summaryrefslogtreecommitdiff
path: root/puppet/modules/site_postfix
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_postfix')
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp5
-rw-r--r--puppet/modules/site_postfix/manifests/mx/static_aliases.pp68
-rw-r--r--puppet/modules/site_postfix/templates/virtual-aliases.erb3
3 files changed, 59 insertions, 17 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 42313d1a..f0a2554a 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -49,6 +49,10 @@ class site_postfix::mx {
# alias map
'local_recipient_maps':
value => '$alias_maps';
+ 'smtpd_milters':
+ value => 'unix:/run/clamav/milter.ctl';
+ 'milter_default_action':
+ value => 'accept';
}
include site_postfix::mx::smtpd_checks
@@ -57,6 +61,7 @@ class site_postfix::mx {
include site_postfix::mx::smtpd_tls
include site_postfix::mx::static_aliases
include site_postfix::mx::rewrite_openpgp_header
+ include clamav
# greater verbosity for debugging, take out for production
#include site_postfix::debug
diff --git a/puppet/modules/site_postfix/manifests/mx/static_aliases.pp b/puppet/modules/site_postfix/manifests/mx/static_aliases.pp
index e9118470..71c0555a 100644
--- a/puppet/modules/site_postfix/manifests/mx/static_aliases.pp
+++ b/puppet/modules/site_postfix/manifests/mx/static_aliases.pp
@@ -1,37 +1,75 @@
#
# Defines static, hard coded aliases that are not in the database.
+# These aliases take precedence over the database aliases.
+#
+# There are three classes of reserved names:
+#
+# (1) forbidden_usernames:
+# Some usernames are forbidden and cannot be registered.
+# this is defined in node property webapp.forbidden_usernames
+# This is enforced by the webapp.
+#
+# (2) public aliases:
+# Some aliases for root, and are publicly exposed so that anyone
+# can deliver mail to them. For example, postmaster.
+# These are implemented in the virtual alias map, which takes
+# precedence over the local alias map.
+#
+# (3) local aliases:
+# Some aliases are only available locally: mail can be delivered
+# to the alias if the mail originates from the local host, or is
+# hostname qualified, but otherwise it will be rejected.
+# These are implemented in the local alias map.
+#
+# The alias for local 'root' is defined elsewhere. In this file, we
+# define the virtual 'root@domain' (which can be overwritten by
+# defining an entry for root in node property mx.aliases).
#
class site_postfix::mx::static_aliases {
$mx = hiera('mx')
- $aliases = $mx['aliases']
+ $root_recipients = hiera('contacts')
#
- # Predefined aliases.
- #
- # Defines which mail addresses shouldn't be available and where they should
- # fwd
- #
- # TODO: reconcile this with the node property webapp.forbidden_usernames
+ # LOCAL ALIASES
#
+
# NOTE: if you remove one of these, they will still appear in the
# /etc/aliases file
- #
+ $local_aliases = [
+ 'admin', 'administrator', 'bin', 'cron', 'games', 'ftp', 'lp', 'maildrop',
+ 'mysql', 'news', 'nobody', 'noc', 'postgresql', 'ssladmin', 'sys',
+ 'usenet', 'uucp', 'www', 'www-data'
+ ]
+
postfix::mailalias {
- [ 'abuse', 'admin', 'arin-admin', 'administrator', 'bin', 'cron',
- 'certmaster', 'domainadmin', 'games', 'ftp', 'hostmaster', 'lp',
- 'maildrop', 'mysql', 'news', 'nobody', 'noc', 'postmaster', 'postgresql',
- 'security', 'ssladmin', 'sys', 'usenet', 'uucp', 'webmaster', 'www',
- 'www-data',
- ]:
+ $local_aliases:
ensure => present,
recipient => 'root'
}
#
- # Custom static virtual aliases.
+ # PUBLIC ALIASES
#
+
+ $public_aliases = $mx['aliases']
+
+ $default_public_aliases = {
+ 'root' => $root_recipients,
+ 'abuse' => 'postmaster',
+ 'arin-admin' => 'root',
+ 'certmaster' => 'hostmaster',
+ 'domainadmin' => 'hostmaster',
+ 'hostmaster' => 'root',
+ 'mailer-daemon' => 'postmaster',
+ 'postmaster' => 'root',
+ 'security' => 'root',
+ 'webmaster' => 'hostmaster',
+ }
+
+ $aliases = merge($default_public_aliases, $public_aliases)
+
exec { 'postmap_virtual_aliases':
command => '/usr/sbin/postmap /etc/postfix/virtual-aliases',
refreshonly => true,
diff --git a/puppet/modules/site_postfix/templates/virtual-aliases.erb b/puppet/modules/site_postfix/templates/virtual-aliases.erb
index c474e734..8373de97 100644
--- a/puppet/modules/site_postfix/templates/virtual-aliases.erb
+++ b/puppet/modules/site_postfix/templates/virtual-aliases.erb
@@ -1,8 +1,7 @@
#
# This file is managed by puppet.
#
-# This is a map of custom, non-standard aliases. The contents of this file
-# are derived from the node property `mx.aliases`.
+# These virtual aliases take precedence over all other aliases.
#
#