summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitmodules6
m---------puppet/modules/couchdb0
m---------puppet/modules/postfix0
-rw-r--r--puppet/modules/site_apt/templates/wheezy/postfix.seeds1
-rw-r--r--puppet/modules/site_nickserver/templates/nickserver.yml.erb2
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp3
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp13
7 files changed, 17 insertions, 8 deletions
diff --git a/.gitmodules b/.gitmodules
index bfa826e2..13bb18d1 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -73,9 +73,9 @@
[submodule "puppet/modules/haproxy"]
path = puppet/modules/haproxy
url = git://code.leap.se/puppet_haproxy
-[submodule "puppet/modules/postfix"]
- path = puppet/modules/postfix
- url = git://labs.riseup.net/shared-postfix
[submodule "puppet/modules/squid_deb_proxy"]
path = puppet/modules/squid_deb_proxy
url = git://code.leap.se/puppet_squid_deb_proxy
+[submodule "puppet/modules/postfix"]
+ path = puppet/modules/postfix
+ url = git://code.leap.se/puppet_postfix
diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb
-Subproject 869ea732363afa238055c59baad5d5ca83c3802
+Subproject ca467f2c8ec25132133e058f446217828b93267
diff --git a/puppet/modules/postfix b/puppet/modules/postfix
-Subproject 8e43dc85da5a5e45e88aef5f7c32c9cc1c35201
+Subproject 25b1de206454c663539b748fb9f08276ad95b3e
diff --git a/puppet/modules/site_apt/templates/wheezy/postfix.seeds b/puppet/modules/site_apt/templates/wheezy/postfix.seeds
new file mode 100644
index 00000000..1a878ccc
--- /dev/null
+++ b/puppet/modules/site_apt/templates/wheezy/postfix.seeds
@@ -0,0 +1 @@
+postfix postfix/main_mailer_type select No configuration
diff --git a/puppet/modules/site_nickserver/templates/nickserver.yml.erb b/puppet/modules/site_nickserver/templates/nickserver.yml.erb
index 7aab5605..e717cbaa 100644
--- a/puppet/modules/site_nickserver/templates/nickserver.yml.erb
+++ b/puppet/modules/site_nickserver/templates/nickserver.yml.erb
@@ -6,7 +6,7 @@ domain: "<%= @address_domain %>"
couch_host: "<%= @couchdb_host %>"
couch_port: <%= @couchdb_port %>
-couch_database: "users"
+couch_database: "identities"
couch_user: "<%= @couchdb_user %>"
couch_password: "<%= @couchdb_password %>"
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 7e2082d9..ed5b3832 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -11,8 +11,6 @@ class site_postfix::mx {
postfix::config {
'mydestination':
value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}";
- 'smtpd_recipient_restrictions':
- value => 'check_recipient_access tcp:localhost:2244,permit_tls_all_clientcerts,reject_unauth_destination';
'mailbox_size_limit': value => '0';
'home_mailbox': value => 'Maildir/';
'virtual_alias_maps': value => 'tcp:localhost:4242';
@@ -34,6 +32,7 @@ class site_postfix::mx {
}
class { 'postfix':
+ preseed => true,
root_mail_recipient => $root_mail_recipient,
smtp_listen => 'all',
require => [ X509::Key[$cert_name], X509::Cert[$cert_name],
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
index b2f2d7c2..0973e625 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
@@ -1,9 +1,18 @@
class site_postfix::mx::smtpd_checks {
postfix::config {
- 'smtpd_delay_reject': value => 'yes';
+ 'smtpd_client_restrictions':
+ value => 'permit_mynetworks,permit';
'smtpd_data_restrictions':
- value => 'permit_mynetworks, reject_unauth_pipelining, permit';
+ value => 'permit_tls_all_clientcerts, permit_mynetworks, reject_unauth_pipelining, permit';
+ 'smtpd_delay_reject':
+ value => 'yes';
+ 'smtpd_helo_restrictions':
+ value => 'permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit';
+ 'smtpd_recipient_restrictions':
+ value => 'reject_unknown_recipient_domain, permit_tls_all_clientcerts, permit_mynetworks, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit';
+ 'smtpd_sender_restrictions':
+ value => 'check_sender_access tcp:localhost:2244, permit_tls_all_clientcerts, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit';
}
}