diff --git a/Berksfile b/Berksfile index eef1c52..ec09e0e 100644 --- a/Berksfile +++ b/Berksfile @@ -32,7 +32,7 @@ cookbook 'ntp', '= 3.4.0' cookbook 'ohai', '~> 5.2.5' cookbook 'openssl', '~> 8.5.5' cookbook 'php', '~> 8.0.0' -cookbook 'postfix', '= 5.0.2' +cookbook 'postfix', '~> 6.0.26' cookbook 'timezone_iii', '= 1.0.4' cookbook 'ulimit', '~> 1.0.0' cookbook 'users', '~> 5.3.1' diff --git a/Berksfile.lock b/Berksfile.lock index f15885a..cf6ade6 100644 --- a/Berksfile.lock +++ b/Berksfile.lock @@ -28,7 +28,7 @@ DEPENDENCIES ohai (~> 5.2.5) openssl (~> 8.5.5) php (~> 8.0.0) - postfix (= 5.0.2) + postfix (~> 6.0.26) redisio (~> 6.4.1) ruby_build (~> 2.5.0) timezone_iii (= 1.0.4) @@ -89,7 +89,7 @@ GRAPH openssl (8.5.5) php (8.0.1) yum-epel (>= 0.0.0) - postfix (5.0.2) + postfix (6.0.26) redisio (6.4.1) selinux (>= 0.0.0) ruby_build (2.5.0) diff --git a/cookbooks/postfix/.markdownlint-cli2.yaml b/cookbooks/postfix/.markdownlint-cli2.yaml new file mode 100644 index 0000000..6fa8e77 --- /dev/null +++ b/cookbooks/postfix/.markdownlint-cli2.yaml @@ -0,0 +1,5 @@ +config: + ul-indent: false # MD007 + line-length: false # MD013 + no-duplicate-heading: false # MD024 + reference-links-images: false # MD052 diff --git a/cookbooks/postfix/CHANGELOG.md b/cookbooks/postfix/CHANGELOG.md index 415b74c..1b7f2b2 100644 --- a/cookbooks/postfix/CHANGELOG.md +++ b/cookbooks/postfix/CHANGELOG.md @@ -2,6 +2,176 @@ This file is used to list changes made in each version of the postfix cookbook. +## 6.0.26 - *2023-10-03* + +- add installation of postfix addon packages for RHEL 8 + +## 6.0.25 - *2023-10-03* + +Fix markdown + +## 6.0.24 - *2023-09-28* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.23 - *2023-09-04* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.22 - *2023-08-29* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.21 - *2023-05-17* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.20 - *2023-04-17* + +Fix CI permissions + +## 6.0.19 - *2023-04-17* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.18 - *2023-04-07* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.17 - *2023-04-01* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.16 - *2023-04-01* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.15 - *2023-04-01* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.14 - *2023-03-20* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.13 - *2023-03-15* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.12 - *2023-02-23* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.11 - *2023-02-16* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.10 - *2023-02-14* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.9 - *2023-02-14* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.8 - *2022-12-08* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.7 - *2022-02-03* + +Standardise files with files in sous-chefs/repo-management + +## 6.0.6 - *2022-02-02* + +- Update tested platforms +- Remove delivery and move to calling RSpec directly via a reusable workflow + +## 6.0.5 - *2022-01-08* + +- resolved cookstyle error: test/integration/helpers/serverspec/spec_helper.rb:9:21 convention: `Style/FileRead` + +## 6.0.4 - *2021-08-19* + +## 6.0.3 - *2021-08-19* + +- Fixed TLS configuration + +## 6.0.2 - *2021-06-30* + +- Make sure we write the main.conf and master.conf before we try to use any commands (like postmap) + +## 6.0.1 - *2021-06-01* + +## 6.0.0 - *2020-11-23* + +- Disabled SSLv3 by default + +## 5.4.1 - 2020-10-20 + +- Ensure all postmap files are rebuilt immediately if needed + +## 5.4.0 - 2020-10-11 + +### Changed + +- Sous Chefs Adoption +- Update to use Sous Chefs GH workflow +- Update README to sous-chefs +- Update metadata.rb to Sous Chefs +- Update test-kitchen to Sous Chefs + +### Added + +- Standardise files with files in sous-chefs/repo-management +- Add Ubuntu 20.04 testing + +### Fixed + +- Cookstyle fixes +- ChefSpec fixes +- Yamllint fixes +- MDL fixes +- Fix OpenSUSE installation issues + +### Removed + +- Remove EL 6 testing +- Remove Amazon Linux 1 testing + +## 5.3.1 (2018-07-24) + +- Fixed sbin issue with Chef13 + +## 5.3.0 (2018-05-23) + +- support multiple sasl_passwd entries +- Add `packages` attribute so different postfix packages can be installed +- add ability to set network connection port for a remote relayhost + +## 5.2.1 (2017-11-22) + +- Properly support FreeBSD +- Do not run service restart for solaris which fails + +## 5.2.0 (2017-08-07) + +- Lazily evaluate the config template variables to allow overrides to properly apply +- Avoid Chefspec deprecation warnings + +## 5.1.1 (2017-07-28) + +- Fix support for Amazon Linux on Chef 13 +- Expand testing to cover Debian 9 in Travis + +## 5.1.0 (2017-07-28) + +- Add an option to allow recipient canonical maps + +## 5.0.3 (2017-06-26) + +- Correct attribute line for use_relay_restrictions_maps to prevent converge failures + ## 5.0.2 (2017-05-17) - Fix use_relay_restrictions_maps attribute misspelling in attributes file @@ -117,51 +287,51 @@ Reverting #37 - [COOK-3418] Virtual Domain Support PR - duplicate of #55 ### Bug -- **[COOK-4357](https://tickets.chef.io/browse/COOK-4357)** - postfix::sasl_auth recipe fails to converge +- postfix::sasl_auth recipe fails to converge ## v3.1.0 (2014-02-19) ### Bug -- **[COOK-4322](https://tickets.chef.io/browse/COOK-4322)** - Postfix cookbook has incorrect default path for sasl_passwd +- Postfix cookbook has incorrect default path for sasl_passwd ### New Feature -- **[COOK-4086](https://tickets.chef.io/browse/COOK-4086)** - use conf_dir attribute for sasl recipe, and add omnios support -- **[COOK-2551](https://tickets.chef.io/browse/COOK-2551)** - Support creating the sender_canonical map file +- use conf_dir attribute for sasl recipe, and add omnios support +- Support creating the sender_canonical map file ## v3.0.4 ### Bug -- **[COOK-3824](https://tickets.chef.io/browse/COOK-3824)** - main.cf.erb mishandles lists +- main.cf.erb mishandles lists ### Improvement -- **[COOK-3822](https://tickets.chef.io/browse/COOK-3822)** - postfix cookbook readme has an incorrect example +- postfix cookbook readme has an incorrect example - Got rubocop errors down to 32 ### New Feature -- **[COOK-2551](https://tickets.chef.io/browse/COOK-2551)** - Support creating the sender_canonical map file +- Support creating the sender_canonical map file ## v3.0.2 ### Bug -- **[COOK-3617](https://tickets.chef.io/browse/COOK-3617)** - Fix error when no there is no FQDN -- **[COOK-3530](https://tickets.chef.io/browse/COOK-3530)** - Update `client.rb` after 3.0.0 refactor -- **[COOK-2499](https://tickets.chef.io/browse/COOK-2499)** - Do not use resource cloning +- Fix error when no there is no FQDN +- Update `client.rb` after 3.0.0 refactor +- Do not use resource cloning ### Improvement -- **[COOK-3116](https://tickets.chef.io/browse/COOK-3116)** - Add SmartOS support +- Add SmartOS support ## v3.0.0 ### Improvement -- **[COOK-3328](https://tickets.chef.io/browse/COOK-3328)** - Postfix main/master and attributes refactor +- Postfix main/master and attributes refactor **Breaking changes**: diff --git a/cookbooks/postfix/CONTRIBUTING.md b/cookbooks/postfix/CONTRIBUTING.md deleted file mode 100644 index cd21578..0000000 --- a/cookbooks/postfix/CONTRIBUTING.md +++ /dev/null @@ -1 +0,0 @@ -Please refer to diff --git a/cookbooks/postfix/LICENSE b/cookbooks/postfix/LICENSE new file mode 100644 index 0000000..8f71f43 --- /dev/null +++ b/cookbooks/postfix/LICENSE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/cookbooks/postfix/MAINTAINERS.md b/cookbooks/postfix/MAINTAINERS.md deleted file mode 100644 index 645ed14..0000000 --- a/cookbooks/postfix/MAINTAINERS.md +++ /dev/null @@ -1,15 +0,0 @@ - - -# Maintainers - -This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead. - -Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead. - -# Project Maintainer -* [Tim Smith](https://github.com/tas50) - -# Maintainers -* [Jennifer Davis](https://github.com/sigje) -* [Tim Smith](https://github.com/tas50) -* [Thom May](https://github.com/thommay) diff --git a/cookbooks/postfix/README.md b/cookbooks/postfix/README.md index 3531da4..e7dc535 100644 --- a/cookbooks/postfix/README.md +++ b/cookbooks/postfix/README.md @@ -1,19 +1,28 @@ # postfix Cookbook -[![Build Status](https://travis-ci.org/chef-cookbooks/postfix.svg?branch=master)](https://travis-ci.org/chef-cookbooks/postfix) [![Cookbook Version](https://img.shields.io/cookbook/v/postfix.svg)](https://supermarket.chef.io/cookbooks/postfix) +[![Cookbook