summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/opendkim/manifests/init.pp50
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp7
2 files changed, 45 insertions, 12 deletions
diff --git a/puppet/modules/opendkim/manifests/init.pp b/puppet/modules/opendkim/manifests/init.pp
index e2e766e7..4d4c5312 100644
--- a/puppet/modules/opendkim/manifests/init.pp
+++ b/puppet/modules/opendkim/manifests/init.pp
@@ -7,17 +7,20 @@ class opendkim {
$domain_hash = hiera('domain')
$domain = $domain_hash['full_suffix']
- $dkim = hiera('dkim')
+ $mx = hiera('mx')
+ $dkim = $mx['dkim']
$selector = $dkim['selector']
+ $dkim_cert = $dkim['public_key']
$dkim_key = $dkim['private_key']
- ensure_packages(['opendkim', 'libopendkim7', 'libvbr2'])
+ ensure_packages(['opendkim', 'libvbr2'])
# postfix user needs to be in the opendkim group
# in order to access the opendkim socket located at:
# local:/var/run/opendkim/opendkim.sock
user { 'postfix':
- groups => 'opendkim';
+ groups => 'opendkim',
+ require => Package['opendkim'];
}
service { 'opendkim':
@@ -28,12 +31,37 @@ class opendkim {
subscribe => File[$dkim_key];
}
- file { '/etc/opendkim.conf':
- ensure => present,
- content => template('opendkim/opendkim.conf'),
- mode => '0644',
- owner => root,
- group => root,
- notify => Service['opendkim'],
- require => Package['opendkim'];
+ file {
+ '/etc/opendkim.conf':
+ ensure => file,
+ content => template('opendkim/opendkim.conf'),
+ mode => '0644',
+ owner => root,
+ group => root,
+ notify => Service['opendkim'],
+ require => Package['opendkim'];
+
+ '/etc/default/opendkim.conf':
+ ensure => file,
+ content => 'SOCKET="inet:8891@localhost" # listen on loopback on port 8891',
+ mode => '0644',
+ owner => root,
+ group => root,
+ notify => Service['opendkim'],
+ require => Package['opendkim'];
+
+ $dkim_key:
+ ensure => file,
+ mode => '0600',
+ owner => 'opendkim',
+ group => 'opendkim',
+ require => Package['opendkim'];
+
+ $dkim_cert:
+ ensure => file,
+ mode => '0600',
+ owner => 'opendkim',
+ group => 'opendkim',
+ require => Package['opendkim'];
+ }
}
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 2ea54d0a..3230d4f0 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -67,8 +67,12 @@ class site_postfix::mx {
# alias map
'local_recipient_maps':
value => '$alias_maps';
+ # setup clamav and opendkim on smtpd
'smtpd_milters':
- value => 'unix:/run/clamav/milter.ctl,unix:/var/run/opendkim/opendkim.sock';
+ value => 'unix:/run/clamav/milter.ctl,inet:localhost:8891';
+ # setup opendkim for smtp (non-smtpd) outgoing mail
+ 'non_smtpd_milters':
+ value => 'inet:localhost:8891';
'milter_default_action':
value => 'accept';
# Make sure that the right values are set, these could be set to different
@@ -96,6 +100,7 @@ class site_postfix::mx {
include ::site_postfix::mx::rewrite_openpgp_header
include ::site_postfix::mx::received_anon
include ::clamav
+ include ::opendkim
include ::postfwd
# greater verbosity for debugging, take out for production