class nodo::mail { # Class for mail nodes $mail_delivery = "postfix" $postfix_relayhost = "$domain" $postfix_smtp_listen = "$ipaddress" $postfix_mydestination = "\$myorigin" include nodo::vserver include postfix::mta include database include ssl::mail # The needed packages package { [ 'postfix-mysql', 'dovecot-imapd', 'maildrop' ]: ensure => installed, } package { [ 'libauthen-sasl-cyrus-perl', 'libpam-mysql', 'libsasl2-modules', 'libsasl2-modules-sql', 'libgsasl7', 'sasl2-bin' ]: ensure => installed, } package { [ 'postgrey', 'amavisd-new', 'spamassassin', 'spamc' ]: ensure => installed, } package { [ 'clamav-base', 'clamav-daemon', 'clamav-freshclam' ]: ensure => installed, } package { [ 'squirrelmail', 'squirrelmail-secure-login', 'squirrelmail-locales' ]: ensure => installed, } # Postfix configuration postfix::config { "myhostname": value => "$fqdn" } postfix::config { "mailbox_command": value => '/usr/bin/maildrop -d ${USER}' } # SASL postfix::config { "smtpd_sasl_auth_enable": value => 'yes' } postfix::config { "smtpd_sasl_local_domain": value => '$myhostname' } postfix::config { "smtpd_sasl_security_options": value => 'noanonymous' } postfix::config { "broken_sasl_auth_clients": value => 'yes' } postfix::config { "smtpd_sasl_authenticated_header": value => 'yes' } # Recipient restrictions postfix::config { "smtpd_recipient_restrictions": value => 'permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client psbl.surriel.com, check_policy_service inet:127.0.0.1:10023' } # TLS postfix::config { "smtpd_tls_cert_file": value => '/etc/ssl/certs/cert.crt' } postfix::config { "smtpd_tls_key_file": value => '/etc/ssl/private/cert.pem' } postfix::config { "smtpd_use_tls": value => 'yes' } postfix::config { "smtp_use_tls": value => 'yes' } }