aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README4
-rw-r--r--files/main.cf1
-rw-r--r--manifests/classes/postfix-mailman.pp20
-rw-r--r--manifests/classes/postfix-mta.pp56
-rw-r--r--manifests/classes/postfix-satellite.pp35
-rw-r--r--manifests/classes/postfix.pp91
-rw-r--r--manifests/definitions/config.pp18
-rw-r--r--manifests/definitions/hash.pp19
-rw-r--r--manifests/definitions/transport.pp8
-rw-r--r--manifests/definitions/virtual.pp8
-rw-r--r--manifests/init.pp2
-rw-r--r--templates/master.cf.debian-etch.erb76
-rw-r--r--templates/master.cf.redhat5.erb80
13 files changed, 418 insertions, 0 deletions
diff --git a/README b/README
new file mode 100644
index 0000000..7258865
--- /dev/null
+++ b/README
@@ -0,0 +1,4 @@
+include postfix-ng
+
+postfix-ng::config { "relay_domains": value => "localhost host.foo.com" }
+
diff --git a/files/main.cf b/files/main.cf
new file mode 100644
index 0000000..ec649c7
--- /dev/null
+++ b/files/main.cf
@@ -0,0 +1 @@
+# file managed by puppet
diff --git a/manifests/classes/postfix-mailman.pp b/manifests/classes/postfix-mailman.pp
new file mode 100644
index 0000000..6a34f45
--- /dev/null
+++ b/manifests/classes/postfix-mailman.pp
@@ -0,0 +1,20 @@
+class postfix-ng::mailman {
+ $postfix_ng_smtp_listen = "0.0.0.0"
+ include postfix-ng
+
+ postfix-ng::config {
+ "mydestination": value => "";
+ "virtual_alias_maps": value => "hash:/etc/postfix/virtual";
+ "transport_maps": value => "hash:/etc/postfix/transport";
+ "mailman_destination_recipient_limit": value => "1", nonstandard => true;
+ }
+
+ postfix-ng::hash { "/etc/postfix/virtual":
+ ensure => present,
+ }
+
+ postfix-ng::hash { "/etc/postfix/transport":
+ ensure => present,
+ }
+
+}
diff --git a/manifests/classes/postfix-mta.pp b/manifests/classes/postfix-mta.pp
new file mode 100644
index 0000000..94f9f78
--- /dev/null
+++ b/manifests/classes/postfix-mta.pp
@@ -0,0 +1,56 @@
+#########################################################################
+#
+# This class configures a minimal MTA, listening on
+# $postfix_ng_smtp_listen (default to localhost) and delivering mail to
+# $postfix_mydestination (default to $fqdn).
+#
+# A valid relay host is required ($postfix_relayhost) for outbound email.
+#
+# transport & virtual maps get configured and can be populated with
+# postfix-ng::transport and postfix-ng::virtual
+#
+# Example:
+#
+# node "toto.example.com" {
+# $postfix_relayhost = "mail.example.com"
+# $postfix_ng_smtp_listen = "0.0.0.0"
+# $postfix_mydestination = "\$myorigin, myapp.example.com"
+#
+# include postfix-ng::mta
+#
+# postfix-ng::transport { "myapp.example.com":
+# ensure => present,
+# destination => "local:",
+# }
+# }
+#
+
+class postfix-ng::mta {
+
+ case $postfix_relayhost {
+ "": { fail("Required \$postfix_relayhost variable is not defined.") }
+ }
+
+ case $postfix_mydestination {
+ "": { $postfix_mydestination = "\$myorigin" }
+ }
+
+ include postfix-ng
+
+ postfix-ng::config {
+ "mydestination": value => $postfix_mydestination;
+ "mynetworks": value => "127.0.0.0/8";
+ "relayhost": value => $postfix_relayhost;
+ "virtual_alias_maps": value => "hash:/etc/postfix/virtual";
+ "transport_maps": value => "hash:/etc/postfix/transport";
+ }
+
+ postfix-ng::hash { "/etc/postfix/virtual":
+ ensure => present,
+ }
+
+ postfix-ng::hash { "/etc/postfix/transport":
+ ensure => present,
+ }
+
+}
diff --git a/manifests/classes/postfix-satellite.pp b/manifests/classes/postfix-satellite.pp
new file mode 100644
index 0000000..0f8cd5f
--- /dev/null
+++ b/manifests/classes/postfix-satellite.pp
@@ -0,0 +1,35 @@
+#########################################################################
+#
+# This class configures all local email (cron, mdadm, etc) to be forwarded
+# to $root_mail_recipient, using $postfix_relayhost as a relay.
+#
+# $valid_fqdn can be set to override $fqdn in the case where the FQDN is
+# not recognized as valid by the destination server.
+#
+# All other parameters for postfix-ng::mta are valid.
