From db5fd91d32b215eb9827e36e2a51c98af993ab99 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 7 Mar 2013 18:16:13 +0100 Subject: added basic site_postfix::mx config --- puppet/modules/site_postfix/manifests/mx.pp | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 puppet/modules/site_postfix/manifests/mx.pp (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp new file mode 100644 index 00000000..9104c2cb --- /dev/null +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -0,0 +1,16 @@ +class site_postfix::mx { + + $domain_hash = hiera ('domain') + $domain = $domain_hash['full_suffix'] + + # see https://leap.se/code/issues/1936 for contact email addr + #$root_mail_recipient = '' + $postfix_smtp_listen = 'all' + + postfix::config { + # just en example + 'delay_warning_time': value => '4h'; + } + + include ::postfix +} -- cgit v1.2.3 From 886551dfd2e6eb7dc51d15ebbd6393198dfde78f Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 22 Apr 2013 17:28:40 +0200 Subject: hiera variable mx.contact -> postfix $root_mail_recipient --- puppet/modules/site_postfix/manifests/mx.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 9104c2cb..15449001 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -1,10 +1,10 @@ class site_postfix::mx { - $domain_hash = hiera ('domain') - $domain = $domain_hash['full_suffix'] + $domain_hash = hiera ('domain') + $domain = $domain_hash['full_suffix'] + $mx_hash = hiera('mx') - # see https://leap.se/code/issues/1936 for contact email addr - #$root_mail_recipient = '' + $root_mail_recipient = $mx_hash['contact'] $postfix_smtp_listen = 'all' postfix::config { -- cgit v1.2.3 From d14758f02a6a7d2b8675ea538692bba44b72689d Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 22 Apr 2013 22:15:51 +0200 Subject: Configure Postfix for incoming mails (Feature #2269) --- puppet/modules/site_postfix/manifests/mx.pp | 42 +++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 15449001..4bab7722 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -8,8 +8,46 @@ class site_postfix::mx { $postfix_smtp_listen = 'all' postfix::config { - # just en example - 'delay_warning_time': value => '4h'; + 'mydestination': + value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}"; + 'smtpd_recipient_restrictions': + value => 'check_recipient_access hash:/etc/postfix/recipient,reject_unauth_destination'; + 'mailbox_size_limit': + value => '0'; + 'home_mailbox': + value => 'Maildir/'; + 'virtual_alias_maps': + value => 'hash:/etc/postfix/virtual'; + } + + postfix::hash { '/etc/postfix/virtual': } + postfix::hash { '/etc/postfix/recipient': } + + # for now, accept all mail + line {'deliver to vmail': + file => '/etc/postfix/recipient', + line => "@${domain} vmail", + notify => Exec['generate /etc/postfix/recipient.db'], + require => Package['postfix'], + } + + postfix::virtual { "@${domain}": destination => 'vmail'; } + #postfix::mailalias { 'vmail': recipient => 'vmail' } + + user { 'vmail': + ensure => present, + comment => 'Leap Mailspool', + home => '/var/mail/vmail', + shell => '/bin/false', + managehome => true, + } + + user { 'vmail': + ensure => present, + comment => 'Leap Mailspool', + home => '/var/mail/vmail', + shell => '/bin/false', + managehome => true, } include ::postfix -- cgit v1.2.3 From bb559881644c8207a7d2791655f535cf9bcd61be Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Apr 2013 15:59:44 -0400 Subject: update postfix module to new shared version for parameterized classes, and other 2.7 updates update site_postfix::mx to use parameterized classes --- puppet/modules/site_postfix/manifests/mx.pp | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 4bab7722..2bf844bf 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -42,13 +42,8 @@ class site_postfix::mx { managehome => true, } - user { 'vmail': - ensure => present, - comment => 'Leap