Version](https://img.shields.io/cookbook/v/postfix.svg)](https://supermarket.chef.io/cookbooks/postfix) +[![CI State](https://github.com/sous-chefs/postfix/workflows/ci/badge.svg)](https://github.com/sous-chefs/postfix/actions?query=workflow%3Aci) +[![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers) +[![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors) +[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0) Installs and configures postfix for client or outbound relayhost, or to do SASL authentication. On RHEL-family systems, sendmail will be replaced with postfix. +## Maintainers + +This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF). + ## Requirements ### Platforms -- Ubuntu 12.04+ -- Debian 7.0+ -- RHEL/CentOS/Scientific 5.7+, 6.2+ +- Ubuntu +- Debian +- RHEL/CentOS/Scientific - Amazon Linux (as of AMIs created after 4/9/2012) +- FreeBSD May work on other platforms with or without modification. @@ -33,6 +42,7 @@ See `attributes/default.rb` for default values. - `node['postfix']['mail_type']` - Sets the kind of mail configuration. `master` will set up a server (relayhost). - `node['postfix']['relayhost_role']` - name of a role used for search in the client recipe. +- `node['postfix']['relayhost_port']` - listening network port of the relayhost. - `node['postfix']['multi_environment_relay']` - set to true if nodes should not constrain search for the relayhost in their own environment. - `node['postfix']['use_procmail']` - set to true if nodes should use procmail as the delivery agent. - `node['postfix']['use_alias_maps']` - set to true if you want the cookbook to use/configure alias maps @@ -43,7 +53,7 @@ See `attributes/default.rb` for default values. - `node['postfix']['aliases']` - hash of aliases to create with `recipe[postfix::aliases]`, see below under **Recipes** for more information. - `node['postfix']['transports']` - hash of transports to create with `recipe[postfix::transports]`, see below under **Recipes** for more information. - `node['postfix']['access']` - hash of access to create with `recipe[postfix::access]`, see below under **Recipes** for more information. -- `node['postfix']['virtual_aliases']` - hash of virtual_aliases to create with `recipe[postfix::virtual_aliases]`, see below under __Recipes__ for more information. +- `node['postfix']['virtual_aliases']` - hash of virtual_aliases to create with `recipe[postfix::virtual_aliases]`, see below under **Recipes** for more information. - `node['postfix']['main_template_source']` - Cookbook source for main.cf template. Default 'postfix' - `node['postfix']['master_template_source']` - Cookbook source for master.cf template. Default 'postfix' @@ -75,10 +85,20 @@ This change in namespace to `node['postfix']['main']` should allow for greater f - `node['postfix']['main']['smtp_sasl_password_maps']` - Set to `hash:/etc/postfix/sasl_passwd` template file - `node['postfix']['main']['smtp_sasl_security_options']` - Set to noanonymous - `node['postfix']['main']['relayhost']` - Set to empty string -- `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as. Default empty -- `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use. Default empty. - `node['postfix']['sender_canonical_map_entries']` - (hash with key value pairs); default not configured. Setup generic canonical maps. See `man 5 canonical`. If has at least one value, then will be enabled in config. - `node['postfix']['smtp_generic_map_entries']` - (hash with key value pairs); default not configured. Setup generic postfix maps. See `man 5 generic`. If has at least one value, then will be enabled in config. +- `node['postfix']['recipient_canonical_map_entries']` - (hash with key value pairs); default not configured. Setup generic canonical maps. See `man 5 canonical`. If has at least one value, then will be enabled in config. +- `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as. Default empty. You can only use this until the current version. The new syntax is below. +- `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use. Default empty. You can only use this until the current version. The new syntax is below. +- `node['postfix']['sasl']` = ```json { + "relayhost1" => { + 'username' => 'foo', + 'password' => 