8 files changed, 227 insertions, 0 deletions

diff --git a/manifests/dovecot.pp b/manifests/dovecot.pp
new file mode 100644
index 0000000..4f9a226
--- /dev/null
+++ b/manifests/dovecot.pp
@@ -0,0 +1,23 @@
+class mail::dovecot {
+  # Dovecot
+  service { "dovecot":
+    ensure  => running,
+    require => [ Package['dovecot-imapd'], File['/etc/dovecot/dovecot.conf', '/etc/dovecot/dovecot-sql.conf'] ],
+  }
+
+  file { "/etc/dovecot/dovecot.conf":
+    ensure => present,
+    owner  => root,
+    mode   => 0644,
+    source => "puppet://$server/modules/mail/dovecot/dovecot.conf",
+    notify => Service['dovecot'],
+  }
+
+  file { "/etc/dovecot/dovecot-sql.conf":
+    ensure => present,
+    owner  => root,
+    mode   => 0600,
+    source => "puppet://$server/modules/mail/dovecot/dovecot-sql.conf",
+    notify => Service['dovecot'],
+  }
+}
diff --git a/manifests/header_checks.pp b/manifests/header_checks.pp
new file mode 100644
index 0000000..1c72435
--- /dev/null
+++ b/manifests/header_checks.pp
@@ -0,0 +1,14 @@
+class mail::header_checks {
+  # Header checks
+  postfix::config { "header_checks":
+    value   => 'regexp:/etc/postfix/header_checks',
+    require => File['/etc/postfix/header_checks'],
+  }
+
+  file { "/etc/postfix/header_checks":
+    ensure => present,
+    owner  => root,
+    mode   => 0644,
+    source => "puppet://$server/modules/mail/postfix/header_checks",
+  }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
new file mode 100644
index 0000000..29bca6d
--- /dev/null
+++ b/manifests/init.pp
@@ -0,0 +1,11 @@
+#
+# Mail module
+#
+
+import "dovecot.pp"
+import "header_checks.pp"
+import "mail.pp"
+import "packages.pp"
+import "postfixadmin"
+import "sasl.pp"
+import "tls.pp"
diff --git a/manifests/mail.pp b/manifests/mail.pp
new file mode 100644
index 0000000..0864b7c
--- /dev/null
+++ b/manifests/mail.pp
@@ -0,0 +1,48 @@
+class mail {
+  $mail_delivery         = "postfix"
+  $postfix_smtp_listen   = "all"
+  $postfix_mydestination = '$myhostname, $mydomain, localhost.$mydomain, localhost'
+
+  case $postfix_mynetworks {
+    '': { $postfix_mynetworks = "127.0.0.0/8" }
+  }
+
+  # Module requirements
+  include postfix
+  include database
+  include ssl::mail
+
+  # Subsystems
+  include mail::packages
+  include mail::sasl
+  include mail::tls
+
+  # TODO
+  #include mail::dovecot
+  #include mail::postfixadmin
+  #include mail::header_checks
+
+  # Postfix configuration
+  postfix::config {
+    "mydomain":           value => "$domain";
+    "myhostname":         value => "$fqdn";
+    "mydestination":      value => "$postfix_mydestination";
+    "mynetworks":         value => "$postfix_mynetworks";
+    "relay_domains":      value => "$domain";
+    "virtual_alias_maps": value => "hash:/etc/postfix/virtual"; # TODO: use postfixadmin config instead
+    "transport_maps":     value => "hash:/etc/postfix/transport";
+    "mailbox_command":    value => '/usr/bin/maildrop -d ${USER}';
+  }
+
+  postfix::hash { "/etc/postfix/virtual":
+    ensure => present,
+  }
+
+  postfix::hash { "/etc/postfix/transport":
+    ensure => present,
+  }
+
+  # Recipient restrictions
+  postfix::config { "smtpd_recipient_restrictions":
+    value => 'permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client psbl.surriel.com, check_policy_service inet:127.0.0.1:60000' }
+}
diff --git a/manifests/packages.pp b/manifests/packages.pp
new file mode 100644
index 0000000..e9f351c
--- /dev/null
+++ b/manifests/packages.pp
@@ -0,0 +1,25 @@
+class mail::packages {
+  # The needed packages
+  package { [ 'postfix-mysql', 'dovecot-imapd', 'maildrop' ]:
+    ensure => installed,
+  }
+
+  # Don't use Cyrus SASL
+  # TODO: remove this block in the future
+  package { [ 'libauthen-sasl-cyrus-perl', 'libsasl2-modules',
+              'libsasl2-modules-sql',      'sasl2-bin' ]:
+    ensure => absent,
+  }
+
+  package { [ 'postgrey', 'amavisd-new', 'spamassassin', 'spamc', 'libpam-mysql', 'libgsasl7' ]:
+    ensure => installed,
+  }
+
+  package { [ 'clamav-base', 'clamav-daemon', 'clamav-freshclam' ]:
+    ensure => installed,
+  }
+
+  package { [ 'squirrelmail', 'squirrelmail-secure-login', 'squirrelmail-locales' ]:
+    ensure => installed,
+  } 
+}
diff --git a/manifests/postfixadmin.pp b/manifests/postfixadmin.pp
new file mode 100644
index 0000000..3d63f1e
--- /dev/null
+++ b/manifests/postfixadmin.pp
@@ -0,0 +1,87 @@
+class mail::postfixadmin {
+  # TODO
+  # $postfixadmin_user
+  # $postfixadmin_password