+#
+# Example:
+#
+# node "toto.local.lan" {
+# $postfix_relayhost = "mail.example.com"
+# $valid_fqdn = "toto.example.com"
+# $root_mail_recipient = "the.sysadmin@example.com"
+#
+# include postfix-ng::satellite
+# }
+
+class postfix-ng::satellite {
+
+ # If $fake_fqdn exists, use it to override $fqdn
+ case $valid_fqdn {
+ "": { $valid_fqdn = $fqdn }
+ default: { $fqdn = "${valid_fqdn}" }
+ }
+
+ include postfix-ng::mta
+
+ postfix-ng::virtual {"@${valid_fqdn}":
+ ensure => present,
+ destination => "root",
+ }
+}
diff --git a/manifests/classes/postfix.pp b/manifests/classes/postfix.pp
new file mode 100644
index 0000000..f943a4e
--- /dev/null
+++ b/manifests/classes/postfix.pp
@@ -0,0 +1,91 @@
+#########################################################################
+#
+# This class provides a basic setup of postfix with local and remote
+# delivery and an SMTP server listening on the loopback interface.
+#
+
+class postfix-ng {
+
+ # Default value for various options
+ case $postfix_ng_smtp_listen {
+ "": { $postfix_ng_smtp_listen = "127.0.0.1" }
+ }
+ case $root_mail_recipient {
+ "": { $root_mail_recipient = "nobody" }
+ }
+
+
+ package { ["postfix", "mailx"]:
+ ensure => installed
+ }
+
+ service { "postfix":
+ ensure => running,
+ require => Package["postfix"],
+ }
+
+ file { "/etc/mailname":
+ ensure => present,
+ content => "${fqdn}\n",
+ }
+
+ # Aliases
+
+ file { "/etc/aliases":
+ ensure => present,
+ content => "# file managed by puppet\n",
+ replace => false,
+ notify => Exec["newaliases"],
+ }
+
+ exec { "newaliases":
+ command => "/usr/bin/newaliases",
+ refreshonly => true,
+ require => Package["postfix"],
+ subscribe => File["/etc/aliases"],
+ }
+
+ # Config files
+
+ file { "/etc/postfix/master.cf":
+ ensure => present,
+ content => $lsbdistcodename ? {
+ Tikanga => template("postfix-ng/master.cf.redhat5.erb"),
+ etch => template("postfix-ng/master.cf.debian-etch.erb"),
+ default => "No puppet template defined for $lsbdistcodename\n",
+ },
+ notify => Service["postfix"],
+ require => Package["postfix"],
+ }
+
+ file { "/etc/postfix/main.cf":
+ ensure => present,
+ source => "puppet:///postfix-ng/main.cf",
+ replace => false,
+ notify => Service["postfix"],
+ require => Package["postfix"],
+ }
+
+ # Default configuration parameters
+
+ postfix-ng::config {
+ "myorigin": value => "${fqdn}";
+ "alias_maps": value => "hash:/etc/aliases";
+ "inet_interfaces": value => "all";
+ }
+
+ case $operatingsystem {
+ RedHat: {
+ postfix-ng::config {
+ "sendmail_path": value => "/usr/sbin/sendmail.postfix";
+ "newaliases_path": value => "/usr/bin/newaliases.postfix";
+ "mailq_path": value => "/usr/bin/mailq.postfix";
+ }
+ }
+ }
+
+ mailalias {"root":
+ recipient => $root_mail_recipient,
+ notify => Exec["newaliases"],
+ }
+}
diff --git a/manifests/definitions/config.pp b/manifests/definitions/config.pp
new file mode 100644
index 0000000..ec6c782
--- /dev/null
+++ b/manifests/definitions/config.pp
@@ -0,0 +1,18 @@
+define postfix-ng::config ($ensure = present, $value, $nonstandard = false) {
+ case $ensure {
+ present: {
+ exec {"postconf -e ${name}='${value}'":
+ unless => $nonstandard ? {
+ false => "test \"x$(postconf -h ${name})\" == 'x${value}'",
+ true => "test \"x$(egrep '^${name} ' /etc/postfix/main.cf | cut -d= -f2 | cut -d' ' -f2)\" == 'x${value}'",
+ },
+ notify => Service["postfix"],
+ require => File["/etc/postfix/main.cf"],
+ }
+ }
+
+ absent: {
+ fail "postfix-ng::config ensure => absent: Not implemented"
+ }
+ }
+}
diff --git a/manifests/definitions/hash.pp b/manifests/definitions/hash.pp
new file mode 100644
index 0000000..f21e270
--- /dev/null
+++ b/manifests/definitions/hash.pp
@@ -0,0 +1,19 @@
+define postfix-ng::hash ($ensure) {
+ file {"${name}":
+ ensure => $ensure,
+ mode => 600,
+ }
+
+ file {"${name}.db":
+ ensure => $ensure,
+ mode => 600,
+ require => [File["${name}"], Exec["generate ${name}.db"]],
+ }
+
+ exec {"generate ${name}.db":
+ command => "postmap ${name}",
+ #creates => "${name}.db", # this prevents postmap from being run !
