summaryrefslogtreecommitdiff
path: root/puppet/modules/site_postfix/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_postfix/manifests')
-rw-r--r--puppet/modules/site_postfix/manifests/checks.pp23
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp1
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp4
3 files changed, 27 insertions, 1 deletions
diff --git a/puppet/modules/site_postfix/manifests/checks.pp b/puppet/modules/site_postfix/manifests/checks.pp
new file mode 100644
index 00000000..06f9a7a4
--- /dev/null
+++ b/puppet/modules/site_postfix/manifests/checks.pp
@@ -0,0 +1,23 @@
+class site_postfix::checks {
+
+ file {
+ '/etc/postfix/checks':
+ ensure => directory,
+ mode => '0755',
+ owner => root,
+ group => postfix,
+ require => Class['postfix'];
+
+ '/etc/postfix/checks/helo_checks':
+ content => template('site_postfix/checks/helo_access.erb'),
+ mode => '0644',
+ owner => root,
+ group => root;
+ }
+
+ exec {
+ '/usr/sbin/postmap /etc/postfix/checks/helo_checks':
+ refreshonly => true,
+ subscribe => File['/etc/postfix/checks/helo_checks'];
+ }
+}
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 2e68297d..e5dc1c7b 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -18,6 +18,7 @@ class site_postfix::mx {
}
include site_postfix::mx::smtpd_checks
+ include site_postfix::checks
include site_postfix::mx::tls
# greater verbosity for debugging, take out for production
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
index 34cffb0d..b1536d64 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
@@ -3,6 +3,8 @@ class site_postfix::mx::smtpd_checks {
postfix::config {
'smtpd_helo_required':
value => 'yes';
+ 'checks_dir':
+ value => '$config_directory/checks';
'smtpd_client_restrictions':
value => 'permit_mynetworks,permit';
'smtpd_data_restrictions':
@@ -10,7 +12,7 @@ class site_postfix::mx::smtpd_checks {
'smtpd_delay_reject':
value => 'yes';
'smtpd_helo_restrictions':
- value => 'permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit';
+ value => 'permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access hash:$checks_dir/helo_checks, permit';
'smtpd_recipient_restrictions':
value => 'reject_unknown_recipient_domain, permit_mynetworks, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit';
# We should change from permit_tls_all_clientcerts to permit_tls_clientcerts