From 1f99fcdfdbe73be25c7a5ea80853bbc4618d4f76 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Sat, 5 Mar 2011 04:55:18 +0100
Subject: Support hiding the originating IP in email relayed for an
 authenticated SASL client.

Untested as I've no Puppet-managed relaying email server yet.

Reference: https://we.riseup.net/debian/anonymizing-postfix
---
 manifests/classes/postfix-anonsasl.pp | 18 ++++++++++++++++++
 manifests/classes/postfix.pp          |  6 ++++++
 2 files changed, 24 insertions(+)
 create mode 100644 manifests/classes/postfix-anonsasl.pp

(limited to 'manifests')

diff --git a/manifests/classes/postfix-anonsasl.pp b/manifests/classes/postfix-anonsasl.pp
new file mode 100644
index 0000000..ca97f19
--- /dev/null
+++ b/manifests/classes/postfix-anonsasl.pp
@@ -0,0 +1,18 @@
+class postfix::anonsasl {
+
+  include postfix::header_checks
+
+  postfix::config {
+    'smtpd_sasl_authenticated_header':
+      value => 'yes';
+  }
+
+  postfix::header_checks_snippet {
+    'anonsasl':
+      content => template("postfix/anonsasl_header_checks.erb"),
+      require => [
+                  Postfix::Config['smtpd_sasl_authenticated_header'],
+                  ];
+  }
+  
+}
diff --git a/manifests/classes/postfix.pp b/manifests/classes/postfix.pp
index 4446c17..4e9cd6f 100644
--- a/manifests/classes/postfix.pp
+++ b/manifests/classes/postfix.pp
@@ -40,6 +40,9 @@ class postfix {
   case $root_mail_recipient {
     "":   { $root_mail_recipient = "nobody" }
   }
+  case $postfix_anon_sasl {
+    "":    { $postfix_anon_sasl = "no" }
+  }
   case $postfix_manage_header_checks {
     "":   { $postfix_manage_header_checks = "no" }
   }
@@ -67,6 +70,9 @@ class postfix {
   module_dir{'postfix': }
 
   # Include optional classes
+  if $postfix_anon_sasl == 'yes' {
+    include postfix::anonsasl
+  }
   if $postfix_manage_header_checks == 'yes' {
     include postfix::header_checks
   }
-- 
cgit v1.2.3