Mailspool', - home => '/var/mail/vmail', - shell => '/bin/false', - managehome => true, + class { 'postfix': + root_mail_recipient => $root_mail_recipient, + smtp_listen => 'all' } - - include ::postfix } -- cgit v1.2.3 From adc12547c53639fe9cf97157d05e2b401dc7c9c3 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 26 Apr 2013 10:09:21 +0200 Subject: using alias resolver --- puppet/modules/site_postfix/manifests/mx.pp | 27 +++++++-------------------- 1 file changed, 7 insertions(+), 20 deletions(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 2bf844bf..82536b80 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -11,28 +11,15 @@ class site_postfix::mx { 'mydestination': value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}"; 'smtpd_recipient_restrictions': - value => 'check_recipient_access hash:/etc/postfix/recipient,reject_unauth_destination'; - 'mailbox_size_limit': - value => '0'; - 'home_mailbox': - value => 'Maildir/'; - 'virtual_alias_maps': - value => 'hash:/etc/postfix/virtual'; + value => 'check_recipient_access tcp:localhost:2244,reject_unauth_destination'; + 'mailbox_size_limit': value => '0'; + 'home_mailbox': value => 'Maildir/'; + 'virtual_alias_maps': value => 'tcp:localhost:4242'; + 'luser_relay': value => 'vmail'; + 'local_recipient_maps': value => ''; } - postfix::hash { '/etc/postfix/virtual': } - postfix::hash { '/etc/postfix/recipient': } - - # for now, accept all mail - line {'deliver to vmail': - file => '/etc/postfix/recipient', - line => "@${domain} vmail", - notify => Exec['generate /etc/postfix/recipient.db'], - require => Package['postfix'], - } - - postfix::virtual { "@${domain}": destination => 'vmail'; } - #postfix::mailalias { 'vmail': recipient => 'vmail' } + #include site_postfix::mx::smtp_checks user { 'vmail': ensure => present, -- cgit v1.2.3 From e6c4f16351be546985432bf865d123a82024b9ae Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 26 Apr 2013 12:24:05 +0200 Subject: smtpd_checks: smtpd_data_restrictions --- puppet/modules/site_postfix/manifests/mx.pp | 3 ++- puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp | 8 ++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 82536b80..72c38ab1 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -17,9 +17,10 @@ class site_postfix::mx { 'virtual_alias_maps': value => 'tcp:localhost:4242'; 'luser_relay': value => 'vmail'; 'local_recipient_maps': value => ''; + #'debug_peer_list': value => '127.0.0.1'; } - #include site_postfix::mx::smtp_checks + include site_postfix::mx::smtpd_checks user { 'vmail': ensure => present, diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp new file mode 100644 index 00000000..e46bc149 --- /dev/null +++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp @@ -0,0 +1,8 @@ +class site_postfix::mx::smtpd_checks { + + postfix::config { + 'smtpd_data_restrictions': + value => 'permit_mynetworks, reject_unauth_pipelining, permit' + } + +} -- cgit v1.2.3 From a1dc911c792e963cd814154a24a60dfaf147ecdc Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Apr 2013 14:06:38 +0200 Subject: smtpd_checks: smtpd_delay_reject --- puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp index e46bc149..b2f2d7c2 100644 --- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp +++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp @@ -1,8 +1,9 @@ class site_postfix::mx::smtpd_checks { postfix::config { + 'smtpd_delay_reject': value => 'yes'; 'smtpd_data_restrictions': - value => 'permit_mynetworks, reject_unauth_pipelining, permit' + value => 'permit_mynetworks, reject_unauth_pipelining, permit'; } } -- cgit v1.2.3 From de4bdcddc33bd9aa2fc883ccef63f7c13543bb23 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 22 May 2013 19:39:37 +0200 Subject: smtpd_recipient_restrictions: +permit_tls_all_clientcerts --- puppet/modules/site_postfix/manifests/mx.