+ subscribe => File["${name}"],
+ refreshonly => true
+ }
+}
diff --git a/manifests/definitions/transport.pp b/manifests/definitions/transport.pp
new file mode 100644
index 0000000..ea23bf6
--- /dev/null
+++ b/manifests/definitions/transport.pp
@@ -0,0 +1,8 @@
+define postfix-ng::transport ($ensure, $destination) {
+ line {"${name} ${destination}":
+ ensure => present,
+ file => "/etc/postfix/transport",
+ line => "${name} ${destination}",
+ notify => Exec["generate /etc/postfix/transport.db"],
+ }
+}
diff --git a/manifests/definitions/virtual.pp b/manifests/definitions/virtual.pp
new file mode 100644
index 0000000..950107c
--- /dev/null
+++ b/manifests/definitions/virtual.pp
@@ -0,0 +1,8 @@
+define postfix-ng::virtual ($ensure, $destination) {
+ line {"${name} ${destination}":
+ ensure => present,
+ file => "/etc/postfix/virtual",
+ line => "${name} ${destination}",
+ notify => Exec["generate /etc/postfix/virtual.db"],
+ }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
new file mode 100644
index 0000000..6cc1969
--- /dev/null
+++ b/manifests/init.pp
@@ -0,0 +1,2 @@
+import "classes/*.pp"
+import "definitions/*.pp"
diff --git a/templates/master.cf.debian-etch.erb b/templates/master.cf.debian-etch.erb
new file mode 100644
index 0000000..caff028
--- /dev/null
+++ b/templates/master.cf.debian-etch.erb
@@ -0,0 +1,76 @@
+#
+# Postfix master process configuration file. For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master").
+#
+# ==========================================================================
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (yes) (never) (100)
+# ==========================================================================
+<%= postfix_ng_smtp_listen %>:smtp inet n - - - - smtpd
+#submission inet n - - - - smtpd
+# -o smtpd_enforce_tls=yes
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#smtps inet n - - - - smtpd
+# -o smtpd_tls_wrappermode=yes
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#628 inet n - - - - qmqpd
+pickup fifo n - - 60 1 pickup
+cleanup unix n - - - 0 cleanup
+qmgr fifo n - n 300 1 qmgr
+#qmgr fifo n - - 300 1 oqmgr
+tlsmgr unix - - - 1000? 1 tlsmgr
+rewrite unix - - - - - trivial-rewrite
+bounce unix - - - - 0 bounce
+defer unix - - - - 0 bounce
+trace unix - - - - 0 bounce
+verify unix - - - - 1 verify
+flush unix n - - 1000? 0 flush
+proxymap unix - - n - - proxymap
+smtp unix - - - - - smtp
+# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
+relay unix - - - - - smtp
+ -o fallback_relay=
+# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq unix n - - - - showq
+error unix - - - - - error
+discard unix - - - - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - - - - lmtp
+anvil unix - - - - 1 anvil
+scache unix - - - - 1 scache
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent. See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop unix - n n - - pipe
+ flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp unix - n n - - pipe
+ flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail unix - n n - - pipe
+ flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp unix - n n - - pipe
+ flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix - n n - 2 pipe
+ flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman unix - n n - - pipe
+ flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+ ${nexthop} ${user}
+
diff --git a/templates/master.cf.redhat5.erb b/templates/master.cf.redhat5.erb
new file mode 100644
index 0000000..ddc776a
--- /dev/null
+++ b/templates/master.cf.redhat5.erb
@@ -0,0 +1,80 @@
+#
+# Postfix master process configuration file. For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master").
+#
+# ==========================================================================
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (yes) (never) (100)
+# ==========================================================================
+<%= postfix_ng_smtp_listen %>:smtp inet n - n - - smtpd
+#smtp inet n - n - - smtpd
+#submission inet n - n - - smtpd
+# -o smtpd_enforce_tls=yes
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#smtps inet n - n - - smtpd
+# -o smtpd_tls_wrappermode=yes
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#628 inet n - n - - qmqpd
+pickup fifo n - n 60 1 pickup
+cleanup unix n - n - 0 cleanup
+qmgr fifo n - n 300 1 qmgr
+#qmgr fifo n - n 300 1 oqmgr
+tlsmgr unix - - n 1000? 1 tlsmgr
+rewrite unix - - n - - trivial-rewrite
+bounce unix - - n - 0 bounce
+defer unix - - n - 0 bounce
+trace unix - - n - 0 bounce
+verify unix - - n - 1 verify
+flush unix n - n 1000? 0 flush
+proxymap unix - - n - - proxymap
+smtp unix - - n - - smtp
+# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
+relay unix - - n - - smtp
+ -o fallback_relay=
+# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq unix n - n - - showq
+error unix - - n - - error
+discard unix - - n - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - n - - lmtp
+anvil unix - - n - 1 anvil
+scache unix - - n - 1 scache
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent. See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop unix - n n - - pipe
+ flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
+#
+# The Cyrus deliver program has changed incompatibly, multiple times.
+#
+old-cyrus unix - n n - - pipe
+ flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+cyrus unix - n n - - pipe
+ user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp unix - n n - - pipe
+ flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail unix - n n - - pipe
+ flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp unix - n n - - pipe
+ flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient