diff options
author | Micah <micah@leap.se> | 2015-11-24 15:11:47 -0500 |
---|---|---|
committer | Micah <micah@leap.se> | 2015-12-01 10:12:47 -0500 |
commit | fc9f820d0cd363e127859af23e20b61eed71dc1e (patch) | |
tree | 2692cfdbfbe02ede8fc9ca9adac2ae21222abb17 /puppet/modules | |
parent | bd06baca709cf4b78d831bff15720c74a66b38b2 (diff) |
stop delivering non-existing local user mail to leap-mx (#5431)
When mail comes in to the system, a lookup is done to see if it is a
valid leap user, if it is, leap_mx now returns something of the form:
uuid@deliver.local (see #5959). The virtual_mailbox_domains lists
deliver.local, so postfix choses to deliver to
virtual_mailbox_base (/var/mail/vmail) which has been hardcoded to the
'vmail' maildir and user.
We want leap related mail and leap aliases to go through the virtual
alias system, all the hard-coded universal aliases we want to go through
the local system and we dont want these separate. Known domains that are
considered 'virtual' will be forwarded or delivered to the vmail user,
the rest rejected as unknown recipient, instead of being handed off to
leap-mx.
Previously, the way this was done is we leaned (too heavily) on the
'luser_relay' postfix configuration which sent anything that wasn't
locally configured right to the leap_mx spool. That meant everything
went there, including addresses that didn't exist, and leap-mx would
then have to process those and bounce them. This removes the
'luser_relay' option, so any address that doesn't resolve properly to
either a local address/alias, or a leap address or alias (through
tcp lookups on 2424 and 4242) will get bounced as an unknown user.
Change-Id: I3c22e9383861b3794dd9adfd7aa6a0cf0a773a18
Diffstat (limited to 'puppet/modules')
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 71d61621..de317205 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -30,13 +30,25 @@ class site_postfix::mx { 'mailbox_size_limit': value => '0'; 'home_mailbox': - value => 'Maildir/'; + value => ''; + 'virtual_mailbox_domains': + value => 'deliver.local'; + 'virtual_mailbox_base': + value => '/var/mail/vmail'; + 'virtual_mailbox_maps': + value => 'static:Maildir/'; # Note: virtual-aliases map will take precedence over leap_mx # lookup (tcp:localhost) 'virtual_alias_maps': value => 'hash:/etc/postfix/virtual-aliases tcp:localhost:4242'; 'luser_relay': - value => 'vmail'; + value => ''; + # uid and gid are set to an arbitrary hard-coded value here, this + # must match the 'vmail' user block below + 'virtual_uid_maps': + value => 'static:42424'; + 'virtual_gid_maps': + value => 'static:42424'; 'smtpd_tls_received_header': value => 'yes'; # Note: we are setting this here, instead of in site_postfix::mx::smtp_tls @@ -67,11 +79,19 @@ class site_postfix::mx { # greater verbosity for debugging, take out for production #include site_postfix::debug + # Make the 'vmail' user for leap-mx. This user is where all legitimate, + # non-system mail is delivered so leap-mx can process it. Previously, we let + # the system pick a uid/gid, but we need to know what they are set to in order + # to set the virtual_uid_maps and virtual_gid_maps. Its a bit overkill write a + # fact just for this, so instead we pick arbitrary numbers that seem unlikely + # to be used and then use them in the postfix configuration user { 'vmail': ensure => present, comment => 'Leap Mailspool', home => '/var/mail/vmail', shell => '/bin/false', + uid => '42424', + gid => '42424', managehome => true, } |