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 72c38ab1..a625cdcd 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -11,7 +11,7 @@ class site_postfix::mx { 'mydestination': value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}"; 'smtpd_recipient_restrictions': - value => 'check_recipient_access tcp:localhost:2244,reject_unauth_destination'; + value => 'check_recipient_access tcp:localhost:2244,reject_unauth_destination,permit_tls_all_clientcerts'; 'mailbox_size_limit': value => '0'; 'home_mailbox': value => 'Maildir/'; 'virtual_alias_maps': value => 'tcp:localhost:4242'; -- cgit v1.2.3 From bcb165f6ed09dd51cc7b534a1fa5aafde21e3703 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 22 May 2013 19:40:13 +0200 Subject: beginning of smtp_auth config with client certs --- puppet/modules/site_postfix/manifests/mx/smtp_auth.pp | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 puppet/modules/site_postfix/manifests/mx/smtp_auth.pp (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp b/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp new file mode 100644 index 00000000..ab75130e --- /dev/null +++ b/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp @@ -0,0 +1,10 @@ +class site_postfix::mx::smtp_auth { + $x509 = hiera('x509') + + postfix::config { + 'smtpd_tls_cert_file': value => $x509['client_ca_cert']; + 'smtpd_tls_key_file': value => $x509['client_ca_key']; + 'smtpd_tls_ask_ccert': value => 'yes'; + #'smtpd_tls_CAfile': value => + } +} -- cgit v1.2.3 From c11047649e1ef630b48b007fb757fcc68b747e62 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 10 Jul 2013 14:10:22 +0200 Subject: added tls support, including smtp auth via client cert --- puppet/modules/site_postfix/manifests/mx.pp | 16 ++++++----- .../modules/site_postfix/manifests/mx/smtp_auth.pp | 10 ------- puppet/modules/site_postfix/manifests/mx/tls.pp | 31 ++++++++++++++++++++++ 3 files changed, 41 insertions(+), 16 deletions(-) delete mode 100644 puppet/modules/site_postfix/manifests/mx/smtp_auth.pp create mode 100644 puppet/modules/site_postfix/manifests/mx/tls.pp (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index a625cdcd..e9656072 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -3,6 +3,7 @@ class site_postfix::mx { $domain_hash = hiera ('domain') $domain = $domain_hash['full_suffix'] $mx_hash = hiera('mx') + $cert_name = hiera('name') $root_mail_recipient = $mx_hash['contact'] $postfix_smtp_listen = 'all' @@ -12,15 +13,16 @@ class site_postfix::mx { value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}"; 'smtpd_recipient_restrictions': value => 'check_recipient_access tcp:localhost:2244,reject_unauth_destination,permit_tls_all_clientcerts'; - 'mailbox_size_limit': value => '0'; - 'home_mailbox': value => 'Maildir/'; - 'virtual_alias_maps': value => 'tcp:localhost:4242'; - 'luser_relay': value => 'vmail'; - 'local_recipient_maps': value => ''; + 'mailbox_size_limit': value => '0'; + 'home_mailbox': value => 'Maildir/'; + 'virtual_alias_maps': value => 'tcp:localhost:4242'; + 'luser_relay': value => 'vmail'; + 'local_recipient_maps': value => ''; #'debug_peer_list': value => '127.0.0.1'; } include site_postfix::mx::smtpd_checks + include site_postfix::mx::tls user { 'vmail': ensure => present, @@ -32,6 +34,8 @@ class site_postfix::mx { class { 'postfix': root_mail_recipient => $root_mail_recipient, - smtp_listen => 'all' + smtp_listen => 'all', + require => [ X509::Key[$cert_name], X509::Cert[$cert_name], + User['vmail'] ] } } diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp b/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp deleted file mode 100644 index ab75130e..00000000 --- a/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp +++ /dev/null @@ -1,10 +0,0 @@ -class site_postfix::mx::smtp_auth { - $x509 = hiera('x509') - - postfix::config { - 'smtpd_tls_cert_file': value => $x509['client_ca_cert']; - 'smtpd_tls_key_file': value => $x509['client_ca_key']; - 'smtpd_tls_ask_ccert': value => 'yes'; - #'smtpd_tls_CAfile': value => - } -} diff --git a/puppet/modules/site_postfix/manifests/mx/tls.pp b/puppet/modules/site_postfix/manifests/mx/tls.pp new file mode 100644 index 00000000..7da38100 --- /dev/null +++ b/puppet/modules/site_postfix/manifests/mx/tls.pp @@ -0,0 +1,31 @@ +class site_postfix::mx::tls { + + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] + $client_ca = $x509['client_ca_cert'] + + include x509::variables + $cert_name = hiera('name') + $cert_path = "${x509::variables::certs}/${cert_name}.crt" + $key_path = "${x509::variables::keys}/${cert_name}.key" + + x509::key { $cert_name: + content => $key, + } + + x509::cert { $cert_name: + content => $cert, + } + + postfix::config { + 'smtpd_use_tls': value => 'yes'; + 'smtpd_tls_CAfile': value => $client_ca; + 'smtpd_tls_cert_file': value => $cert_path; + 'smtpd_tls_key_file': value => $key_path; + 'smtpd_tls_req_ccert': value => 'yes'; + 'smtpd_tls_security_level': + value => 'encrypt'; + } + +} -- cgit v1.2.3 From f64791335e40b2b6e05305a6d8dda989fb755b9d Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 15 Jul 2013 11:34:22 +0200 Subject: fix smtpd_recipient_restrictions, debug connections from localhost --- puppet/modules/site_postfix/manifests/mx.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index e9656072..5ec8ab49 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -12,13 +12,13 @@ class site_postfix::mx { 'mydestination': value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}"; 'smtpd_recipient_restrictions': - value => 'check_recipient_access tcp:localhost:2244,reject_unauth_destination,permit_tls_all_clientcerts'; + value => 'check_recipient_access tcp:localhost:2244,permit_tls_all_clientcerts,reject_unauth_destination'; 'mailbox_size_limit': value => '0'; 'home_mailbox': value => 'Maildir/'; 'virtual_alias_maps': value => 'tcp:localhost:4242'; 'luser_relay': value => 'vmail'; 'local_recipient_maps': value => ''; - #'debug_peer_list': value => '127.0.0.1'; + 'debug_peer_list': value => '127.0.0.1'; } include site_postfix::mx::smtpd_checks -- cgit v1.2.3 From 4db33aa76139e26678d1b989873532bc50937917 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 7 Mar 2013 18:16:13 +0100 Subject: added basic site_postfix::mx config --- puppet/modules/site_postfix/manifests/mx.pp | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 puppet/modules/site_postfix/manifests/mx.pp (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp new file mode 100644 index 00000000..9104c2cb --- /dev/null +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -0,0 +1,16 @@ +class site_postfix::mx { + + $domain_hash = hiera ('domain') + $domain = $domain_hash['full_suffix'] + + # see https://leap.se/code/issues/1936 for contact email addr + #$root_mail_recipient = '' + $postfix_smtp_listen = 'all' + + postfix::config { + # just en example + 'delay_warning_time': value => '4h'; + } + + include ::postfix +} -- cgit v1.2.3 From 8d93b0f2fa3198cf4071cf93d8213fbfc3e0a9be Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 22 Apr 2013 17:28:40 +0200 Subject: hiera variable mx.contact -> postfix $root_mail_recipient --- puppet/modules/site_postfix/manifests/mx.