Forge Home


Installs, configures, and manages postfix installation.




5,754 latest version

4.2 quality score

Version information

  • 0.1.2 (deleted)
  • 0.1.1 (latest)
  • 0.1.0
released Aug 4th 2016
This version is compatible with:
  • Debian

Start using this module


brad2014/postfix — version 0.1.1 Aug 4th 2016

Puppet module for postfix

This module provides a set of functions to manage a postfix installation.


Currently supports:

  • CentOS 7
  • Easy specification of configuration and services.
  • LDAP maps
  • Optional Amavis, ClamAV

In progress:

  • STARTSSL and certificate handling
  • OpenDKIM

For example:

class { "postfix":
  config_options => {
    inet_interfaces => 'all'
  submission_options => {
    cleanup_service_name => 'cleanup_submission'
  cleanup_options => {
    header_checks => "regexp:${postfix::etc_dir}/header_checks.inbound",
    mime_header_checks => "regexp:${postfix::etc_dir}/header_checks.inbound",
  amavis_return_options => {
    cleanup_service_name => 'cleanup_internal',

Class Arguments

  • config_options (default undef). A hash of postfix configuration customizations to

  • smtps_options (default undef). If defined, enable authenticated users to submit on port 465 using TLS. Add/override the given configuration options on the smtps service in

  • submission_options (default undef). If defined, enable authenticated users to submit mail on port 567 using STARTTLS. Add/override the given configuration options on the submission service in

  • root_mail_alias (default undef). If set, forward all root e-mail to this address.

  • amavis_options (default undef). If specified, enable Amavis+Clam+SpamAssassin for antivirus and spam protection. Amavis, as a content filter process, deploys two postfix services: a smtp service that sends e-mail to the Amavis daemon for processing, and a smtpd service where amavis returns the processed e-mail for further delivery. This option adds/overrides the given configuration options on the smtp service in

  • amavis_return_options (default undef) Add/override the given configuration options on the amavis smtpd return service in Note: amavis is enabled if either of these options is specified.

Defined Types


Further set configuration variables in, after the postfix class is added. See postfix documentation for descriptions of all variables. This type takes a single parameter, changes, whose value is a hash of variable → value settings.

postfix::configure {
    changes => {
      inet_interfaces => 'all',
      myhostname => ''


Add a service entry in the file. The command is represented as an array of arguments that will be joined together. The order of services in can be adjusted (though it doesn't make any operational difference).

For example:

postfix::service {
    type => 'unix',
    chroot => 'n',
    maxproc => $amavis_maxproc,
    command => 'smtp',
    config_options => {
      smtp_data_done_timeout => 1800,
      smtp_tls_security_level => 'none',
      disable_dns_lookups => 'yes',
      smtp_send_xforward_command => 'yes',
      smtp_bind_address => ''


  • service (default $title).
  • type (default 'unix').
  • private (default '-').
  • unpriv (default '-').
  • chroot (default '-').
  • wakeup (default '-').
  • maxproc (default '-').
  • command (required string).
  • config_options (default {})
  • order (default 50).

See master(5) in the Unix manual for further details.


A defined type to make it easy to define and use LDAP maps, against a local or remote LDAP directory. For a discussion of the various attributes, see references.

Reference: ldap_table(5),

For example:

# Set some defaults, which will be the same for every ldap map.
Postfix::Ldap_map {
  base_dn => $base_dn,
  bind_dn => $service_bind_dn,
  bind_pw => $service_bind_pw,  # ldap map files contain secrets, so are root.root mode 0600
  result_attribute => 'mail',
  domain_map => 'mydestination',

postfix::ldap_map {
    base_dn => $domain_base_dn,
    query_filter => '(&(associatedDomain=%s))',
    result_attribute => 'associateddomain';
    query_filter => '(&(|(mail=%s)(alias=%s))(|(objectclass=inetorgperson)(|(objectclass=groupofuniquenames)(objectclass=groupofurls))(|(|(objectclass=groupofuniquenames)(objectclass=groupofurls))(objectclass=kolabsharedfolder))(objectclass=kolabsharedfolder)))';
    query_filter => '(&(|(mailAlternateAddress=%s)(alias=%s)(mail=%s))(objectclass=inetorgperson))',
    result_format => 'lmtp:unix:/var/lib/imap/socket/lmtp';


  • base_dn (required)
  • bind_dn (required)
  • bind_pw (required)
  • query_filter (required)
  • result_attribute (required)
  • server (default localhost)
  • port (default 389)
  • version (default 3)
  • scope (default 'sub')
  • domain_map (default undef) Restrict this map to the domain list returned by another Ldap_map with this title. Require an Ldap_map for the given domain_map. If the domain_map is the same as the title, it is ignored.
  • result_format (default undef)
  • special_result_attribute (default undef) This is the DN attribute for use with groups. If used, the result_attribute is recast as a leaf_result_attribute (that is mildly opinionated, but if an group entry has, for example, both memberDN and mail attributes that'd be weird).
  • map_file (default is sensible) This is where the ldap map definition file is written. The default is system dependent, based on ${name}. For example, on CentOS, /etc/postfix/ldap/${name}.cf.
  • configuration_variable (default $name) Add a configuration variable to pointing to this map. To prevent this, set configuration_variable to undef.
  • map_list (default []) Additional maps to add following this map.

Copyright 2016 Brad2014

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.