Version information
This version is compatible with:
- Debian,Ubuntu,RedHat,CentOS
Start using this module
Documentation
Puppet module for postfix
This module provides a set of functions to manage a postfix installation.
WORK IN PROGRESS. DO NOT USE.
Currently supports:
- CentOS 7
- Easy specification of configuration and services.
- LDAP maps
- Optional Amavis, ClamAV
In progress:
- STARTSSL and certificate handling
- OpenDKIM
For example:
class { "postfix":
config_options => {
inet_interfaces => 'all'
},
submission_options => {
cleanup_service_name => 'cleanup_submission'
},
cleanup_options => {
header_checks => "regexp:${postfix::etc_dir}/header_checks.inbound",
mime_header_checks => "regexp:${postfix::etc_dir}/header_checks.inbound",
},
amavis_return_options => {
cleanup_service_name => 'cleanup_internal',
},
}
Class Arguments
-
config_options (default
undef
). A hash of postfix configuration customizations tomain.cf
. -
smtps_options (default
undef
). If defined, enable authenticated users to submit on port 465 using TLS. Add/override the given configuration options on the smtps service inmaster.cf
. -
submission_options (default
undef
). If defined, enable authenticated users to submit mail on port 567 using STARTTLS. Add/override the given configuration options on the submission service inmaster.cf
. -
root_mail_alias (default
undef
). If set, forward all root e-mail to this address. -
amavis_options (default
undef
). If specified, enable Amavis+Clam+SpamAssassin for antivirus and spam protection. Amavis, as a content filter process, deploys two postfix services: a smtp service that sends e-mail to the Amavis daemon for processing, and a smtpd service where amavis returns the processed e-mail for further delivery. This option adds/overrides the given configuration options on the smtp service inmaster.cf
. -
amavis_return_options (default
undef
) Add/override the given configuration options on the amavis smtpd return service in master.cf. Note: amavis is enabled if either of these options is specified.
Defined Types
postfix::configure
Further set configuration variables in main.cf, after the postfix
class is added.
See postfix documentation for descriptions of all variables.
This type takes a single parameter, changes, whose value is a hash of variable → value settings.
postfix::configure {
'example':
changes => {
inet_interfaces => 'all',
myhostname => 'mail.example.com'
}
}
postfix::service
Add a service entry in the master.cf file. The command is represented as an array of arguments that will be joined together. The order of services in master.cf can be adjusted (though it doesn't make any operational difference).
For example:
postfix::service {
'smtp-amavis':
type => 'unix',
chroot => 'n',
maxproc => $amavis_maxproc,
command => 'smtp',
config_options => {
smtp_data_done_timeout => 1800,
smtp_tls_security_level => 'none',
disable_dns_lookups => 'yes',
smtp_send_xforward_command => 'yes',
smtp_bind_address => '127.0.0.1'
}
}
Attributes
- service (default $title).
- type (default 'unix').
- private (default '-').
- unpriv (default '-').
- chroot (default '-').
- wakeup (default '-').
- maxproc (default '-').
- command (required string).
- config_options (default {})
- order (default 50).
See master(5) in the Unix manual for further details.
postfix::ldap_map
A defined type to make it easy to define and use LDAP maps, against a local or remote LDAP directory. For a discussion of the various attributes, see references.
Reference: ldap_table(5), http://www.postfix.org/LDAP_README.html
For example:
# Set some defaults, which will be the same for every ldap map.
Postfix::Ldap_map {
base_dn => $base_dn,
bind_dn => $service_bind_dn,
bind_pw => $service_bind_pw, # ldap map files contain secrets, so are root.root mode 0600
result_attribute => 'mail',
domain_map => 'mydestination',
}
postfix::ldap_map {
'mydestination':
base_dn => $domain_base_dn,
query_filter => '(&(associatedDomain=%s))',
result_attribute => 'associateddomain';
'local_recipient_maps':
query_filter => '(&(|(mail=%s)(alias=%s))(|(objectclass=inetorgperson)(|(objectclass=groupofuniquenames)(objectclass=groupofurls))(|(|(objectclass=groupofuniquenames)(objectclass=groupofurls))(objectclass=kolabsharedfolder))(objectclass=kolabsharedfolder)))';
'transport_maps':
query_filter => '(&(|(mailAlternateAddress=%s)(alias=%s)(mail=%s))(objectclass=inetorgperson))',
result_format => 'lmtp:unix:/var/lib/imap/socket/lmtp';
}
Attributes
- base_dn (required)
- bind_dn (required)
- bind_pw (required)
- query_filter (required)
- result_attribute (required)
- server (default
localhost
) - port (default
389
) - version (default
3
) - scope (default '
sub
') - domain_map (default
undef
) Restrict this map to the domain list returned by another Ldap_map with this title. Require an Ldap_map for the given domain_map. If the domain_map is the same as the title, it is ignored. - result_format (default
undef
) - special_result_attribute (default
undef
) This is the DN attribute for use with groups. If used, the result_attribute is recast as a leaf_result_attribute (that is mildly opinionated, but if an group entry has, for example, both memberDN and mail attributes that'd be weird). - map_file (default is sensible)
This is where the ldap map definition file is written.
The default is system dependent, based on
${name}
. For example, on CentOS,/etc/postfix/ldap/${name}.cf
. - configuration_variable (default
$name
) Add a configuration variable to main.cf pointing to this map. To prevent this, setconfiguration_variable
toundef
. - map_list (default
[]
) Additional maps to add following this map.
Copyright 2016 Brad2014
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Dependencies
- puppetlabs/concat (>= 2.2.0 < 3.0.0)
- puppetlabs/stdlib (>= 4.2.0 < 5.0.0)