1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
|
Postfix Puppet module
=====================
This module will help install and configure postfix.
A couple of classes will preconfigure postfix for common needs.
This module needs:
- the concat module: git://labs.riseup.net/shared-concat
!! Upgrade Notice (01/2013) !!
This module now uses parameterized classes, where it used global variables
before. So please whatch out before pulling, you need to change the
class declarations in your manifest !
Issues
------
- Debian wheezy hosts (or below): If you get this error msg:
"Could not find template 'postfix/master.cf.debian-.erb' at /ssrv/leap/puppet/modules/postfix/manifests/init.pp:158 on node rew07plain1.rewire.org"
you need to use the facter package from wheezy-backports instead of the wheezy one. See https://gitlab.com/shared-puppet-modules-group/postfix/merge_requests/6#note_1892207 for more details.
Deprecation notice
------------------
It used to be that one could drop header checks snippets into the
following source directories:
"puppet:///modules/site-postfix/${fqdn}/header_checks.d"
"puppet:///modules/site-postfix/header_checks.d"
"puppet:///files/etc/postfix/header_checks.d"
"puppet:///modules/postfix/header_checks.d"
... and TLS policy snippets into those:
"puppet:///modules/site-postfix/${fqdn}/tls_policy.d"
"puppet:///modules/site-postfix/tls_policy.d"
"puppet:///modules/postfix/tls_policy.d"
This is not supported anymore.
Every such snippet much now be configured using the (respectively)
postfix::header_checks_snippet and postfix::tlspolicy_snippet defines.
Note: You will need to set a global Exec { path => '...' } to a proper pathing
in your manifests, or you will experience some issues such as:
err: Failed to apply catalog: Parameter unless failed: 'test "x$(postconf -h relay_domains)" == 'xlocalhost host.foo.com'' is not qualified and no path was specified. Please qualify the command or specify a path.
See: http://www.puppetcookbook.com/posts/set-global-exec-path.html for more
information about how to do this
Postfix class configuration parameters
--------------------------------------
* use_amavisd => 'yes' - to include postfix::amavis
* anon_sasl => 'yes' - to hide the originating IP in email
relayed for an authenticated SASL client; this needs Postfix
2.3 or later to work; beware! Postfix logs the header replacement
has been done, which means that you are storing this information,
unless you are anonymizing your logs.
* manage_header_checks => 'yes' - to manage header checks (see
postfix::header_checks for details)
* manage_transport_regexp => 'yes' - to manage header checks (see
postfix::transport_regexp for details)
* manage_virtual_regexp => 'yes' - to manage header checks (see
postfix::virtual_regexp for details)
* manage_tls_policy => 'yes - to manage TLS policy (see
postfix::tlspolicy for details)
* inet_interfaces: by default, postfix will bind to all interfaces, but
sometimes you don't want that. To bind to specific interfaces, use the
'inet_interfaces' parameter and set it to exactly what would be in the
main.cf file.
* myorigin: some hosts have weird-looking host names (dedicated servers and VPSes). To
set the server's domain of origin, set the 'myorigin' parameter
* smtp_listen: address on which the smtp service will listen (Default: 127.0.0.1)
* root_mail_recipient: who will receive root's emails (Default: 'nobody')
* tls_fingerprint_digest: fingerprint digest for tls policy class (Default: 'sha1')
* use_dovecot_lda: include dovecot declaration at master.cf
* use_schleuder: whether to include schleuder portion at master.cf
* use_sympa: whether to include sympa portion at master.cf
* use_firma: whether to include firma portion at master.cf
* use_mlmmj: whether to include mlmmj portion at master.cf
* use_submission: set to "yes" to enable submission section at master.cf
* use_smtps: set to "yes" to enable smtps section at master.cf
* mastercf_tail: set this for additional content to be added at the end of master.cf
== Examples:
class { 'postfix': }
class { 'postfix': anon_sasl => 'yes', myorigin => 'foo.bar.tz' }
postfix::config { "relay_domains": value => "localhost host.foo.com" }
Convience classes
=================
postfix::config
---------------
This can be used to pass arbitrary postfix configurations by passing the $name
to postconf to add/alter/remove options in main.cf
It can also be used to ensure that a certain configuration is not present by
setting the ensure parameter to absent. In this case, the value parameter is
still mandatory but can be set to whatever value.
Parameters:
- *name*: name of the parameter.
- *ensure*: present/absent. defaults to present.
- *value*: value of the parameter.
- *nonstandard*: inform postfix::config that this parameter is not recognized
by the "postconf" command. defaults to false.
Requires:
- Class["postfix"]
Example usage:
postfix::config {
"smtp_use_tls" => "yes";
"smtp_sasl_auth_enable" => "yes";
"smtp_sasl_password_maps" => "hash:/etc/postfix/my_sasl_passwords";
"relayhost" => "[mail.example.com]:587";
}
postfix::config { 'smtp_tls_cert_file':
ensure => absent,
value => '',
}
postfix::disable
----------------
If you include this class, the postfix package will be removed and the service
stopped.
postfix::hash
-------------
This can be used to create postfix hashed "map" files. It will create "${name}",
and then build "${name}.db" using the "postmap" command. The map file can then
be referred to using postfix::config.
Parameters:
- *name*: the name of the map file.
- *ensure*: present/absent, defaults to present.
- *source*: file source.
Requires:
- Class["postfix"]
Example usage:
postfix::hash { "/etc/postfix/virtual":
ensure => present,
}
postfix::config { "virtual_alias_maps":
value => "hash:/etc/postfix/virtual"
}
postfix::virtual
----------------
Manages content of the /etc/postfix/virtual map
Parameters:
- *name*: name of address postfix will lookup. See virtual(8).
- *destination*: where the emails will be delivered to. See virtual(8).
- *ensure*: present/absent, defaults to present.
Requires:
- Class["postfix"]
- Postfix::Hash["/etc/postfix/virtual"]
- Postfix::Config["virtual_alias_maps"]
- common::line (from module common)
Example usage:
postfix::hash { "/etc/postfix/virtual":
ensure => present,
}
postfix::config { "virtual_alias_maps":
value => "hash:/etc/postfix/virtual"
}
postfix::virtual { "user@example.com":
ensure => present,
destination => "root",
}
postfix::mailalias
------------------
Wrapper around Puppet mailalias resource, provides newaliases executable.
Parameters:
- *name*: the name of the alias.
- *ensure*: present/absent, defaults to present.
- *recipient*: recipient of the alias.
Requires:
- Class["postfix"]
Example usage:
postfix::mailalias { "postmaster":
ensure => present,
recipient => 'foo'
}
|
