postfix
Postfix Mail Transport agent module supporting multiple instances based on (and compatible with) the most famous thias/postfix module.
Version information
released Jan 15th 2016
Start using this module
Add this module to your Puppetfile:
mod 'yarikdot-postfix', '0.4.1'
Learn more about managing modules with a PuppetfileDocumentation
yarikdot/postfix — version 0.4.1 Jan 15th 2016
puppet-postfix
Initial though
Feel free to send me a pull request or just open an issue if you need to update anything.
Goal
Manage multiple postfix instances.
This plugin is extended version of https://github.com/thias/puppet-postfix and it is backwards compatible!
Original plugin usage example
postfix::dbfile
: Manage Postfix DB configuration filespostfix::file
: Manage flat text Postfix configuration filespostfix::server
: Manage the main Postfix instance
class { '::postfix::server':
myhostname => 'mx1.example.com',
mydomain => 'example.com',
mydestination => "\$myhostname, localhost.\$mydomain, localhost, $fqdn",
inet_interfaces => 'all',
message_size_limit => '15360000', # 15MB
mail_name => 'example mail daemon',
virtual_mailbox_domains => [
'proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf',
],
virtual_alias_maps => [
'proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf',
'proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf',
'proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf',
],
virtual_transport => 'dovecot',
# if you want dovecot to deliver user+foo@example.org to user@example.org,
# uncomment this: (c.f. http://wiki2.dovecot.org/LDA/Postfix#Virtual_users)
# dovecot_destination => '${user}@${nexthop}',
smtpd_sender_restrictions => [
'permit_mynetworks',
'reject_unknown_sender_domain',
],
smtpd_recipient_restrictions => [
'permit_sasl_authenticated',
'permit_mynetworks',
'reject_unauth_destination',
],
smtpd_sasl_auth => true,
sender_canonical_maps => 'regexp:/etc/postfix/sender_canonical',
ssl => 'wildcard.example.com',
submission => true,
header_checks => [
'# Remove LAN (Webmail) headers',
'/^Received: from .*\.example\.ici/ IGNORE',
'# Sh*tlist',
'/^From: .*@(example\.com|example\.net)/ REJECT Spam, go away',
'/^From: .*@(lcfnl\.com|.*\.cson4\.com|.*\.idep4\.com|.*\.gagc4\.com)/ REJECT user unknown',
],
postgrey => true,
spamassassin => true,
sa_skip_rbl_checks => '0',
spampd_children => '4',
# Send all emails to spampd on 10026
smtp_content_filter => 'smtp:127.0.0.1:10026',
# This is where we get emails back from spampd
master_services => [ '127.0.0.1:10027 inet n - n - 20 smtpd'],
}
The most common parameters are supported as parameters to the postfix::server
class, but any other ones may be added using the $extra_main_parameters
hash
parameter, to which keys are main.cf
parameter names and values can be either
a value string or array of strings.
Example :
class { '::postfix::server':
extra_main_parameters => {
'virtual_mailbox_lock' => [
'fcntl',
'dotlock',
],
virtual_minimum_uid => '1000',
},
}
Mutli-instance example
include ::postfix::params
class { '::postfix::install':
mysql => true,
}
# Default instance as a null-client
postfix::instance { 'default':
myhostname => $fqdn,
mydomain => $fqdn,
myorigin => $fqdn,
mydestination => "$fqdn, localhost",
message_size_limit => '15360000',
master_service_disable => 'inet',
# default_database_type = cdb
# indexed = ${default_database_type}:${config_directory}/
}
# Relay server using dovecot as a backend
postfix::instance { 'out':
myhostname => $fqdn,
mydestination => 'localhost',
message_size_limit => '15360000',
smtpd_banner => '$myhostname ESMTP $mail_name (Debian/GNU)',
inet_interfaces => 'all',
relayhost => '',
mynetworks => '127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128',
myorigin => $fqdn,
smtpd_sasl_type => 'dovecot',
smtpd_sasl_path => 'inet:127.0.0.1:10002',
smtpd_client_restrictions => [ 'permit_sasl_authenticated', 'reject' ],
smtpd_recipient_restrictions => [ 'permit_sasl_authenticated', 'permit_mynetworks', 'reject_unauth_destination' ],
readme_directory => 'no',
mailbox_size_limit => '0',
recipient_delimiter => '+',
extra_main_parameters => {
biff => 'no',
broken_sasl_auth_clients => 'yes',
smtpd_sasl_auth_enable => 'yes',
smtpd_sasl_authenticated_header => 'yes',
smtpd_sasl_security_options => 'noanonymous',
smtpd_sasl_local_domain => '$myhostname',
append_dot_mydomain => 'no',
master_service_disable => '',
authorized_submit_users => '',
}
}
Limitations
- The service will only be reloaded on configuration change, meaning that changes requiring a full restart won't be applied, such as changes to listening interfaces.
- Expanded TLS and client-TLS directives (#28, @adamcstephens).
- Cosmetic cleanups to main.cf templates.
- Fix ordering of postfix::file resources (#18).
- Fix wrong smtps_content_filter parameter default (#32, @gwarf).
- Add support for smtp_generic_maps (#53, @KlavsKlavsen).
- Fix spampd options (#46, @chihoko).
- Add mailbox_size_limit.
- Allow mynetworks to also be an array.
- Allow inet_interfaces to also be an array.
2014-05-12 - 0.3.3
- Add Debian support for spampd (#26, @timogoebel).
- Content filter SMTPS, add more parameters (#27, @tjnicholas).
2014-03-31 - 0.3.2
- Add FreeBSD support (#23, @fraenki).
- Add transport_maps, canonical_maps & relocated_maps (#24, @fraenki).
2014-03-18 - 0.3.1
- Add extension support for dovecot+virtual users (#19, @winks).
- Add new TLS directives (#21, Steffen Zieger).
2014-02-04 - 0.3.0
- Support a few more main.cf directives (#15, RedRampage).
- Add extra_main_parameters to support any extra main.cf directives.
2013-10-28 - 0.2.4
- Add smtp client sasl auth configuration (aellert).
- Fix dovecot directory for Debian (Florian Anderiasch).
- Fix first run errors on master.cf and main.cf's parent directory (#12).
- Don't notify service when updating db files, it's useless (#14).
2013-09-17 - 0.2.3
- Reverse the el5/el6 logic to have the RHEL6 templates be the default now.
- Update fallback_relay= to smtp_fallback_relay= in el5 master template (#4).
- Add support for changing the key/crt file location and names.
2013-07-17 - 0.2.2
- Add setgid_group option in main.cf (Karsten Schöke).
- Update templates where @ variable prefixes were still missing.
2013-07-08 - 0.2.1
- Add Debian osfamily support (Vadim Lebedev).
- Move service_restart to params to have only one osfamily conditional.
2013-05-31 - 0.2.0
- Fix the leftover $title from where we had a definition.
- Update README and use markdown.
- Change to 2-space indent.
2012-12-18 - 0.1.4
- Use el6 templates for CentOS too.
- Improve postfix::dbfile documentation.
- Fix postfix::dbfile absent by also removing the *.db file.
- Change postfix::server to be a parametrized class.
- Clean up postfix::file.
- Fix body_checks template generation.
2012-04-04 - 0.1.3
- Add smtpd_sasl_auth support for dovecot auth.
- Make spampd more configurable.
- Add support for header_checks lines.
- Enhance support for local dovecot delivery.
- Fix scope of used facts.
2012-04-03 - 0.1.2
- Clean up the postfix module to match current puppetlabs guidelines.
Copyright (C) 2011-2015 Matthias Saou Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.