diff options
-rw-r--r-- | manifests/mail.pp | 38 |
1 files changed, 35 insertions, 3 deletions
diff --git a/manifests/mail.pp b/manifests/mail.pp index 06d633b..54b3045 100644 --- a/manifests/mail.pp +++ b/manifests/mail.pp @@ -14,8 +14,8 @@ class nodo::mail { ensure => installed, } - package { [ 'libauthen-sasl-cyrus-perl', 'libpam-mysql', 'libsasl2-modules', 'sasl2-bin', - 'libsasl2-modules-sql', 'libgsasl7', 'libsasl2-modules-sql' ]: + package { [ 'libauthen-sasl-cyrus-perl', 'libpam-mysql', 'libsasl2-modules', + 'libsasl2-modules-sql', 'libgsasl7', 'sasl2-bin' ]: ensure => installed, } @@ -32,5 +32,37 @@ class nodo::mail { } # Postfix configuration - postfix::config { "myhostname": value => "$fqdn" } + postfix::config { "myhostname": value => "$fqdn" } + postfix::config { "mailbox_command": value => '/usr/bin/maildrop -d ${USER}' } + + # SASL + postfix::config { "smtpd_sasl_auth_enable": value => 'yes' } + postfix::config { "smtpd_sasl_local_domain": value => '$myhostname' } + postfix::config { "smtpd_sasl_security_options": value => 'noanonymous' } + postfix::config { "broken_sasl_auth_clients": value => 'yes' } + postfix::config { "smtpd_sasl_authenticated_header" value => 'yes' } + + # Whitelisting: local clients may specify any destination. Others may not. + postfix::config { "smtpd_recipient_restrictions": + value => 'permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination, + #reject_non_fqdn_hostname, + #reject_non_fqdn_sender, + #reject_non_fqdn_recipient, + #reject_unauth_destination, + #reject_unauth_pipelining, + #reject_invalid_hostname, + #reject_rbl_client multi.uribl.com, + #reject_rbl_client dsn.rfc-ignorant.org, + #reject_rbl_client dul.dnsbl.sorbs.net, + #reject_rbl_client dnsbl.sorbs.net, + #reject_rbl_client cbl.abuseat.org, + #reject_rbl_client ix.dnsbl.manitu.net, + #reject_rbl_client combined.rbl.msrbl.net, + #reject_rbl_client rabl.nuclearelephant.com, + #reject_rbl_client bl.spamcop.net, + #reject_rbl_client zen.spamhaus.org, + reject_rbl_client psbl.surriel.com, + check_policy_service inet:127.0.0.1:10023' } } |