+  # $postfixadmin_hosts
+  # $postfixadmin_dbname
+
+  # Postfixadmin
+  postfix::config { "virtual_mailbox_domains":
+    value   => 'proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf',
+    require => File['/etc/postfix/sql/mysql_virtual_domains_maps.cf'],
+  }
+
+  postfix::config { "virtual_alias_maps":
+    value   => 'hash:/etc/postfix/virtual, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf'
+    require => File['/etc/postfix/sql/mysql_virtual_alias_maps.cf',
+                    '/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf',
+                    '/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf' ],
+  }
+
+  postfix::config { "virtual_mailbox_maps": 
+    value   => 'proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf',
+    require => File['/etc/postfix/sql/mysql_virtual_mailbox_maps.cf',
+                    '/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf' ],
+  }
+
+  # Additional for quota support
+  postfix::config { "virtual_mailbox_limit_maps": 
+    value   => 'mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf'
+    require => File['/etc/postfix/mysql_virtual_mailbox_limit_maps.cf'],
+  }
+
+  postfix::config { "virtual_create_maildirsize":     value => 'yes' }
+  postfix::config { "virtual_mailbox_extended ":      value => 'yes' }
+  postfix::config { "virtual_mailbox_limit_override": value => 'yes' }
+  postfix::config { "virtual_maildir_limit_message":  value => 'The user's maildir has overdrawn his quota, try again later.' }
+  postfix::config { "virtual_overquota_bounce":       value => 'yes' }
+
+  file { "/etc/postfix/sql/mysql_virtual_domains_maps.cf":
+    ensure  => present,
+    owner   => root,
+    mode    => 0600,
+    content => template('postfix/sql/mysql_virtual_domains_maps.cf.erb'),
+  }
+
+  file { "/etc/postfix/sql/mysql_virtual_alias_maps.cf":
+    ensure  => present,
+    owner   => root,
+    mode    => 0600,
+    content => template('postfix/sql/mysql_virtual_alias_maps.cf.erb'),
+  }
+
+  file { "/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf":
+    ensure  => present,
+    owner   => root,
+    mode    => 0600,
+    content => template('postfix/sql/mysql_virtual_alias_domain_maps.cf'),
+  }
+
+  file { "/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf":
+    ensure  => present,
+    owner   => root,
+    mode    => 0600,
+    content => template('postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf'),
+  }
+
+  file { "/etc/postfix/sql/mysql_virtual_mailbox_maps.cf":
+    ensure  => present,
+    owner   => root,
+    mode    => 0600,
+    content => template('postfix/sql/mysql_virtual_mailbox_maps.cf'),
+  }
+
+  file { "/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf":
+    ensure  => present,
+    owner   => root,
+    mode    => 0600,
+    content => template('postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf'),
+  }
+
+  file { "/etc/postfix/mysql_virtual_mailbox_limit_maps.cf":
+    ensure  => present,
+    owner   => root,
+    mode    => 0600,
+    content => template('postfix/sql/mysql_virtual_mailbox_limit_maps.cf'),
+  }
+}
diff --git a/manifests/sasl.pp b/manifests/sasl.pp
new file mode 100644
index 0000000..91f60d8
--- /dev/null
+++ b/manifests/sasl.pp
@@ -0,0 +1,12 @@
+class mail::sasl {
+  # SASL
+  postfix::config { "smtpd_sasl_type":                 value => 'dovecot' }
+  postfix::config { "smtpd_sasl_auth_enable":          value => 'yes' }
+  postfix::config { "smtpd_sasl_local_domain":         value => '$myhostname' }
+  postfix::config { "smtpd_sasl_security_options":     value => 'noanonymous, noplaintext' }
+  postfix::config { "smtpd_sasl_tls_security_options": value => 'noanonymous' }
+  postfix::config { "broken_sasl_auth_clients":        value => 'yes' }
+  postfix::config { "smtpd_sasl_authenticated_header": value => 'yes' }
+  postfix::config { "smtpd_tls_auth_only":             value => 'yes' }
+  postfix::config { "smtpd_sasl_path":                 value => 'private/auth' }
+}
diff --git a/manifests/tls.pp b/manifests/tls.pp
new file mode 100644
index 0000000..435e5d1
--- /dev/null
+++ b/manifests/tls.pp
@@ -0,0 +1,7 @@
+class mail::tls {
+  # TLS
+  postfix::config { "smtpd_tls_cert_file": value => '/etc/ssl/certs/cert.crt' }
+  postfix::config { "smtpd_tls_key_file":  value => '/etc/ssl/private/cert.pem' }
+  postfix::config { "smtpd_use_tls":       value => 'yes' }
+  postfix::config { "smtp_use_tls":        value => 'yes' }
+}