diff options
| author | elijah <elijah@riseup.net> | 2015-09-24 13:29:15 -0700 |
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2015-09-24 13:29:15 -0700 |
| commit | afd8867ba953513c6e08f957e3099f0ff3b1a3a2 (patch) | |
| tree | 01b683fcefdb155588a7702998b5ba7f4ef856f9 /puppet/modules/site_postfix/manifests | |
| parent | bbc95640557e200a5a4e463f451ed647692dc0a3 (diff) | |
allow certain aliases, like 'abuse', to be publicly forwardable.
Diffstat (limited to 'puppet/modules/site_postfix/manifests')
| -rw-r--r-- | puppet/modules/site_postfix/manifests/mx/static_aliases.pp | 68 |
1 files changed, 53 insertions, 15 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx/static_aliases.pp b/puppet/modules/site_postfix/manifests/mx/static_aliases.pp index e9118470..71c0555a 100644 --- a/puppet/modules/site_postfix/manifests/mx/static_aliases.pp +++ b/puppet/modules/site_postfix/manifests/mx/static_aliases.pp @@ -1,37 +1,75 @@ # # Defines static, hard coded aliases that are not in the database. +# These aliases take precedence over the database aliases. +# +# There are three classes of reserved names: +# +# (1) forbidden_usernames: +# Some usernames are forbidden and cannot be registered. +# this is defined in node property webapp.forbidden_usernames +# This is enforced by the webapp. +# +# (2) public aliases: +# Some aliases for root, and are publicly exposed so that anyone +# can deliver mail to them. For example, postmaster. +# These are implemented in the virtual alias map, which takes +# precedence over the local alias map. +# +# (3) local aliases: +# Some aliases are only available locally: mail can be delivered +# to the alias if the mail originates from the local host, or is +# hostname qualified, but otherwise it will be rejected. +# These are implemented in the local alias map. +# +# The alias for local 'root' is defined elsewhere. In this file, we +# define the virtual 'root@domain' (which can be overwritten by +# defining an entry for root in node property mx.aliases). # class site_postfix::mx::static_aliases { $mx = hiera('mx') - $aliases = $mx['aliases'] + $root_recipients = hiera('contacts') # - # Predefined aliases. - # - # Defines which mail addresses shouldn't be available and where they should - # fwd - # - # TODO: reconcile this with the node property webapp.forbidden_usernames + # LOCAL ALIASES # + # NOTE: if you remove one of these, they will still appear in the # /etc/aliases file - # + $local_aliases = [ + 'admin', 'administrator', 'bin', 'cron', 'games', 'ftp', 'lp', 'maildrop', + 'mysql', 'news', 'nobody', 'noc', 'postgresql', 'ssladmin', 'sys', + 'usenet', 'uucp', 'www', 'www-data' + ] + postfix::mailalias { - [ 'abuse', 'admin', 'arin-admin', 'administrator', 'bin', 'cron', - 'certmaster', 'domainadmin', 'games', 'ftp', 'hostmaster', 'lp', - 'maildrop', 'mysql', 'news', 'nobody', 'noc', 'postmaster', 'postgresql', - 'security', 'ssladmin', 'sys', 'usenet', 'uucp', 'webmaster', 'www', - 'www-data', - ]: + $local_aliases: ensure => present, recipient => 'root' } # - # Custom static virtual aliases. + # PUBLIC ALIASES # + + $public_aliases = $mx['aliases'] + + $default_public_aliases = { + 'root' => $root_recipients, + 'abuse' => 'postmaster', + 'arin-admin' => 'root', + 'certmaster' => 'hostmaster', + 'domainadmin' => 'hostmaster', + 'hostmaster' => 'root', + 'mailer-daemon' => 'postmaster', + 'postmaster' => 'root', + 'security' => 'root', + 'webmaster' => 'hostmaster', + } + + $aliases = merge($default_public_aliases, $public_aliases) + exec { 'postmap_virtual_aliases': command => '/usr/sbin/postmap /etc/postfix/virtual-aliases', refreshonly => true, |