Forge Home


Configure the postfix mailserver


5,498 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.0.2 (latest)
  • 1.0.1
  • 1.0.0
  • 0.2.1
  • 0.2.0
released Oct 28th 2018
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.4.x
  • Puppet >= 4.9.0 < 6.0.0
  • FreeBSD, ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'oxc-postfix', '1.0.2'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add oxc-postfix
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install oxc-postfix --version 1.0.2

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



oxc/postfix — version 1.0.2 Oct 28th 2018

postfix module for Puppet

Build Status Coverage Status

Table of Contents

  1. Description
  2. Setup - The basics of getting started with postfix
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations


Puppet module to manage your postfix installation. Manage settings and entries by postconf backed native types. Both types include support for multiple postfix instances. The postfix instances can be managed with a native type too.


Setup Requirements

This module requires pluginsync to be enabled to sync the type/provider to the agent.


The easiest way to use this module is to specify all desired configuration in Hiera. Here is a close-to-real-life example:

  alias_database: hash:/etc/aliases
  alias_maps: hash:/etc/aliases
  append_dot_mydomain: no
  biff: no
  inet_protocols: all
  inet_interfaces: all
  mydestination: '$myhostname, localdomain, localhost'
  myorigin: '$mydomain'
    - ''
    - ''
    - '[::ffff:]/104'
    - '[::1]/128'
  readme_directory: no
  recipient_delimiter: +
  smtpd_banner: '$myhostname ESMTP $mail_name'
    - permit_mynetworks
    - permit_sasl_authenticated
    - defer_unauth_destination
  smtpd_use_tls: yes
  smtpd_tls_cert_file: &postfix_cert /etc/postfix/ssl/postfix.crt
  smtpd_tls_key_file: &postfix_key /etc/postfix/ssl/postfix.key
  smtpd_sasl_auth_enable: no # only enable for mandatory tls ports
  smtpd_sasl_type: dovecot
  smtpd_sasl_path: private/auth
  # sasl only encrypted
  smtpd_tls_auth_only: yes
  smtpd_tls_security_level: may
  virtual_transport: 'lmtp:unix:private/dovecot-lmtp'
  milter_protocol: 6
  common_milters: >-
    { inet:localhost:11332,
    default_action=accept }
  smtpd_milters: '$common_milters'
  non_smtpd_milters: '$common_milters'
  milter_mail_macros: i {mail_addr} {client_addr} {client_name} {auth_authen}

  # merged with the defaults defined in data/modules/postfix.yaml
  smtps/inet: { ensure: present }
  submission/inet: { ensure: present }

This will create postconf and postconf_master resources for each setting. The resource types can also be used directly as described below.

Generating default entries

In order to generate the default postconf_master hiera entries needed to run postfix, you can use the provided master2hierayaml.rb script:

scripts/master2hierayaml.rb /usr/share/doc/postfix/defaults/ > data/modules/postfix.yaml

It will try to parse active as well as commented entries and lines, and output warnings to stderr if it fails to do so. However, check the output carefully, otherwise you might end up with a non-working mail system.

Purging unmanaged entries

By default, this module will warn about unmanaged config entries in any managed and, but not remove them. To enable purging of those resources, set purge_main and purge_master to true:

postfix::purge_main: true
postfix::purge_master: true




The postconf type enables you to set or rest postconf parameters.

  postconf { 'myhostname':
    value => '',

The config_dir param allows you to manage different postfix instances and the parameter param allows you to define the postconf parameter independently from the resource name.

  postconf { 'myhostname':
    value => '',

  postconf { 'foo:myhostname':
    parameter  => 'myhostname',
    config_dir => '/etc/postfix-foo',
    value      => '',


The postconf_master type enables you to manage the entries.

  postconf_master { 'mytransport/unix':
    command => 'smtp',

The config_dir param allows you to manage different postfix instances and the service and type param allows you to define the postconf_master service/type independently from the resource name.

  postconf_master { 'mytransport/unix':
    command => 'smtp',

  postconf_master { 'foo:mytransport/unix':
    service    => 'mytransport',
    type       => 'unix',
    config_dir => '/etc/postfix-foo',
    command    => 'smtp',


The postmulti type allows you to create, de/activate and destroy postfix postmulti instances with pupppet.

By default ensure is set to active but can be set to inactive or absent respectively to deactivate or remove an postmulti instance.

As the postmulti the resource name must begin with postfix-.

  postmulti { 'postfix-out': }


Known Issues

  • The postfix version of el7 does not support postconf_master. An alternative version is available from the IUS Community Project.