From 60544a57c9e2d014061d2c2775654918890a648c Mon Sep 17 00:00:00 2001 From: Varac Date: Thu, 17 Dec 2009 16:37:53 +0100 Subject: added postfix::amavis, no relayhost needed for postfix::mta --- README | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'README') diff --git a/README b/README index 964125f..c2b58e9 100644 --- a/README +++ b/README @@ -4,6 +4,10 @@ This module will help install and configure postfix. A couple of classes will preconfigure postfix for common needs. +Config +------ +- set $postfix_amavis="true" to include postfix::amavis + == Example: include postfix -- cgit v1.2.3 From 000ec536a0260aaccb65968f16dcedd0728b4e0f Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 2 Nov 2010 20:34:01 +0100 Subject: -> as in template --- README | 2 +- manifests/classes/postfix.pp | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'README') diff --git a/README b/README index c2b58e9..c81554e 100644 --- a/README +++ b/README @@ -6,7 +6,7 @@ A couple of classes will preconfigure postfix for common needs. Config ------ -- set $postfix_amavis="true" to include postfix::amavis +- set $postfix_use_amavisd="true" to include postfix::amavis == Example: diff --git a/manifests/classes/postfix.pp b/manifests/classes/postfix.pp index 36089a6..4449629 100644 --- a/manifests/classes/postfix.pp +++ b/manifests/classes/postfix.pp @@ -5,13 +5,13 @@ # delivery and an SMTP server listening on the loopback interface. # # Parameters: -# - *$postfix_ng_smtp_listen*: address on which the smtp service will listen to. defaults to 127.0.0.1 +# - *$postfix_smtp_listen*: address on which the smtp service will listen to. defaults to 127.0.0.1 # - *$root_mail_recipient*: who will recieve root's emails. defaults to "nobody" # # Example usage: # # node "toto.example.com" { -# $postfix_ng_smtp_listen = "192.168.1.10" +# $postfix_smtp_listen = "192.168.1.10" # include postfix # } # @@ -41,9 +41,9 @@ class postfix { "": { $root_mail_recipient = "nobody" } } - case $postfix_amavis { - "": { $postfix_amavis = "false" } - "true": { include postfix::amavis } + case $postfix_use_amavisd { + "": { $postfix_use_amavisd = "no" } + "yes": { include postfix::amavis } } -- cgit v1.2.3 From 127d2972fa0f6a7a971782b0b0b168a6d1b3725c Mon Sep 17 00:00:00 2001 From: intrigeri Date: Wed, 10 Nov 2010 19:25:58 +0100 Subject: Fix documentation to match actual behaviour. --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'README') diff --git a/README b/README index c81554e..fab1db9 100644 --- a/README +++ b/README @@ -6,7 +6,7 @@ A couple of classes will preconfigure postfix for common needs. Config ------ -- set $postfix_use_amavisd="true" to include postfix::amavis +- set $postfix_use_amavisd="yes" to include postfix::amavis == Example: -- cgit v1.2.3 From 8ce9ae825993934113cc24d80428292aaf47b824 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Wed, 10 Nov 2010 21:17:00 +0100 Subject: Add support for managing Postfix TLS policy. --- README | 2 + files/tls_policy.d/.ignore | 0 manifests/classes/postfix-tlspolicy.pp | 68 ++++++++++++++++++++++++++++++ manifests/classes/postfix.pp | 11 +++++ manifests/definitions/tlspolicy_snippet.pp | 47 +++++++++++++++++++++ 5 files changed, 128 insertions(+) create mode 100644 files/tls_policy.d/.ignore create mode 100644 manifests/classes/postfix-tlspolicy.pp create mode 100644 manifests/definitions/tlspolicy_snippet.pp (limited to 'README') diff --git a/README b/README index fab1db9..337193f 100644 --- a/README +++ b/README @@ -7,6 +7,8 @@ A couple of classes will preconfigure postfix for common needs. Config ------ - set $postfix_use_amavisd="yes" to include postfix::amavis +- set $postfix_manage_tls_policy="yes" to manage TLS policy (see + postfix::tlspolicy for details) == Example: diff --git a/files/tls_policy.d/.ignore b/files/tls_policy.d/.ignore new file mode 100644 index 0000000..e69de29 diff --git a/manifests/classes/postfix-tlspolicy.pp b/manifests/classes/postfix-tlspolicy.pp new file mode 100644 index 0000000..30b1f58 --- /dev/null +++ b/manifests/classes/postfix-tlspolicy.pp @@ -0,0 +1,68 @@ +# +# == Class: postfix::tlspolicy +# +# Manages Postfix TLS policy by merging policy snippets shipped: +# - in the module's files/tls_policy.d/ +# - via postfix::tlspolicy_snippet defines +# +# Parameters: +# - $postfix_tls_fingerprint_digest (defaults to sha1) +# +# Example usage: +# +# node "toto.example.com" { +# $postfix_manage_tls_policy = yes +# include postfix +# } +# +class postfix::tlspolicy { + + # Default value for parameters + case $postfix_tls_fingerprint_digest { + "": { $postfix_tls_fingerprint_digest = 'sha1' } + } + + include common::moduledir + module_dir{'postfix/tls_policy': } + + $postfix_tlspolicy_dir = "${common::moduledir::module_dir_path}/postfix/tls_policy" + $postfix_tlspolicy_snippets_dir = "${postfix_tlspolicy_dir}/tls_policy.d" + $postfix_merged_tlspolicy = "${postfix_tlspolicy_dir}/merged_tls_policy" + + file {"$postfix_tlspolicy_snippets_dir": + ensure => 'directory', + owner => 'root', + group => '0', + mode => '700', + source => [ + "puppet:///modules/site-postfix/${fqdn}/tls_policy.d", + "puppet:///modules/site-postfix/tls_policy.d", + "puppet:///modules/postfix/tls_policy.d" + ], + recurse => true, + purge => false, + } + + concatenated_file { "$postfix_merged_tlspolicy": + dir => "${postfix_tlspolicy_snippets_dir}", + require => File["$postfix_tlspolicy_snippets_dir"], + } + + postfix::hash { '/etc/postfix/tls_policy': + source => "$postfix_merged_tlspolicy", + subscribe => File["$postfix_merged_tlspolicy"], + } + + postfix::config { + 'smtp_tls_fingerprint_digest': value => "$postfix_tls_fingerprint_digest"; + } + + postfix::config { 'smtp_tls_policy_maps': + value => 'hash:/etc/postfix/tls_policy', + require => [ + Postfix::Hash['/etc/postfix/tls_policy'], + Postfix::Config['smtp_tls_fingerprint_digest'], + ], + } + +} diff --git a/manifests/classes/postfix.pp b/manifests/classes/postfix.pp index 038f155..3d8ac3a 100644 --- a/manifests/classes/postfix.pp +++ b/manifests/classes/postfix.pp @@ -40,6 +40,9 @@ class postfix { case $root_mail_recipient { "": { $root_mail_recipient = "nobody" } } + case $postfix_manage_tls_policy { + "": { $postfix_manage_tls_policy = "no" } + } case $postfix_use_amavisd { "": { $postfix_use_amavisd = "no" } } @@ -56,6 +59,14 @@ class postfix { "": { $postfix_mastercf_tail = "" } } + # Bootstrap moduledir + include common::moduledir + module_dir{'postfix': } + + # Include optional classes + if $postfix_manage_tls_policy == 'yes' { + include postfix::tlspolicy + } if $postfix_use_amavisd == 'yes' { include postfix::amavis } diff --git a/manifests/definitions/tlspolicy_snippet.pp b/manifests/definitions/tlspolicy_snippet.pp new file mode 100644 index 0000000..2596dbc --- /dev/null +++ b/manifests/definitions/tlspolicy_snippet.pp @@ -0,0 +1,47 @@ +/* +== Definition: postfix::tlspolicy_snippet + +Adds a TLS policy snippets to /etc/postfix/tls_policy.d/. +See the postfix::tlspolicy class for details. + +Parameters: +- *name*: name of destination domain Postfix will lookup. See TLS_README. +- *value*: right-hand part of the tls_policy map +- *ensure*: present/absent, defaults to present. + +Requires: +- Class["postfix"] +- Class["postfix::tlspolicy"] + +Example usage: + + node "toto.example.com" { + $postfix_manage_tls_policy = yes + include postfix + postfix::tlspolicy_snippet { + 'example.com': value => 'encrypt'; + '.example.com': value => 'encrypt'; + 'nothing.com': value => 'fingerprint match=2A:FF:F0:EC:52:04:99:45:73:1B:C2:22:7F:FD:31:6B:8F:07:43:29'; + } + } + +*/ + +define postfix::tlspolicy_snippet ($ensure="present", $value = false) { + + include postfix::tlspolicy + + if ($value == false) and ($ensure == "present") { + fail("The value parameter must be set when using the postfix::tlspolicy_snippet define with ensure=present.") + } + + file { "${postfix::tlspolicy::postfix_tlspolicy_snippets_dir}/${name}": + ensure => "$ensure", + content => "${name} ${value}\n", + mode => 600, + owner => root, + group => 0, + notify => Exec["concat_${postfix::tlspolicy::postfix_merged_tlspolicy}"], + } + +} -- cgit v1.2.3