diff options
-rw-r--r-- | .gitmodules | 6 | ||||
m--------- | puppet/modules/couchdb | 0 | ||||
m--------- | puppet/modules/postfix | 0 | ||||
-rw-r--r-- | puppet/modules/site_apt/templates/wheezy/postfix.seeds | 1 | ||||
-rw-r--r-- | puppet/modules/site_nickserver/templates/nickserver.yml.erb | 2 | ||||
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 3 | ||||
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp | 13 |
7 files changed, 17 insertions, 8 deletions
diff --git a/.gitmodules b/.gitmodules index bfa826e2..13bb18d1 100644 --- a/.gitmodules +++ b/.gitmodules @@ -73,9 +73,9 @@ [submodule "puppet/modules/haproxy"] path = puppet/modules/haproxy url = git://code.leap.se/puppet_haproxy -[submodule "puppet/modules/postfix"] - path = puppet/modules/postfix - url = git://labs.riseup.net/shared-postfix [submodule "puppet/modules/squid_deb_proxy"] path = puppet/modules/squid_deb_proxy url = git://code.leap.se/puppet_squid_deb_proxy +[submodule "puppet/modules/postfix"] + path = puppet/modules/postfix + url = git://code.leap.se/puppet_postfix diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb -Subproject 869ea732363afa238055c59baad5d5ca83c3802 +Subproject ca467f2c8ec25132133e058f446217828b93267 diff --git a/puppet/modules/postfix b/puppet/modules/postfix -Subproject 8e43dc85da5a5e45e88aef5f7c32c9cc1c35201 +Subproject 25b1de206454c663539b748fb9f08276ad95b3e diff --git a/puppet/modules/site_apt/templates/wheezy/postfix.seeds b/puppet/modules/site_apt/templates/wheezy/postfix.seeds new file mode 100644 index 00000000..1a878ccc --- /dev/null +++ b/puppet/modules/site_apt/templates/wheezy/postfix.seeds @@ -0,0 +1 @@ +postfix postfix/main_mailer_type select No configuration diff --git a/puppet/modules/site_nickserver/templates/nickserver.yml.erb b/puppet/modules/site_nickserver/templates/nickserver.yml.erb index 7aab5605..e717cbaa 100644 --- a/puppet/modules/site_nickserver/templates/nickserver.yml.erb +++ b/puppet/modules/site_nickserver/templates/nickserver.yml.erb @@ -6,7 +6,7 @@ domain: "<%= @address_domain %>" couch_host: "<%= @couchdb_host %>" couch_port: <%= @couchdb_port %> -couch_database: "users" +couch_database: "identities" couch_user: "<%= @couchdb_user %>" couch_password: "<%= @couchdb_password %>" diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 7e2082d9..ed5b3832 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -11,8 +11,6 @@ class site_postfix::mx { postfix::config { 'mydestination': value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}"; - 'smtpd_recipient_restrictions': - value => 'check_recipient_access tcp:localhost:2244,permit_tls_all_clientcerts,reject_unauth_destination'; 'mailbox_size_limit': value => '0'; 'home_mailbox': value => 'Maildir/'; 'virtual_alias_maps': value => 'tcp:localhost:4242'; @@ -34,6 +32,7 @@ class site_postfix::mx { } class { 'postfix': + preseed => true, root_mail_recipient => $root_mail_recipient, smtp_listen => 'all', require => [ X509::Key[$cert_name], X509::Cert[$cert_name], diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp index b2f2d7c2..0973e625 100644 --- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp +++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp @@ -1,9 +1,18 @@ class site_postfix::mx::smtpd_checks { postfix::config { - 'smtpd_delay_reject': value => 'yes'; + 'smtpd_client_restrictions': + value => 'permit_mynetworks,permit'; 'smtpd_data_restrictions': - value => 'permit_mynetworks, reject_unauth_pipelining, permit'; + value => 'permit_tls_all_clientcerts, permit_mynetworks, reject_unauth_pipelining, permit'; + 'smtpd_delay_reject': + value => 'yes'; + 'smtpd_helo_restrictions': + value => 'permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit'; + 'smtpd_recipient_restrictions': + value => 'reject_unknown_recipient_domain, permit_tls_all_clientcerts, permit_mynetworks, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit'; + 'smtpd_sender_restrictions': + value => 'check_sender_access tcp:localhost:2244, permit_tls_all_clientcerts, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit'; } } |