diff options
-rw-r--r-- | puppet/modules/opendkim/manifests/init.pp | 50 | ||||
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 7 |
2 files changed, 45 insertions, 12 deletions
diff --git a/puppet/modules/opendkim/manifests/init.pp b/puppet/modules/opendkim/manifests/init.pp index e2e766e7..4d4c5312 100644 --- a/puppet/modules/opendkim/manifests/init.pp +++ b/puppet/modules/opendkim/manifests/init.pp @@ -7,17 +7,20 @@ class opendkim { $domain_hash = hiera('domain') $domain = $domain_hash['full_suffix'] - $dkim = hiera('dkim') + $mx = hiera('mx') + $dkim = $mx['dkim'] $selector = $dkim['selector'] + $dkim_cert = $dkim['public_key'] $dkim_key = $dkim['private_key'] - ensure_packages(['opendkim', 'libopendkim7', 'libvbr2']) + ensure_packages(['opendkim', 'libvbr2']) # postfix user needs to be in the opendkim group # in order to access the opendkim socket located at: # local:/var/run/opendkim/opendkim.sock user { 'postfix': - groups => 'opendkim'; + groups => 'opendkim', + require => Package['opendkim']; } service { 'opendkim': @@ -28,12 +31,37 @@ class opendkim { subscribe => File[$dkim_key]; } - file { '/etc/opendkim.conf': - ensure => present, - content => template('opendkim/opendkim.conf'), - mode => '0644', - owner => root, - group => root, - notify => Service['opendkim'], - require => Package['opendkim']; + file { + '/etc/opendkim.conf': + ensure => file, + content => template('opendkim/opendkim.conf'), + mode => '0644', + owner => root, + group => root, + notify => Service['opendkim'], + require => Package['opendkim']; + + '/etc/default/opendkim.conf': + ensure => file, + content => 'SOCKET="inet:8891@localhost" # listen on loopback on port 8891', + mode => '0644', + owner => root, + group => root, + notify => Service['opendkim'], + require => Package['opendkim']; + + $dkim_key: + ensure => file, + mode => '0600', + owner => 'opendkim', + group => 'opendkim', + require => Package['opendkim']; + + $dkim_cert: + ensure => file, + mode => '0600', + owner => 'opendkim', + group => 'opendkim', + require => Package['opendkim']; + } } diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 2ea54d0a..3230d4f0 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -67,8 +67,12 @@ class site_postfix::mx { # alias map 'local_recipient_maps': value => '$alias_maps'; + # setup clamav and opendkim on smtpd 'smtpd_milters': - value => 'unix:/run/clamav/milter.ctl,unix:/var/run/opendkim/opendkim.sock'; + value => 'unix:/run/clamav/milter.ctl,inet:localhost:8891'; + # setup opendkim for smtp (non-smtpd) outgoing mail + 'non_smtpd_milters': + value => 'inet:localhost:8891'; 'milter_default_action': value => 'accept'; # Make sure that the right values are set, these could be set to different @@ -96,6 +100,7 @@ class site_postfix::mx { include ::site_postfix::mx::rewrite_openpgp_header include ::site_postfix::mx::received_anon include ::clamav + include ::opendkim include ::postfwd # greater verbosity for debugging, take out for production |