7 files changed, 98 insertions, 35 deletions
diff --git a/files/amavisd/15-content_filter_mode b/files/amavisd/15-content_filter_mode
new file mode 100644
index 0000000..8d5f3d1
--- /dev/null
+++ b/files/amavisd/15-content_filter_mode
@@ -0,0 +1,23 @@
+use strict;
+
+# You can modify this file to re-enable SPAM checking through spamassassin
+# and to re-enable antivirus checking.
+
+#
+# Default antivirus checking mode
+# Uncomment the two lines below to enable it back
+#
+
+@bypass_virus_checks_maps = (
+   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
+
+
+#
+# Default SPAM checking mode
+# Uncomment the two lines below to enable it back
+#
+
+@bypass_spam_checks_maps = (
+   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
+
+1;  # ensure a defined return
diff --git a/files/dovecot/dovecot.conf b/files/dovecot/dovecot.conf
index b63757b..761299a 100644
--- a/files/dovecot/dovecot.conf
+++ b/files/dovecot/dovecot.conf
@@ -98,6 +98,8 @@ log_timestamp = "%Y-%m-%d %H:%M:%S "
 # root.
 #ssl_cert_file = /etc/ssl/certs/dovecot.pem
 #ssl_key_file = /etc/ssl/private/dovecot.pem
+ssl_cert_file = /etc/ssl/certs/cert.crt
+ssl_key_file = /etc/ssl/private/cert.pem
 
 # If key file is password protected, give the password here. Alternatively
 # give it when starting dovecot with -p parameter.
@@ -181,6 +183,9 @@ log_timestamp = "%Y-%m-%d %H:%M:%S "
 # string.
 #login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
 
+# Dont log user IPs
+login_log_format_elements = user=<%u> method=%m %c
+
 # Login log format. %$ contains login_log_format_elements string, %s contains
 # the data we want to log.
 #login_log_format = %$: %s
@@ -216,6 +221,7 @@ log_timestamp = "%Y-%m-%d %H:%M:%S "
 # <doc/wiki/MailLocation.txt>
 #
 #mail_location = 
+mail_location = maildir:/var/mail/virtual/%u
 
 # If you need to set multiple mailbox locations or want to change default
 # namespace settings, you can do it by defining namespace sections.
@@ -812,7 +818,7 @@ auth default {
   # Space separated list of wanted authentication mechanisms:
   #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi
   # NOTE: See also disable_plaintext_auth setting.
-  mechanisms = plain
+  mechanisms = plain login
 
   #
   # Password database is used to verify user's password (and nothing more).
@@ -919,10 +925,10 @@ auth default {
   #}
 
   # SQL database <doc/wiki/AuthDatabase.SQL.txt>
-  #passdb sql {
+  passdb sql {
     # Path for SQL configuration file
-    #args = /etc/dovecot/dovecot-sql.conf
-  #}
+    args = /etc/dovecot/dovecot-sql.conf
+  }
 
   # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
   #passdb ldap {
@@ -980,10 +986,10 @@ auth default {
   #}
 
   # SQL database <doc/wiki/AuthDatabase.SQL.txt>
-  #userdb sql {
+  userdb sql {
     # Path for SQL configuration file
-    #args = /etc/dovecot/dovecot-sql.conf
-  #}
+    args = /etc/dovecot/dovecot-sql.conf
+  }
 
   # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
   #userdb ldap {
@@ -1028,7 +1034,7 @@ auth default {
   #ssl_username_from_cert = no
 
   # It's possible to export the authentication interface to other programs:
-  #socket listen {
+  socket listen {
     #master {
       # Master socket provides access to userdb information. It's typically
       # used to give Dovecot's local delivery agent access to userdb so it
@@ -1039,14 +1045,15 @@ auth default {
       #user = 
       #group = 
     #}
-    #client {
-      # The client socket is generally safe to export to everyone. Typical use
-      # is to export it to your SMTP server so it can do SMTP AUTH lookups
-      # using it.
-      #path = /var/run/dovecot/auth-client
-      #mode = 0660
-    #}
-  #}
+    client {
+      # Assuming the default Postfix $queue_directory setting
+      path = /var/spool/postfix/private/auth
+      mode = 0660
+      # Assuming the default Postfix user and group
+      user = postfix
+      group = postfix
+    }
+  }
 
   ## dovecot-lda specific settings
   ##
diff --git a/manifests/amavisd.pp b/manifests/amavisd.pp
new file mode 100644
index 0000000..1047fb0
--- /dev/null
+++ b/manifests/amavisd.pp
@@ -0,0 +1,24 @@
+class mail::amavisd {
+  # TODO: master.cf
+
+  service { "amavisd":
+    ensure  => running,
+    require => Package['amavisd-new'],
+  }
+
+  service { "freshclam":
+    ensure  => running,
+    require => Package['clamav-freshclam'],
+  }
+
+  file { "/etc/amavis/conf.d/15-content_filter_mode":
+    ensure => present,
+    owner  => root,
+    group  => root,
+    mode   => 0644,
+    source => "puppet://$server/modules/mail/amavisd/15-content_filter_mode",
+    notify => Service['amavisd'],
+  }
+
+  postfix::config { "content_filter": value => 'amavis:[127.0.0.1]:10024' }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index 29bca6d..f4f98d6 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -9,3 +9,4 @@ import "packages.pp"
 import "postfixadmin"
 import "sasl.pp"
 import "tls.pp"
+import "amavisd.pp"
diff --git a/manifests/mail.pp b/manifests/mail.pp
index 0864b7c..7d70823 100644
--- a/manifests/mail.pp
+++ b/manifests/mail.pp
@@ -21,6 +21,7 @@ class mail {
   #include mail::dovecot
   #include mail::postfixadmin
   #include mail::header_checks
+  #include mail::amavisd
 