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 9104c2cb..15449001 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -1,10 +1,10 @@ class site_postfix::mx { - $domain_hash = hiera ('domain') - $domain = $domain_hash['full_suffix'] + $domain_hash = hiera ('domain') + $domain = $domain_hash['full_suffix'] + $mx_hash = hiera('mx') - # see https://leap.se/code/issues/1936 for contact email addr - #$root_mail_recipient = '' + $root_mail_recipient = $mx_hash['contact'] $postfix_smtp_listen = 'all' postfix::config { -- cgit v1.2.3 From f45c144272915ef839edd0cb47a1085d01d4c36a Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 22 Apr 2013 22:15:51 +0200 Subject: Configure Postfix for incoming mails (Feature #2269) --- puppet/modules/site_postfix/manifests/mx.pp | 42 +++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 15449001..4bab7722 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -8,8 +8,46 @@ class site_postfix::mx { $postfix_smtp_listen = 'all' postfix::config { - # just en example - 'delay_warning_time': value => '4h'; + 'mydestination': + value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}"; + 'smtpd_recipient_restrictions': + value => 'check_recipient_access hash:/etc/postfix/recipient,reject_unauth_destination'; + 'mailbox_size_limit': + value => '0'; + 'home_mailbox': + value => 'Maildir/'; + 'virtual_alias_maps': + value => 'hash:/etc/postfix/virtual'; + } + + postfix::hash { '/etc/postfix/virtual': } + postfix::hash { '/etc/postfix/recipient': } + + # for now, accept all mail + line {'deliver to vmail': + file => '/etc/postfix/recipient', + line => "@${domain} vmail", + notify => Exec['generate /etc/postfix/recipient.db'], + require => Package['postfix'], + } + + postfix::virtual { "@${domain}": destination => 'vmail'; } + #postfix::mailalias { 'vmail': recipient => 'vmail' } + + user { 'vmail': + ensure => present, + comment => 'Leap Mailspool', + home => '/var/mail/vmail', + shell => '/bin/false', + managehome => true, + } + + user { 'vmail': + ensure => present, + comment => 'Leap Mailspool', + home => '/var/mail/vmail', + shell => '/bin/false', + managehome => true, } include ::postfix -- cgit v1.2.3 From 9c08bdad1cbb5c9c71ef42b99d7ec491ed084269 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Apr 2013 15:59:44 -0400 Subject: update postfix module to new shared version for parameterized classes, and other 2.7 updates update site_postfix::mx to use parameterized classes --- puppet/modules/site_postfix/manifests/mx.pp | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 4bab7722..2bf844bf 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -42,13 +42,8 @@ class site_postfix::mx { managehome => true, } - user { 'vmail': - ensure => present, - comment => 'Leap Mailspool', - home => '/var/mail/vmail', - shell => '/bin/false', - managehome => true, + class { 'postfix': + root_mail_recipient => $root_mail_recipient, + smtp_listen => 'all' } - - include ::postfix } -- cgit v1.2.3 From a7bcd40d22769ec61b3fdb8d04dd447f6167ed7e Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 26 Apr 2013 10:09:21 +0200 Subject: using alias resolver --- puppet/modules/site_postfix/manifests/mx.pp | 27 +++++++-------------------- 1 file changed, 7 insertions(+), 20 deletions(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 2bf844bf..82536b80 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -11,28 +11,15 @@ class site_postfix::mx { 'mydestination': value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}"; 'smtpd_recipient_restrictions': - value => 'check_recipient_access hash:/etc/postfix/recipient,reject_unauth_destination'; - 'mailbox_size_limit': - value => '0'; - 'home_mailbox': - value => 'Maildir/'; - 'virtual_alias_maps': - value => 'hash:/etc/postfix/virtual'; + value => 'check_recipient_access tcp:localhost:2244,reject_unauth_destination'; + 'mailbox_size_limit': value => '0'; + 'home_mailbox': value => 'Maildir/'; + 'virtual_alias_maps': value => 'tcp:localhost:4242'; + 'luser_relay': value => 'vmail'; + 'local_recipient_maps': value => ''; } - postfix::hash { '/etc/postfix/virtual': } - postfix::hash { '/etc/postfix/recipient': } - - # for now, accept all mail - line {'deliver to vmail': - file => '/etc/postfix/recipient', - line => "@${domain} vmail", - notify => Exec['generate /etc/postfix/recipient.db'], - require => Package['postfix'], - } - - postfix::virtual { "@${domain}": destination => 'vmail'; } - #postfix::mailalias { 'vmail': recipient => 'vmail' } + #include site_postfix::mx::smtp_checks user { 'vmail': ensure => present, -- cgit v1.2.3 From b50b03d8a2bc1970df696938b382ada79397ba07 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 26 Apr 2013 12:24:05 +0200 Subject: smtpd_checks: smtpd_data_restrictions --- puppet/modules/site_postfix/manifests/mx.pp | 3 ++- puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp | 8 ++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 82536b80..72c38ab1 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -17,9 +17,10 @@ class site_postfix::mx { 'virtual_alias_maps': value => 'tcp:localhost:4242'; 'luser_relay': value => 'vmail'; 'local_recipient_maps': value => ''; + #'debug_peer_list': value => '127.0.0.1'; } - #include site_postfix::mx::smtp_checks + include site_postfix::mx::smtpd_checks user { 'vmail': ensure => present, diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp new file mode 100644 index 00000000..e46bc149 --- /dev/null +++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp @@ -0,0 +1,8 @@ +class site_postfix::mx::smtpd_checks { + + postfix::config { + 'smtpd_data_restrictions': + value => 'permit_mynetworks, reject_unauth_pipelining, permit' + } + +} -- cgit v1.2.3 From 874cbdc087fde630ef7c44b51974aa702a151c7c Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Apr 2013 14:06:38 +0200 Subject: smtpd_checks: smtpd_delay_reject --- puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp index e46bc149..b2f2d7c2 100644 --- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp +++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp @@ -1,8 +1,9 @@ class site_postfix::mx::smtpd_checks { postfix::config { + 'smtpd_delay_reject': value => 'yes'; 'smtpd_data_restrictions': - value => 'permit_mynetworks, reject_unauth_pipelining, permit' + value => 'permit_mynetworks, reject_unauth_pipelining, permit'; } } -- cgit v1.2.3 From e5e64291b584340032655ff7c9398067691b06f6 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 22 Apr 2013 22:15:51 +0200 Subject: Configure Postfix for incoming mails (Feature #2269) --- puppet/modules/site_postfix/manifests/mx.pp | 31 ++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 72c38ab1..0d2a545a 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -18,9 +18,36 @@ class site_postfix::mx { 'luser_relay': value => 'vmail'; 'local_recipient_maps': value => ''; #'debug_peer_list': value => '127.0.0.1'; + value => 'check_recipient_access hash:/etc/postfix/recipient,reject_unauth_destination'; + 'mailbox_size_limit': + value => '0'; + 'home_mailbox': + value => 'Maildir/'; + 'virtual_alias_maps': + value => 'hash:/etc/postfix/virtual'; } - include site_postfix::mx::smtpd_checks + postfix::hash { '/etc/postfix/virtual': } + postfix::hash { '/etc/postfix/recipient': } + + # for now, accept all mail + line {'deliver to vmail': + file => '/etc/postfix/recipient', + line => "@${domain} vmail", + notify => Exec['generate /etc/postfix/recipient.db'], + require => Package['postfix'], + } + + postfix::virtual { "@${domain}": destination => 'vmail'; } + #postfix::mailalias { 'vmail': recipient => 'vmail' } + + user { 'vmail': + ensure => present, + comment => 'Leap Mailspool', + home => '/var/mail/vmail', + shell => '/bin/false', + managehome => true, + } user { 'vmail': ensure => present, @@ -30,6 +57,8 @@ class site_postfix::mx { managehome => true, } + include site_postfix::mx::smtpd_checks + class { 'postfix': root_mail_recipient => $root_mail_recipient, smtp_listen => 'all' -- cgit v1.2.3 From c601ad1021dabc0301097f7c32123c44fc06ca75 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Apr 2013 15:59:44 -0400 Subject: update postfix module to new shared version for parameterized classes, and other 2.7 updates