diff options
-rw-r--r-- | README | 4 | ||||
-rw-r--r-- | files/main.cf | 1 | ||||
-rw-r--r-- | manifests/classes/postfix-mailman.pp | 20 | ||||
-rw-r--r-- | manifests/classes/postfix-mta.pp | 56 | ||||
-rw-r--r-- | manifests/classes/postfix-satellite.pp | 35 | ||||
-rw-r--r-- | manifests/classes/postfix.pp | 91 | ||||
-rw-r--r-- | manifests/definitions/config.pp | 18 | ||||
-rw-r--r-- | manifests/definitions/hash.pp | 19 | ||||
-rw-r--r-- | manifests/definitions/transport.pp | 8 | ||||
-rw-r--r-- | manifests/definitions/virtual.pp | 8 | ||||
-rw-r--r-- | manifests/init.pp | 2 | ||||
-rw-r--r-- | templates/master.cf.debian-etch.erb | 76 | ||||
-rw-r--r-- | templates/master.cf.redhat5.erb | 80 |
13 files changed, 418 insertions, 0 deletions
@@ -0,0 +1,4 @@ +include postfix-ng + +postfix-ng::config { "relay_domains": value => "localhost host.foo.com" } + diff --git a/files/main.cf b/files/main.cf new file mode 100644 index 0000000..ec649c7 --- /dev/null +++ b/files/main.cf @@ -0,0 +1 @@ +# file managed by puppet diff --git a/manifests/classes/postfix-mailman.pp b/manifests/classes/postfix-mailman.pp new file mode 100644 index 0000000..6a34f45 --- /dev/null +++ b/manifests/classes/postfix-mailman.pp @@ -0,0 +1,20 @@ +class postfix-ng::mailman { + $postfix_ng_smtp_listen = "0.0.0.0" + include postfix-ng + + postfix-ng::config { + "mydestination": value => ""; + "virtual_alias_maps": value => "hash:/etc/postfix/virtual"; + "transport_maps": value => "hash:/etc/postfix/transport"; + "mailman_destination_recipient_limit": value => "1", nonstandard => true; + } + + postfix-ng::hash { "/etc/postfix/virtual": + ensure => present, + } + + postfix-ng::hash { "/etc/postfix/transport": + ensure => present, + } + +} diff --git a/manifests/classes/postfix-mta.pp b/manifests/classes/postfix-mta.pp new file mode 100644 index 0000000..94f9f78 --- /dev/null +++ b/manifests/classes/postfix-mta.pp @@ -0,0 +1,56 @@ +######################################################################### +# +# This class configures a minimal MTA, listening on +# $postfix_ng_smtp_listen (default to localhost) and delivering mail to +# $postfix_mydestination (default to $fqdn). +# +# A valid relay host is required ($postfix_relayhost) for outbound email. +# +# transport & virtual maps get configured and can be populated with +# postfix-ng::transport and postfix-ng::virtual +# +# Example: +# +# node "toto.example.com" { +# $postfix_relayhost = "mail.example.com" +# $postfix_ng_smtp_listen = "0.0.0.0" +# $postfix_mydestination = "\$myorigin, myapp.example.com" +# +# include postfix-ng::mta +# +# postfix-ng::transport { "myapp.example.com": +# ensure => present, +# destination => "local:", +# } +# } +# + +class postfix-ng::mta { + + case $postfix_relayhost { + "": { fail("Required \$postfix_relayhost variable is not defined.") } + } + + case $postfix_mydestination { + "": { $postfix_mydestination = "\$myorigin" } + } + + include postfix-ng + + postfix-ng::config { + "mydestination": value => $postfix_mydestination; + "mynetworks": value => "127.0.0.0/8"; + "relayhost": value => $postfix_relayhost; + "virtual_alias_maps": value => "hash:/etc/postfix/virtual"; + "transport_maps": value => "hash:/etc/postfix/transport"; + } + + postfix-ng::hash { "/etc/postfix/virtual": + ensure => present, + } + + postfix-ng::hash { "/etc/postfix/transport": + ensure => present, + } + +} diff --git a/manifests/classes/postfix-satellite.pp b/manifests/classes/postfix-satellite.pp new file mode 100644 index 0000000..0f8cd5f --- /dev/null +++ b/manifests/classes/postfix-satellite.pp @@ -0,0 +1,35 @@ +######################################################################### +# +# This class configures all local email (cron, mdadm, etc) to be forwarded +# to $root_mail_recipient, using $postfix_relayhost as a relay. +# +# $valid_fqdn can be set to override $fqdn in the case where the FQDN is +# not recognized as valid by the destination server. +# +# All other parameters for postfix-ng::mta are valid. +# +# Example: +# +# node "toto.local.lan" { +# $postfix_relayhost = "mail.example.com" +# $valid_fqdn = "toto.example.com" +# $root_mail_recipient = "the.sysadmin@example.com" +# +# include postfix-ng::satellite +# } + +class postfix-ng::satellite { + + # If $fake_fqdn exists, use it to override $fqdn + case $valid_fqdn { + "": { $valid_fqdn = $fqdn } + default: { $fqdn = "${valid_fqdn}" } + } + + include postfix-ng::mta + + postfix-ng::virtual {"@${valid_fqdn}": + ensure => present, + destination => "root", + } +} diff --git a/manifests/classes/postfix.pp b/manifests/classes/postfix.pp new