postfix::mx {
include site_postfix::mx::smtp_tls
include site_postfix::mx::smtpd_tls
include site_postfix::mx::static_aliases
+ include site_postfix::mx::rewrite_openpgp_header
# greater verbosity for debugging, take out for production
#include site_postfix::debug
@@ -74,7 +75,10 @@ class site_postfix::mx {
-o smtpd_tls_wrappermode=yes
-o smtpd_tls_security_level=encrypt
-o smtpd_recipient_restrictions=\$smtps_recipient_restrictions
- -o smtpd_helo_restrictions=\$smtps_helo_restrictions",
+ -o smtpd_helo_restrictions=\$smtps_helo_restrictions
+ -o cleanup_service_name=clean_smtps
+clean_smtps unix n - n - 0 cleanup
+ -o header_checks=pcre:/etc/postfix/checks/rewrite_openpgp_headers",
require => [
Class['Site_config::X509::Key'],
Class['Site_config::X509::Cert'],
diff --git a/puppet/modules/site_postfix/manifests/mx/rewrite_openpgp_header.pp b/puppet/modules/site_postfix/manifests/mx/rewrite_openpgp_header.pp
new file mode 100644
index 00000000..71f945b8
--- /dev/null
+++ b/puppet/modules/site_postfix/manifests/mx/rewrite_openpgp_header.pp
@@ -0,0 +1,11 @@
+class site_postfix::mx::rewrite_openpgp_header {
+ $mx = hiera('mx')
+ $correct_domain = $mx['key_lookup_domain']
+
+ file { '/etc/postfix/checks/rewrite_openpgp_headers':
+ content => template('site_postfix/checks/rewrite_openpgp_headers.erb'),
+ mode => '0644',
+ owner => root,
+ group => root;
+ }
+}