update site_postfix::mx to use parameterized classes --- puppet/modules/site_postfix/manifests/mx.pp | 8 -------- 1 file changed, 8 deletions(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 0d2a545a..932cdd75 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -49,14 +49,6 @@ class site_postfix::mx { managehome => true, } - user { 'vmail': - ensure => present, - comment => 'Leap Mailspool', - home => '/var/mail/vmail', - shell => '/bin/false', - managehome => true, - } - include site_postfix::mx::smtpd_checks class { 'postfix': -- cgit v1.2.3 From 6b4d0522e1578ea1a0683c6a8d6c4117dca67d2f Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 26 Apr 2013 10:09:21 +0200 Subject: using alias resolver --- puppet/modules/site_postfix/manifests/mx.pp | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 932cdd75..ee9bce3e 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -27,19 +27,7 @@ class site_postfix::mx { value => 'hash:/etc/postfix/virtual'; } - postfix::hash { '/etc/postfix/virtual': } - postfix::hash { '/etc/postfix/recipient': } - - # for now, accept all mail - line {'deliver to vmail': - file => '/etc/postfix/recipient', - line => "@${domain} vmail", - notify => Exec['generate /etc/postfix/recipient.db'], - require => Package['postfix'], - } - - postfix::virtual { "@${domain}": destination => 'vmail'; } - #postfix::mailalias { 'vmail': recipient => 'vmail' } + #include site_postfix::mx::smtp_checks user { 'vmail': ensure => present, -- cgit v1.2.3 From 2a853087a0bec5f9ec166fff538bda9076bb8369 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 26 Apr 2013 12:24:05 +0200 Subject: smtpd_checks: smtpd_data_restrictions --- puppet/modules/site_postfix/manifests/mx.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index ee9bce3e..24698878 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -27,7 +27,7 @@ class site_postfix::mx { value => 'hash:/etc/postfix/virtual'; } - #include site_postfix::mx::smtp_checks + include site_postfix::mx::smtpd_checks user { 'vmail': ensure => present, -- cgit v1.2.3 From 901a06d29c0c658b479f4c5a0828b263d7d6de0f Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 22 May 2013 19:39:37 +0200 Subject: smtpd_recipient_restrictions: +permit_tls_all_clientcerts --- puppet/modules/site_postfix/manifests/mx.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 24698878..fa2765a4 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -11,7 +11,7 @@ class site_postfix::mx { 'mydestination': value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}"; 'smtpd_recipient_restrictions': - value => 'check_recipient_access tcp:localhost:2244,reject_unauth_destination'; + value => 'check_recipient_access tcp:localhost:2244,reject_unauth_destination,permit_tls_all_clientcerts'; 'mailbox_size_limit': value => '0'; 'home_mailbox': value => 'Maildir/'; 'virtual_alias_maps': value => 'tcp:localhost:4242'; -- cgit v1.2.3 From aa5be3d639c5445d3a069c72eb5c20e209440721 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 22 May 2013 19:40:13 +0200 Subject: beginning of smtp_auth config with client certs --- puppet/modules/site_postfix/manifests/mx/smtp_auth.pp | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 puppet/modules/site_postfix/manifests/mx/smtp_auth.pp (limited to 'puppet/modules/site_postfix/manifests') diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp b/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp new file mode 100644 index 00000000..ab75130e --- /dev/null +++ b/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp @@ -0,0 +1,10 @@ +class site_postfix::mx::smtp_auth { + $x509 = hiera('x509') + + postfix::config { + 'smtpd_tls_cert_file': value => $x509['client_ca_cert']; + 'smtpd_tls_key_file': value => $x509['client_ca_key']; + 'smtpd_tls_ask_ccert': value => 'yes'; + #'smtpd_tls_CAfile': value => + } +} -- cgit v1.2.3