Forge Home

postfix

Puppet Module for managing Postfix

21,888 downloads

1,038 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 3.1.2 (latest)
  • 3.1.1
  • 3.1.0
  • 3.0.1
  • 3.0.0
  • 2.0.0
  • 1.0.2
  • 1.0.1
  • 1.0.0
released Dec 16th 2021
This version is compatible with:
  • Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x
  • Puppet >=5.5.10 <8.0.0
  • , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'bodgit-postfix', '3.1.2'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add bodgit-postfix
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install bodgit-postfix --version 3.1.2

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: postfix, smtp

Documentation

bodgit/postfix — version 3.1.2 Dec 16th 2021

postfix

Build Status Codecov Puppet Forge version Puppet Forge downloads Puppet Forge - PDK version

Table of Contents

  1. Description
  2. Setup - The basics of getting started with postfix
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module

Description

This module manages Postfix.

CentOS, RHEL, Scientific and Oracle Enterprise Linux is supported using Puppet 5 or later.

Setup

Beginning with postfix

Configure Postfix with the defaults as shipped by the OS and managing any aliases using the standard Puppet mailalias resource type:

include postfix

postfix::lookup::database { '/etc/aliases':
  type => 'hash',
}

Mailalias <||> -> Postfix::Lookup::Database['/etc/aliases']

Usage

Configure Postfix with an additional submission service running on TCP port 587:

include postfix

postfix::master { 'submission/inet':
  private => 'n',
  chroot  => 'n',
  command => 'smtpd -o smtpd_tls_security_level=encrypt -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject',
}

Configure Postfix for virtual mailbox hosting using LDAP to provide the various lookup tables:

class { 'postfix':
  virtual_mailbox_base    => '/var/mail/vhosts',
  virtual_mailbox_domains => ['ldap:/etc/postfix/virtualdomains.cf'],
  virtual_mailbox_maps    => ['ldap:/etc/postfix/virtualrecipients.cf'],
  virtual_minimum_uid     => 100,
  virtual_uid_maps        => 'static:5000',
  virtual_gid_maps        => 'static:5000',
}

# Specify connection defaults to enable sharing as per LDAP_README
Postfix::Lookup::Ldap {
  server_host => ['ldap://192.0.2.1'],
  search_base => 'dc=example,dc=com',
  bind_dn     => 'cn=Manager,dc=example,dc=com',
  bind_pw     => 'secret',
  version     => 3,
}

postfix::lookup::ldap { '/etc/postfix/virtualdomains.cf':
  query_filter     => '(associatedDomain=%s)',
  result_attribute => ['associatedDomain'],
}

postfix::lookup::ldap { '/etc/postfix/virtualrecipients.cf':
  query_filter     => '(mail=%s)',
  result_attribute => ['mail'],
}

Extend the above example to use dovecot-lda(1) instead of virtual(8):

include dovecot

class { 'postfix':
  virtual_transport       => 'dovecot'
  virtual_mailbox_domains => ['ldap:/etc/postfix/virtualdomains.cf'],
  virtual_mailbox_maps    => ['ldap:/etc/postfix/virtualrecipients.cf'],
}

postfix::main { 'dovecot_destination_recipient_limit':
  value => 1,
}

postfix::master { 'dovecot/unix':
  chroot       => 'n',
  command      => 'pipe flags=DRhu user=vmail:vmail argv=/path/to/dovecot-lda -f ${sender} -d ${recipient}',
  unprivileged => 'n',
  require      => Class['dovecot'],
}

# Specify connection defaults to enable sharing as per LDAP_README
Postfix::Lookup::Ldap {
  server_host => ['ldap://192.0.2.1'],
  search_base => 'dc=example,dc=com',
  bind_dn     => 'cn=Manager,dc=example,dc=com',
  bind_pw     => 'secret',
  version     => 3,
}

postfix::lookup::ldap { '/etc/postfix/virtualdomains.cf':
  query_filter     => '(associatedDomain=%s)',
  result_attribute => ['associatedDomain'],
}

postfix::lookup::ldap { '/etc/postfix/virtualrecipients.cf':
  query_filter     => '(mail=%s)',
  result_attribute => ['mail'],
}

Reference

The reference documentation is generated with puppet-strings and the latest version of the documentation is hosted at https://bodgit.github.io/puppet-postfix/ and available also in the REFERENCE.md.

Limitations

This module takes the (somewhat laborious) approach of creating parameters for each main.cf setting rather than just pass in a large hash of settings, which should result in more control.

The only settings deliberately excluded are the following:

  • ${transport}_delivery_slot_cost
  • ${transport}_delivery_slot_discount
  • ${transport}_delivery_slot_loan
  • ${transport}_destination_concurrency_failed_cohort_limit
  • ${transport}_destination_concurrency_limit
  • ${transport}_destination_concurrency_negative_feedback
  • ${transport}_destination_concurrency_positive_feedback
  • ${transport}_destination_rate_delay
  • ${transport}_destination_recipient_limit
  • ${transport}_extra_recipient_limit
  • ${transport}_minimum_delivery_slots
  • ${transport}_recipient_limit
  • ${transport}_recipient_refill_delay
  • ${transport}_recipient_refill_limit

For these, use the postfix::main defined type.

Because Postfix allows you to recursively define parameters in terms of other parameters it makes validating values impossible unless that convention is forbidden. Currently this module allows recursive parameter expansion and so only validates that values are either strings or arrays (of strings).

Any setting that accepts a boolean yes/no value also accepts native Puppet boolean values. Any multi-valued setting accepts an array of values.

For referring to other settings, ensure that the $ is escaped appropriately using either \ or '' to prevent Puppet expanding the variable itself.

This module has been built on and tested against Puppet 5 and higher.

The module has been tested on:

  • Red Hat/CentOS Enterprise Linux 6/7/8

Development

The module relies on PDK and has both rspec-puppet and Litmus tests. Run them with:

$ bundle exec rake spec
$ bundle exec rake litmus:*

Please log issues or pull requests at github.