OpenDKIM support

author: Silvio Rhatto <rhatto@riseup.net> 2015-03-08 10:40:37 -0300
committer: Silvio Rhatto <rhatto@riseup.net> 2015-03-08 10:40:37 -0300
commit: 8af0ec91d981014055de4a1b872418ac1bc460f6 (patch)
tree: f4fe00836e990761ae53f481ff0c691a0dc67193 /manifests
parent: 3c207f9a435963a1aa590d219527a62082749b39 (diff)
download: puppet-mail-8af0ec91d981014055de4a1b872418ac1bc460f6.tar.gz
puppet-mail-8af0ec91d981014055de4a1b872418ac1bc460f6.tar.bz2
4 files changed, 109 insertions, 0 deletions
diff --git a/manifests/opendkim.pp b/manifests/opendkim.pp
new file mode 100644
index 0000000..2a60838
--- /dev/null
+++ b/manifests/opendkim.pp
@@ -0,0 +1,82 @@
+# Recipe from https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy
+class mail::opendkim {
+  include mail::opendkim::packages
+
+  file { '/etc/default/opendkim':
+    ensure => present,
+    owner  => root,
+    group  => root,
+    mode   => 0644,
+    source => "puppet:///modules/mail/opendkim/default",
+    require => Package['opendkim'],
+  }
+
+  file { '/etc/opendkim.conf':
+    ensure => present,
+    owner  => root,
+    group  => root,
+    mode   => 0644,
+    source => [ "puppet:///modules/mail/opendkim/opendkim.conf",
+                "puppet:///modules/site_mail/opendkim/opendkim.conf" ],
+    require => Package['opendkim'],
+  }
+
+  file { '/etc/opendkim':
+    ensure => directory,
+    owner  => root,
+    group  => root,
+    mode   => 0644,
+    require => Package['opendkim'],
+  }
+
+  file { '/etc/opendkim/keys':
+    ensure => directory,
+    owner  => opendkim,
+    group  => opendkim,
+    mode   => 0750,
+    require => File['/etc/opendkim'],
+  }
+
+  file { '/etc/opendkim/TrustedHosts':
+    ensure => present,
+    owner  => root,
+    group  => root,
+    mode   => 0644,
+    source => [ "puppet:///modules/mail/opendkim/TrustedHosts",
+                "puppet:///modules/site_mail/opendkim/TrustedHosts" ],
+    require => File['/etc/opendkim'],
+  }
+
+  file { '/etc/opendkim/KeyTable':
+    ensure => present,
+    owner  => root,
+    group  => root,
+    mode   => 0644,
+    source => [ "puppet:///modules/mail/opendkim/KeyTable",
+                "puppet:///modules/site_mail/opendkim/KeyTable" ],
+    require => File['/etc/opendkim'],
+  }
+
+  file { '/etc/opendkim/SigningTable':
+    ensure => present,
+    owner  => root,
+    group  => root,
+    mode   => 0644,
+    source => [ "puppet:///modules/mail/opendkim/SigningTable",
+                "puppet:///modules/site_mail/opendkim/SigningTable" ],
+    require => File['/etc/opendkim'],
+  }
+
+  service { 'opendkim' :
+    ensure    => running,
+    enable    => true,
+    require   => [ Package['opendkim'],
+                   File['/etc/default/opendkim', '/etc/opendkim.conf',
+                        '/etc/opendkim/TrustedHosts', '/etc/opendkim/KeyTable', '/etc/opendkim/SigningTable' ],
+  }
+
+  postfix::config { "milter_protocol":       value => '2' }
+  postfix::config { "milter_default_action": value => 'accept' }
+  postfix::config { "osmtpd_milters":        value => 'inet:localhost:12301' }
+  postfix::config { "non_smtpd_milters":     value => 'inet:localhost:12301' }
+}
diff --git a/manifests/opendkim/key.pp b/manifests/opendkim/key.pp
new file mode 100644
index 0000000..bd9dadb
--- /dev/null
+++ b/manifests/opendkim/key.pp
@@ -0,0 +1,18 @@
+define mail::opendkim::key() {
+  file { "/etc/opendkim/keys/${name}" :
+    ensure  => directory,
+    owner   => 'opendkim',
+    group   => 'opendkim',
+    mode    => '0750',
+    require => File['/etc/opendkim/keys'],
+  }
+
+  exec { "opendkim-genkey-${name}"
+    command => "opendkim-genkey -s mail -d ${name}",
+    cwd     => "/etc/opendkim/keys/${name}",
+    user    => root,
+    group   => root,
+    creates => File["/etc/opendkim/keys/${name}/mail.private", "/etc/opendkim/keys/${name}/mail.txt" ],
+    require => [ File["/etc/opendkim/keys/${name}"], Package['opendkim-tools'] ],
+  }
+}
diff --git a/manifests/opendkim/packages.pp b/manifests/opendkim/packages.pp
new file mode 100644
index 0000000..bcb577a
--- /dev/null
+++ b/manifests/opendkim/packages.pp
@@ -0,0 +1,5 @@
+class mail::opendkim::packages {
+  package { [ 'opendkim', 'opendkim-tools' ]:
+    ensure => installed,
+  } 
+}
diff --git a/manifests/system.pp b/manifests/system.pp
index 89f50c6..ec17ac7 100644
--- a/manifests/system.pp
+++ b/manifests/system.pp
@@ -50,6 +50,10 @@ class mail::system(
   include mail::header_checks
   include mail::clamav
   include mail::spamassassin
+  include mail::opendkim
+
+  # DKIM
+  mail::opendkim::key { "$domain": }
 
   # Default parameters
   include mail::firma::params
author	Silvio Rhatto <rhatto@riseup.net>	2015-03-08 10:40:37 -0300
committer	Silvio Rhatto <rhatto@riseup.net>	2015-03-08 10:40:37 -0300
commit	8af0ec91d981014055de4a1b872418ac1bc460f6 (patch)
tree	f4fe00836e990761ae53f481ff0c691a0dc67193 /manifests
parent	3c207f9a435963a1aa590d219527a62082749b39 (diff)
download	puppet-mail-8af0ec91d981014055de4a1b872418ac1bc460f6.tar.gz puppet-mail-8af0ec91d981014055de4a1b872418ac1bc460f6.tar.bz2