class nodo::mail {
  # Class for mail nodes
  $mail_delivery         = "postfix"
  $postfix_relayhost     = "$domain"
  $postfix_smtp_listen   = "$ipaddress"
  $postfix_mydestination = "\$myorigin"

  include nodo::vserver
  include postfix::mta
  include database
  include ssl::mail

  # The needed packages
  package { [ 'postfix-mysql', 'dovecot-imapd', 'maildrop' ]:
    ensure => installed,
  }

  package { [ 'libauthen-sasl-cyrus-perl', 'libpam-mysql', 'libsasl2-modules',
              'libsasl2-modules-sql',      'libgsasl7',    'sasl2-bin' ]:
    ensure => installed,
  }

  package { [ 'postgrey', 'amavisd-new', 'spamassassin', 'spamc' ]:
    ensure => installed,
  }

  package { [ 'clamav-base', 'clamav-daemon', 'clamav-freshclam' ]:
    ensure => installed,
  }

  package { [ 'squirrelmail', 'squirrelmail-secure-login', 'squirrelmail-locales' ]:
    ensure => installed,
  } 

  # Postfix configuration
  postfix::config { "myhostname":      value  => "$fqdn" }
  postfix::config { "mailbox_command": value => '/usr/bin/maildrop -d ${USER}' }

  # SASL
  postfix::config { "smtpd_sasl_auth_enable":          value => 'yes' }
  postfix::config { "smtpd_sasl_local_domain":         value => '$myhostname' }
  postfix::config { "smtpd_sasl_security_options":     value => 'noanonymous' }
  postfix::config { "broken_sasl_auth_clients":        value => 'yes' }
  postfix::config { "smtpd_sasl_authenticated_header": value => 'yes' }

  # Recipient restrictions
  postfix::config { "smtpd_recipient_restrictions":
    value => 'permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client psbl.surriel.com, check_policy_service inet:127.0.0.1:10023' }

  # TLS
  postfix::config { "smtpd_tls_cert_file": value => '/etc/ssl/certs/cert.crt' }
  postfix::config { "smtpd_tls_key_file":  value => '/etc/ssl/private/cert.pem' }
  postfix::config { "smtpd_use_tls":       value => 'yes' }
  postfix::config { "smtp_use_tls":        value => 'yes' }
}