   # Postfix configuration
   postfix::config {
@@ -29,9 +30,9 @@ class mail {
     "mydestination":      value => "$postfix_mydestination";
     "mynetworks":         value => "$postfix_mynetworks";
     "relay_domains":      value => "$domain";
-    "virtual_alias_maps": value => "hash:/etc/postfix/virtual"; # TODO: use postfixadmin config instead
     "transport_maps":     value => "hash:/etc/postfix/transport";
     "mailbox_command":    value => '/usr/bin/maildrop -d ${USER}';
+    "mailbox_command":    value => '/var/mail/virtual';
   }
 
   postfix::hash { "/etc/postfix/virtual":
diff --git a/manifests/postfixadmin.pp b/manifests/postfixadmin.pp
index f265385..e400eba 100644
--- a/manifests/postfixadmin.pp
+++ b/manifests/postfixadmin.pp
@@ -43,18 +43,6 @@ class mail::postfixadmin {
                     '/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf' ],
   }
 
-  # Additional for quota support
-  postfix::config { "virtual_mailbox_limit_maps": 
-    value   => 'mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf'
-    require => File['/etc/postfix/mysql_virtual_mailbox_limit_maps.cf'],
-  }
-
-  postfix::config { "virtual_create_maildirsize":     value => 'yes' }
-  postfix::config { "virtual_mailbox_extended ":      value => 'yes' }
-  postfix::config { "virtual_mailbox_limit_override": value => 'yes' }
-  postfix::config { "virtual_maildir_limit_message":  value => 'The user's maildir has overdrawn his quota, try again later.' }
-  postfix::config { "virtual_overquota_bounce":       value => 'yes' }
-
   #
   # Map files
   #
@@ -100,10 +88,24 @@ class mail::postfixadmin {
     content => template('postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf'),
   }
 
-  file { "/etc/postfix/mysql_virtual_mailbox_limit_maps.cf":
-    ensure  => present,
-    owner   => root,
-    mode    => 0600,
-    content => template('postfix/sql/mysql_virtual_mailbox_limit_maps.cf'),
-  }
+  #
+  # Additional for quota support
+  #
+  #postfix::config { "virtual_mailbox_limit_maps": 
+  #  value   => 'mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf'
+  #  require => File['/etc/postfix/mysql_virtual_mailbox_limit_maps.cf'],
+  #}
+  #
+  #postfix::config { "virtual_create_maildirsize":     value => 'yes' }
+  #postfix::config { "virtual_mailbox_extended ":      value => 'yes' }
+  #postfix::config { "virtual_mailbox_limit_override": value => 'yes' }
+  #postfix::config { "virtual_maildir_limit_message":  value => 'The user's maildir has overdrawn his quota, try again later.' }
+  #postfix::config { "virtual_overquota_bounce":       value => 'yes' }
+  #
+  #file { "/etc/postfix/mysql_virtual_mailbox_limit_maps.cf":
+  #  ensure  => present,
+  #  owner   => root,
+  #  mode    => 0600,
+  #  content => template('postfix/sql/mysql_virtual_mailbox_limit_maps.cf'),
+  #}
 }
diff --git a/templates/dovecot/dovecot-sql.conf.erb b/templates/dovecot/dovecot-sql.conf.erb
index 7661e25..c5c7f87 100644
--- a/templates/dovecot/dovecot-sql.conf.erb
+++ b/templates/dovecot/dovecot-sql.conf.erb
@@ -26,6 +26,7 @@
 
 # Database driver: mysql, pgsql, sqlite
 #driver = 
+driver = mysql
 
 # Database connection string. This is driver-specific setting.
 #
@@ -55,6 +56,7 @@
 #   connect = /etc/dovecot/authdb.sqlite
 #
 #connect = dbname=virtual user=virtual
+connect = host=<%= postfixadmin_hosts %> dbname=<%= postfixadmin_dbname %> user=<%= postfixadmin_user %> password=<%= postfixadmin_password %>
 
 # Default password scheme.
 #
@@ -62,6 +64,7 @@
 # http://wiki.dovecot.org/Authentication/PasswordSchemes
 #
 #default_pass_scheme = PLAIN-MD5
+default_pass_scheme = MD5-CRYPT
 
 # Query to retrieve the password.
 #
@@ -89,6 +92,7 @@
 #   password_query = SELECT pw AS password FROM users WHERE userid = '%u' AND active = 'Y'
 #
 #password_query = SELECT userid as user, password FROM users WHERE userid = '%u'
+password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'
 
 # Query to retrieve the user information.
 #
@@ -109,6 +113,7 @@
 #   user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
 #
 #user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
+user_query = SELECT maildir, 1001 AS uid, 1001 AS gid FROM mailbox WHERE username = '%u' AND active='1'
 
 # If you wish to avoid two SQL lookups (passdb + userdb), you can use
 # userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll