postfix

pdk
Puppet Module for managing Postfix

Matt Dainty

bodgit

18,096 downloads

1,031 latest version

5.0 quality score

Version information

  • 3.0.1 (latest)
  • 3.0.0
  • 2.0.0
  • 1.0.2
  • 1.0.1
  • 1.0.0
released Nov 8th 2020
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x
  • Puppet >=5.5.10 <7.0.0
  • RedHat
    ,
    CentOS
    ,
    OracleLinux
    ,
    Scientific

Start using this module

Tags: postfix, smtp

Documentation

bodgit/postfix — version 3.0.1 Nov 8th 2020

postfix

Build Status Codecov Puppet Forge version Puppet Forge downloads Puppet Forge - PDK version

Table of Contents

  1. Description
  2. Setup - The basics of getting started with postfix
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module

Description

This module manages Postfix.

CentOS, RHEL, Scientific and Oracle Enterprise Linux is supported using Puppet 5 or later.

Setup

Beginning with postfix

Configure Postfix with the defaults as shipped by the OS and managing any aliases using the standard Puppet mailalias resource type:

include ::postfix

::postfix::lookup::database { '/etc/aliases':
  type => 'hash',
}

Mailalias <||> -> ::Postfix::Lookup::Database['/etc/aliases']

Usage

Configure Postfix with an additional submission service running on TCP port 587:

include ::postfix

::postfix::master { 'submission/inet':
  private => 'n',
  chroot  => 'n',
  command => 'smtpd -o smtpd_tls_security_level=encrypt -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject',
}

Configure Postfix for virtual mailbox hosting using LDAP to provide the various lookup tables:

class { '::postfix':
  virtual_mailbox_base    => '/var/mail/vhosts',
  virtual_mailbox_domains => ['ldap:/etc/postfix/virtualdomains.cf'],
  virtual_mailbox_maps    => ['ldap:/etc/postfix/virtualrecipients.cf'],
  virtual_minimum_uid     => 100,
  virtual_uid_maps        => 'static:5000',
  virtual_gid_maps        => 'static:5000',
}

# Specify connection defaults to enable sharing as per LDAP_README
Postfix::Lookup::Ldap {
  server_host => ['ldap://192.0.2.1'],
  search_base => 'dc=example,dc=com',
  bind_dn     => 'cn=Manager,dc=example,dc=com',
  bind_pw     => 'secret',
  version     => 3,
}

::postfix::lookup::ldap { '/etc/postfix/virtualdomains.cf':
  query_filter     => '(associatedDomain=%s)',
  result_attribute => ['associatedDomain'],
}

::postfix::lookup::ldap { '/etc/postfix/virtualrecipients.cf':
  query_filter     => '(mail=%s)',
  result_attribute => ['mail'],
}

Extend the above example to use dovecot-lda(1) instead of virtual(8):

include ::dovecot

class { '::postfix':
  virtual_transport       => 'dovecot'
  virtual_mailbox_domains => ['ldap:/etc/postfix/virtualdomains.cf'],
  virtual_mailbox_maps    => ['ldap:/etc/postfix/virtualrecipients.cf'],
}

::postfix::main { 'dovecot_destination_recipient_limit':
  value => 1,
}

::postfix::master { 'dovecot/unix':
  chroot       => 'n',
  command      => 'pipe flags=DRhu user=vmail:vmail argv=/path/to/dovecot-lda -f ${sender} -d ${recipient}',
  unprivileged => 'n',
  require      => Class['::dovecot'],
}

# Specify connection defaults to enable sharing as per LDAP_README
Postfix::Lookup::Ldap {
  server_host => ['ldap://192.0.2.1'],
  search_base => 'dc=example,dc=com',
  bind_dn     => 'cn=Manager,dc=example,dc=com',
  bind_pw     => 'secret',
  version     => 3,
}

::postfix::lookup::ldap { '/etc/postfix/virtualdomains.cf':
  query_filter     => '(associatedDomain=%s)',
  result_attribute => ['associatedDomain'],
}

::postfix::lookup::ldap { '/etc/postfix/virtualrecipients.cf':
  query_filter     => '(mail=%s)',
  result_attribute => ['mail'],
}

Reference

The reference documentation is generated with puppet-strings and the latest version of the documentation is hosted at https://bodgit.github.io/puppet-postfix/ and available also in the REFERENCE.md.

Limitations

This module takes the (somewhat laborious) approach of creating parameters for each main.cf setting rather than just pass in a large hash of settings, which should result in more control.

The only settings deliberately excluded are the following:

  • ${transport}_delivery_slot_cost
  • ${transport}_delivery_slot_discount
  • ${transport}_delivery_slot_loan
  • ${transport}_destination_concurrency_failed_cohort_limit
  • ${transport}_destination_concurrency_limit
  • ${transport}_destination_concurrency_negative_feedback
  • ${transport}_destination_concurrency_positive_feedback
  • ${transport}_destination_rate_delay
  • ${transport}_destination_recipient_limit
  • ${transport}_extra_recipient_limit
  • ${transport}_minimum_delivery_slots
  • ${transport}_recipient_limit
  • ${transport}_recipient_refill_delay
  • ${transport}_recipient_refill_limit

For these, use the postfix::main defined type.

Because Postfix allows you to recursively define parameters in terms of other parameters it makes validating values impossible unless that convention is forbidden. Currently this module allows recursive parameter expansion and so only validates that values are either strings or arrays (of strings).

Any setting that accepts a boolean yes/no value also accepts native Puppet boolean values. Any multi-valued setting accepts an array of values.

For referring to other settings, ensure that the $ is escaped appropriately using either \ or '' to prevent Puppet expanding the variable itself.

This module has been built on and tested against Puppet 5 and higher.

The module has been tested on:

  • Red Hat/CentOS Enterprise Linux 6/7

Development

The module relies on PDK and has both rspec-puppet and beaker-rspec tests. Run them with:

$ bundle exec rake spec
$ PUPPET_INSTALL_TYPE=agent PUPPET_INSTALL_VERSION=x.y.z bundle exec rake beaker:<nodeset>

Please log issues or pull requests at github.