aboutsummaryrefslogtreecommitdiff
path: root/README
blob: b085c064c959773d329bb440ea034da0a5892d02 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
= Postfix Puppet module

This module will help install and configure postfix.

A couple of classes will preconfigure postfix for common needs.

This module needs:

- the concat module: git://labs.riseup.net/shared-concat

Config
------
- set $postfix_use_amavisd="yes" to include postfix::amavis
- set $postfix_anon_sasl="yes" to hide the originating IP in email
  relayed for an authenticated SASL client; this needs Postfix
  2.3 or later to work; beware! Postfix logs the header replacement
  has been done, which means that you are storing this information,
  unless you are anonymizing your logs.
- set $postfix_manage_header_checks="yes" to manage header checks (see
  postfix::header_checks for details)
- set $postfix_manage_tls_policy="yes" to manage TLS policy (see
  postfix::tlspolicy for details)
- by default, postfix will bind to all interfaces, but sometimes you don't want
  that. To bind to specific interfaces, use the $postfix_inet_interfaces
  variable and set it to exactly what would be in the main.cf file.
- some hosts have weird-looking host names (dedicated servers and VPSes). To
  set the server's domain of origin, set the $postfix_myorigin value

== Example:

  include postfix

  postfix::config { "relay_domains": value  => "localhost host.foo.com" }

Deprecation notice
------------------

It used to be that one could drop header checks snippets into the
following source directories:

   "puppet:///modules/site-postfix/${fqdn}/header_checks.d"
   "puppet:///modules/site-postfix/header_checks.d"
   "puppet:///files/etc/postfix/header_checks.d"
   "puppet:///modules/postfix/header_checks.d"

... and TLS policy snippets into those:

   "puppet:///modules/site-postfix/${fqdn}/tls_policy.d"
   "puppet:///modules/site-postfix/tls_policy.d"
   "puppet:///modules/postfix/tls_policy.d"

This is not supported anymore.

Every such snippet much now be configured using the (respectively)
postfix::header_checks_snippet and postfix::tlspolicy_snippet defines.