file mode 100644 index 0000000..f943a4e --- /dev/null +++ b/manifests/classes/postfix.pp @@ -0,0 +1,91 @@ +######################################################################### +# +# This class provides a basic setup of postfix with local and remote +# delivery and an SMTP server listening on the loopback interface. +# + +class postfix-ng { + + # Default value for various options + case $postfix_ng_smtp_listen { + "": { $postfix_ng_smtp_listen = "127.0.0.1" } + } + case $root_mail_recipient { + "": { $root_mail_recipient = "nobody" } + } + + + package { ["postfix", "mailx"]: + ensure => installed + } + + service { "postfix": + ensure => running, + require => Package["postfix"], + } + + file { "/etc/mailname": + ensure => present, + content => "${fqdn}\n", + } + + # Aliases + + file { "/etc/aliases": + ensure => present, + content => "# file managed by puppet\n", + replace => false, + notify => Exec["newaliases"], + } + + exec { "newaliases": + command => "/usr/bin/newaliases", + refreshonly => true, + require => Package["postfix"], + subscribe => File["/etc/aliases"], + } + + # Config files + + file { "/etc/postfix/master.cf": + ensure => present, + content => $lsbdistcodename ? { + Tikanga => template("postfix-ng/master.cf.redhat5.erb"), + etch => template("postfix-ng/master.cf.debian-etch.erb"), + default => "No puppet template defined for $lsbdistcodename\n", + }, + notify => Service["postfix"], + require => Package["postfix"], + } + + file { "/etc/postfix/main.cf": + ensure => present, + source => "puppet:///postfix-ng/main.cf", + replace => false, + notify => Service["postfix"], + require => Package["postfix"], + } + + # Default configuration parameters + + postfix-ng::config { + "myorigin": value => "${fqdn}"; + "alias_maps": value => "hash:/etc/aliases"; + "inet_interfaces": value => "all"; + } + + case $operatingsystem { + RedHat: { + postfix-ng::config { + "sendmail_path": value => "/usr/sbin/sendmail.postfix"; + "newaliases_path": value => "/usr/bin/newaliases.postfix"; + "mailq_path": value => "/usr/bin/mailq.postfix"; + } + } + } + + mailalias {"root": + recipient => $root_mail_recipient, + notify => Exec["newaliases"], + } +} diff --git a/manifests/definitions/config.pp b/manifests/definitions/config.pp new file mode 100644 index 0000000..ec6c782 --- /dev/null +++ b/manifests/definitions/config.pp @@ -0,0 +1,18 @@ +define postfix-ng::config ($ensure = present, $value, $nonstandard = false) { + case $ensure { + present: { + exec {"postconf -e ${name}='${value}'": + unless => $nonstandard ? { + false => "test \"x$(postconf -h ${name})\" == 'x${value}'", + true => "test \"x$(egrep '^${name} ' /etc/postfix/main.cf | cut -d= -f2 | cut -d' ' -f2)\" == 'x${value}'", + }, + notify => Service["postfix"], + require => File["/etc/postfix/main.cf"], + } + } + + absent: { + fail "postfix-ng::config ensure => absent: Not implemented" + } + } +} diff --git a/manifests/definitions/hash.pp b/manifests/definitions/hash.pp new file mode 100644 index 0000000..f21e270 --- /dev/null +++ b/manifests/definitions/hash.pp @@ -0,0 +1,19 @@ +define postfix-ng::hash ($ensure) { + file {"${name}": + ensure => $ensure, + mode => 600, + } + + file {"${name}.db": + ensure => $ensure, + mode => 600, + require => [File["${name}"], Exec["generate ${name}.db"]], + } + + exec {"generate ${name}.db": + command => "postmap ${name}", + #creates => "${name}.db", # this prevents postmap from being run ! + subscribe => File["${name}"], + refreshonly => true + } +} diff --git a/manifests/definitions/transport.pp b/manifests/definitions/transport.pp new file mode 100644 index 0000000..ea23bf6 --- /dev/null +++ b/manifests/definitions/transport.pp @@ -0,0 +1,8 @@ +define postfix-ng::transport ($ensure, $destination) { + line {"${name} ${destination}": + ensure => present, + file => "/etc/postfix/transport", + line => "${name} ${destination}", + notify => Exec["generate /etc/postfix/transport.db"], + } +} diff --git a/manifests/definitions/virtual.pp b/manifests/definitions/virtual.pp new file mode 100644 index 0000000..950107c --- /dev/null +++ b/manifests/definitions/virtual.pp @@ -0,0 +1,8 @@ +define postfix-ng::virtual ($ensure, $destination) { + line {"${name} ${destination}": + ensure => present, + file => "/etc/postfix/virtual", + line => "${name} ${destination}", + notify => Exec["generate /etc/postfix/virtual.db"], + } +} diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..6cc1969 --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,2 @@ +import "classes/*.pp" +import "definitions/*.pp" diff --git a/templates/master.cf.debian-etch.erb b/templates/master.cf.debian-etch.erb new file mode 100644 index 0000000..caff028 --- /dev/null +++ b/templates/master.cf.debian-etch.erb @@ -0,0 +1,76 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master"). +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (yes) (never) (100) +# ========================================================================== +<%= postfix_ng_smtp_listen %>:smtp inet n - - - - smtpd +#submission inet n - - - - smtpd +# -o smtpd_enforce_tls=yes +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_client_restrictions=permit_sasl_authenticated,reject +#smtps inet n - - - - smtpd +# -o smtpd_tls_wrappermode=yes +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_client_restrictions=permit_sasl_authenticated,reject +#628 inet n - - - - qmqpd +pickup fifo n - - 60 1 pickup +cleanup unix n - - - 0 cleanup +qmgr fifo n - n 300 1 qmgr +#qmgr fifo n - - 300 1 oqmgr +tlsmgr unix - - - 1000? 1 tlsmgr +rewrite unix - - - - - trivial-rewrite +bounce unix - - - - 0 bounce +defer unix - - - - 0 bounce +trace unix - - - - 0 bounce +verify unix - - - - 1 verify +flush unix n - - 1000? 0 flush +proxymap unix - - n - - proxymap +smtp unix - - - - - smtp +# When relaying mail as backup MX, disable fallback_relay to avoid MX loops +relay unix - - - - - smtp + -o fallback_relay= +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - - - - showq +error unix - - - - - error +discard unix - - - - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - - - - lmtp +anvil unix - - - - 1 anvil +scache unix - - - - 1 scache +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +maildrop unix - n n - - pipe + flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} +# +# See the Postfix UUCP_README file for configuration details. +# +uucp unix - n n - - pipe + flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# Other external delivery methods. +# +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +bsmtp unix - n n - - pipe + flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient +scalemail-backend unix - n n - 2 pipe + flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} +mailman unix - n n - - pipe + flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py + ${nexthop} ${user} + diff --git a/templates/master.cf.redhat5.erb b/templates/master.cf.redhat5.erb new file mode 100644 index 0000000..ddc776a --- /dev/null +++ b/templates/master.cf.redhat5.erb @@ -0,0 +1,80 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master"). +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (yes) (never) (100) +# ========================================================================== +<%= postfix_ng_smtp_listen %>:smtp inet n - n - - smtpd +#smtp inet n - n - - smtpd +#submission inet n - n - - smtpd +# -o smtpd_enforce_tls=yes +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_client_restrictions=permit_sasl_authenticated,reject +#smtps inet n - n - - smtpd +# -o smtpd_tls_wrappermode=yes +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_client_restrictions=permit_sasl_authenticated,reject +#628 inet n - n - - qmqpd +pickup fifo n - n 60 1 pickup +cleanup unix n - n - 0 cleanup +qmgr fifo n - n 300 1 qmgr +#qmgr fifo n - n 300 1 oqmgr +tlsmgr unix - - n 1000? 1 tlsmgr +rewrite unix - - n - - trivial-rewrite +bounce unix - - n - 0 bounce +defer unix - - n - 0 bounce +trace unix - - n - 0 bounce +verify unix - - n - 1 verify +flush unix n - n 1000? 0 flush +proxymap unix - - n - - proxymap +smtp unix - - n - - smtp +# When relaying mail as backup MX, disable fallback_relay to avoid MX loops +relay unix - - n - - smtp + -o fallback_relay= +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - n - - showq +error unix - - n - - error +discard unix - - n - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - n - - lmtp +anvil unix - - n - 1 anvil +scache unix - - n - 1 scache +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +maildrop unix - n n - - pipe + flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} +# +# The Cyrus deliver program has changed incompatibly, multiple times. +# +old-cyrus unix - n n - - pipe + flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +cyrus unix - n n - - pipe + user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} +# +# See the Postfix UUCP_README file for configuration details. +# +uucp unix - n n - - pipe + flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# Other external delivery methods. +# +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +bsmtp unix - n n - - pipe + flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient |