Forge Home

postfix

postfix management - relay or multidomain mailserver

12,148 downloads

4,934 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 0.2.41 (latest)
  • 0.2.39
  • 0.2.38
  • 0.2.32
  • 0.2.29
  • 0.2.25
released Dec 13th 2019
This version is compatible with:
  • Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 3.8.0
  • , , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'eyp-postfix', '0.2.41'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add eyp-postfix
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install eyp-postfix --version 0.2.41

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

eyp/postfix — version 0.2.41 Dec 13th 2019

postfix status ready

Table of Contents

  1. Overview
  2. Module Description
  3. Setup
  4. Usage
  5. Reference
  6. Limitations
  7. Development

Overview

postfix configuration management

Module Description

postfix setup and configuration, can be configured to act like a simple mail relay or a multidomain mailserver

Setup

What postfix affects

  • /etc/postfix/main.cf
  • package management
  • service management
  • purges packages for other MTA on CentOS and switches to postfix on Ubunut 14.04

Setup Requirements

This module requires pluginsync enabled and eyp-dovecot (it is required to be able to setup IMAP for the mailserver: postfix::vmail)

Beginning with postfix

basic setup:

class { 'postfix':
  inetinterfaces => 'localhost',
}

mail relay:

class { 'postfix':
  inetinterfaces => 'all',
  relayhost      => '1.2.3.4',
  mynetworks     => [ '127.0.0.1/32', '1.1.1.1/32' ],
}

multidomain mail server

class { 'postfix': }

class { 'postfix::vmail': }

postfix::vmail::alias { 'example@systemadmin.es':
  aliasto => [ 'exemple@systemadmin.es' ],
}

postfix::vmail::account { 'example@systemadmin.es':
  accountname => 'example',
  domain      => 'systemadmin.es',
  password    => 'secretpassw0rd',
}

postfix::vmail::account { 'silvia@systemadmin.es':
  accountname => 'silvia',
  domain      => 'systemadmin.es',
  password    => 'secretpassw0rd2',
}

postfix::vmail::account { 'marc@systemadmin.es':
  accountname => 'marc',
  domain      => 'systemadmin.es',
  password    => 'secretpassw0rd3',
}

Usage

This module can be used to configure postfix to relay mails to another server or to have virtual mailboxes (multidomain/multiaccount).

To setup opportunistic TLS with custom certificates:

    class { 'postfix':
        opportunistictls => true,
        tlscert          => 'puppet:///openldap/masterauth/ldap-master-01.crt',
        tlspk            => 'puppet:///openldap/masterauth/ldap-master-01.key.pem',
    }

To setup opportunistic TLS with selfsigned certificate:

    class { 'postfix':
        opportunistictls  => true,
        subjectselfsigned => '/C=ES/ST=Barcelona/L=Barcelona/O=systemadmin.es/CN=systemadmin.es',
        generatecert      => true,
    }

Mailserver with contentfilter (amavis)

# Mailserver
class { 'postfix': }

class { 'postfix::vmail': }

postfix::vmail::account { 'merda@merda.com':
  accountname => 'merda',
  domain      => 'merda.com',
  password    => 'putamerda',
}

class { 'postfix::contentfilter':
}

multiple smtp outbound instances:

postfix::instance { 'out_domain1':
  type    => 'unix',
  chroot  => 'n',
  command => 'smtp',
  opts    => { 'smtp_bind_address' => '1.1.1.1',
               'smtp_helo_name' => 'systemadmin.es',
               'syslog_name' => 'postfix-systemadmin.es',
             }
}

postfix::instance { 'out_domain2':
  type    => 'unix',
  chroot  => 'n',
  command => 'smtp',
  opts    => { 'smtp_bind_address' => '1.2.2.2',
               'smtp_helo_name' => 'sysadmins.es',
               'syslog_name' => 'postfix-sysadmins.es',
             }
}

blackhole domain or account (to be able to blackhole a domain it requires postfix::vmail):

postfix::alias { 'blackhole':
  to => '/dev/null',
}

postfix::vmail::alias { '@blackhole.com':
  aliasto => [ 'blackhole@' ],
}

log example:

# echo a | mail -s caca blackhole@

Nov 29 12:33:03 ldapm postfix/pickup[16927]: 51876A105B: uid=0 from=<root>
Nov 29 12:33:03 ldapm postfix/cleanup[16995]: 51876A105B: message-id=<20161129113303.51876A105B@ldapm>
Nov 29 12:33:03 ldapm postfix/qmgr[16928]: 51876A105B: from=<root@vm.vm>, size=384, nrcpt=1 (queue active)
Nov 29 12:33:03 ldapm postfix/local[16997]: 51876A105B: to=<blackhole@ldapm>, orig_to=<blackhole@>, relay=local, delay=0.09, delays=0.07/0.03/0/0, dsn=2.0.0, status=sent (delivered to file: /dev/null)
Nov 29 12:33:03 ldapm postfix/qmgr[16928]: 51876A105B: removed

# echo a | mail -s caca dsadadas@blackhole.com

Nov 29 12:33:10 ldapm postfix/pickup[16927]: 70BA8A105B: uid=0 from=<root>
Nov 29 12:33:10 ldapm postfix/cleanup[16995]: 70BA8A105B: message-id=<20161129113310.70BA8A105B@ldapm>
Nov 29 12:33:10 ldapm postfix/qmgr[16928]: 70BA8A105B: from=<root@vm.vm>, size=396, nrcpt=1 (queue active)
Nov 29 12:33:10 ldapm postfix/local[16997]: 70BA8A105B: to=<blackhole@ldapm>, orig_to=<dsadadas@blackhole.com>, relay=local, delay=0.03, delays=0.02/0/0/0, dsn=2.0.0, status=sent (delivered to file: /dev/null)
Nov 29 12:33:10 ldapm postfix/qmgr[16928]: 70BA8A105B: removed

multiple inbound email instances:

class { 'postfix':
  inetinterfaces    => 'all',
  mynetworks        => [ '127.0.0.1/32' ],
  myhostname        => 'smtp3.systemadmin.es',
  smtpdbanner       => 'smtp3.systemadmin.es ESMTP',
  opportunistictls  => true,
  subjectselfsigned => '/C=UK/ST=Shropshire/L=Telford/O=systemadmin/CN=smtp3.systemadmin.es',
  generatecert      => true,
  syslog_name       => 'private',
}

class { 'postfix::vmail': }

postfix::vmail::account { 'systemadmin@systemadmin.es':
  accountname => 'systemadmin',
  domain      => 'systemadmin.com',
  password    => 'systemadmin_secret_passw0rd',
}

postfix::instance { '0.0.0.0:2525':
  type    => 'inet',
  private => 'n',
  chroot  => 'n',
  command => 'smtpd',
  opts    => {
              'content_filter'               => '',
              'smtpd_helo_restrictions'      => '',
              'smtpd_sender_restrictions'    => '',
              'smtpd_recipient_restrictions' => 'permit_mynetworks,reject',
              'mynetworks'                   => '127.0.0.0/8,10.0.2.15/32',
              'receive_override_options'     => 'no_header_body_checks',
              'smtpd_helo_required'          => 'no',
              'smtpd_client_restrictions'    => '',
              'smtpd_restriction_classes'    => '',
              'disable_vrfy_command'         => 'no',
              #'strict_rfc821_envelopes'      => 'yes',
              'smtpd_sasl_auth_enable'       => 'no',
              'syslog_name'                                  => 'public',
            },
  order   => '99',
}

Reference

postfix

Most variables are standard postfix variables, please refer to postfix documentation:

  • append_dot_mydomain

  • biff

  • inetinterfaces

  • ipv6

  • mail_spool_directory

  • mydestination

  • mydomain

  • myhostname

  • mynetworks

  • myorigin

  • readme_directory

  • recipient_delimiter

  • relayhost

  • smtp_fallback_relay

  • smtpdbanner

  • install_mailclient

  • default_process_limit

  • smtpd_client_connection_count_limit

  • smtpd_client_connection_rate_limit

  • in_flow_delay

  • setgid_group

  • (...)

  • install_mailclient: controls if a mail client should be installed (default: true)

SSL certificates:

  • opportunistictls: controls Opportunistic TLS (default: false)
  • generatecert: controls if a selfsigned certificate is generated for this postfix instance (default: true)
  • tlscert: source cert file - generatecert must be false
  • tlspk: source private key - generatecert must be false
  • subjectselfsigned subject for a selfsigned certificate - generatecert must be true. example: '/C=RC/ST=Barcelona/L=Barcelona/O=systemadmin.es/CN=systemadmin.es',

postfix::transport

bounce a specific domain:

postfix::transport { 'example.com':
  error => 'email to this domain is not allowed',
}

SMTP route:

postfix::transport { 'example.com':
  nexthop => '1.1.1.1',
}

postfix::vmail

  • mailbox_base: (default: /var/vmail)
  • setup_dovecot: (default: true)
  • smtpd_recipient_restrictions (default: permit_inet_interfaces,permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination)
  • smtpd_relay_restrictions (default: permit_inet_interfaces,permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination)

postfix::vmail::acount

postfix::vmail::account { 'silvia@systemadmin.es':
  accountname => 'silvia',
  domain      => 'systemadmin.es',
  password    => 'secretpassw0rd2',
}

postfix::vmail::alias

postfix::vmail::alias { 'example@systemadmin.es':
  aliasto => [ 'exemple@systemadmin.es' ],
}

Limitations

Tested on:

  • CentOS 5
  • CentOS 6
  • CentOS 7
  • Ubuntu 14.04
  • Ubuntu 16.04
  • SLES 11 SP3

Development

We are pushing to have acceptance testing in place, so any new feature should have some test to check both presence and absence of any feature

TODO

  • improve documentation (multidoamin mailserver is not yet covered)
  • SQLite support (was added with Postfix version 2.8)
  • add requires for postmap operations and rewrite it to use ${postfix::params::baseconf}

Contributing

  1. Fork it using the development fork: jordiprats/eyp-systemd
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request