'bar' + }, + "relayhost2" => { + ... + } + }``` - You must set the following attribute, otherwise the attribute will default to empty Example of json role config, for setup *_map_entries: @@ -331,8 +351,14 @@ override_attributes( "smtp_sasl_auth_enable" => "yes" }, "sasl" => { - "smtp_sasl_passwd" => "your_password", - "smtp_sasl_user_name" => "your_username" + "relayhost1" => { + "username" => "your_password", + "password" => "your_username" + }, + "relayhost2" => { + ... + }, + ... } } ) @@ -425,22 +451,27 @@ override_attributes( ) ``` -## License & Authors +## Contributors -**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io)) +This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false) -**Copyright:** 2009-2016, Chef Software, Inc. +### Backers -``` -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at +Thank you to all our backers! - http://www.apache.org/licenses/LICENSE-2.0 +![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600&avatarHeight=40) -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -``` +### Sponsors + +Support this project by becoming a sponsor. Your logo will show up here with a link to your website. + +![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100) diff --git a/cookbooks/postfix/attributes/default.rb b/cookbooks/postfix/attributes/default.rb index d467072..6ec3d88 100644 --- a/cookbooks/postfix/attributes/default.rb +++ b/cookbooks/postfix/attributes/default.rb @@ -1,5 +1,5 @@ # Author:: Joshua Timberman -# Copyright:: 2009-2017, Chef Software, Inc. +# Copyright:: 2009-2019, Chef Software, Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,12 +14,15 @@ # See the License for the specific language governing permissions and # limitations under the License. +default['postfix']['packages'] = %w(postfix) + # Generic cookbook attributes default['postfix']['mail_type'] = 'client' default['postfix']['relayhost_role'] = 'relayhost' +default['postfix']['relayhost_port'] = '25' default['postfix']['multi_environment_relay'] = false default['postfix']['use_procmail'] = false -default['postfix']['use_alias_maps'] = (node['platform'] == 'freebsd') +default['postfix']['use_alias_maps'] = platform?('freebsd') default['postfix']['use_transport_maps'] = false default['postfix']['use_access_maps'] = false default['postfix']['use_virtual_aliases'] = false @@ -33,6 +36,7 @@ default['postfix']['main_template_source'] = 'postfix' default['postfix']['master_template_source'] = 'postfix' default['postfix']['sender_canonical_map_entries'] = {} default['postfix']['smtp_generic_map_entries'] = {} +default['postfix']['recipient_canonical_map_entries'] = {} default['postfix']['access_db_type'] = 'hash' default['postfix']['aliases_db_type'] = 'hash' default['postfix']['transport_db_type'] = 'hash' @@ -84,6 +88,10 @@ default['postfix']['main']['myorigin'] = '$myhostname' default['postfix']['main']['mydestination'] = [node['postfix']['main']['myhostname'], node['hostname'], 'localhost.localdomain', 'localhost'].compact default['postfix']['main']['smtpd_use_tls'] = 'yes' default['postfix']['main']['smtp_use_tls'] = 'yes' +default['postfix']['main']['smtpd_tls_mandatory_protocols'] = '!SSLv2,!SSLv3' +default['postfix']['main']['smtp_tls_mandatory_protocols'] = '!SSLv2,!SSLv3' +default['postfix']['main']['smtpd_tls_protocols'] = '!SSLv2,!SSLv3' +default['postfix']['main']['smtp_tls_protocols'] = '!SSLv2,!SSLv3' default['postfix']['main']['smtp_sasl_auth_enable'] = 'no' default['postfix']['main']['mailbox_size_limit'] = 0 default['postfix']['main']['mynetworks'] = nil @@ -99,6 +107,11 @@ when 'smartos' default['postfix']['cafile'] = '/opt/local/etc/postfix/cacert.pem' when 'rhel' default['postfix']['cafile'] = '/etc/pki/tls/cert.pem' +when 'amazon' + default['postfix']['cafile'] = '/etc/pki/tls/cert.pem' +when 'suse' + default['postfix']['main']['setgid_group'] = 'maildrop' + default['postfix']['main']['daemon_directory'] = '/usr/lib/postfix/bin' else default['postfix']['cafile'] = "#{node['postfix']['conf_dir']}/cacert.pem" end @@ -374,27 +387,24 @@ default['postfix']['master']['bsmtp']['command'] = 'pipe' default['postfix']['master']['bsmtp']['args'] = ['flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient'] # OS Aliases -default['postfix']['aliases'] = case node['platform'] - when 'freebsd' +default['postfix']['aliases'] = if platform?('freebsd') { - 'MAILER-DAEMON' => 'postmaster', - 'bin' => 'root', - 'daemon' => 'root', - 'named' => 'root', - 'nobody' => 'root', - 'uucp' => 'root', - 'www' => 'root', - 'ftp-bugs' => 'root', - 'postfix' => 'root', - 'manager' => 'root', - 'dumper' => 'root', - 'operator' => 'root', - 'abuse' => 'postmaster', + 'MAILER-DAEMON' => 'postmaster', + 'bin' => 'root', + 'daemon' => 'root', + 'named' => 'root', + 'nobody' => 'root', + 'uucp' => 'root', + 'www' => 'root', + 'ftp-bugs' => 'root', + 'postfix' => 'root', + 'manager' => 'root', + 'dumper' => 'root', + 'operator' => 'root', + 'abuse' => 'postmaster', } else {} end -if node['postfix']['use_relay_restrictions_maps'] - default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" -end +default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps'] diff --git a/cookbooks/postfix/chefignore b/cookbooks/postfix/chefignore new file mode 100644 index 0000000..a27b0b2 --- /dev/null +++ b/cookbooks/postfix/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen*.yml +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/cookbooks/postfix/metadata.json b/cookbooks/postfix/metadata.json index e535f33..1bbe467 100644 --- a/cookbooks/postfix/metadata.json +++ b/cookbooks/postfix/metadata.json @@ -1 +1,45 @@ -{"name":"postfix","version":"5.0.2","description":"Installs and configures postfix for client or outbound relayhost, or to do SASL auth","long_description":"# postfix Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/postfix.svg?branch=master)](https://travis-ci.org/chef-cookbooks/postfix) [![Cookbook Version](https://img.shields.io/cookbook/v/postfix.svg)](https://supermarket.chef.io/cookbooks/postfix)\n\nInstalls and configures postfix for client or outbound relayhost, or to do SASL authentication.\n\nOn RHEL-family systems, sendmail will be replaced with postfix.\n\n## Requirements\n\n### Platforms\n\n- Ubuntu 12.04+\n- Debian 7.0+\n- RHEL/CentOS/Scientific 5.7+, 6.2+\n- Amazon Linux (as of AMIs created after 4/9/2012)\n\nMay work on other platforms with or without modification.\n\n### Chef\n\n- Chef 12.1+\n\n### Cookbooks\n\n- none\n\n## Attributes\n\nSee `attributes/default.rb` for default values.\n\n### Generic cookbook attributes\n\n- `node['postfix']['mail_type']` - Sets the kind of mail configuration. `master` will set up a server (relayhost).\n- `node['postfix']['relayhost_role']` - name of a role used for search in the client recipe.\n- `node['postfix']['multi_environment_relay']` - set to true if nodes should not constrain search for the relayhost in their own environment.\n- `node['postfix']['use_procmail']` - set to true if nodes should use procmail as the delivery agent.\n- `node['postfix']['use_alias_maps']` - set to true if you want the cookbook to use/configure alias maps\n- `node['postfix']['use_transport_maps']` - set to true if you want the cookbook to use/configure transport maps\n- `node['postfix']['use_access_maps']` - set to true if you want the cookbook to use/configure access maps\n- `node['postfix']['use_virtual_aliases']` - set to true if you want the cookbook to use/configure virtual alias maps\n- `node['postfix']['use_relay_restrictions_maps']` - set to true if you want the cookbook to use/configure a list of domains to which postfix will allow relay\n- `node['postfix']['aliases']` - hash of aliases to create with `recipe[postfix::aliases]`, see below under **Recipes** for more information.\n- `node['postfix']['transports']` - hash of transports to create with `recipe[postfix::transports]`, see below under **Recipes** for more information.\n- `node['postfix']['access']` - hash of access to create with `recipe[postfix::access]`, see below under **Recipes** for more information.\n- `node['postfix']['virtual_aliases']` - hash of virtual_aliases to create with `recipe[postfix::virtual_aliases]`, see below under __Recipes__ for more information.\n- `node['postfix']['main_template_source']` - Cookbook source for main.cf template. Default 'postfix'\n- `node['postfix']['master_template_source']` - Cookbook source for master.cf template. Default 'postfix'\n\n### main.cf and sasl_passwd template attributes\n\nThe main.cf template has been simplified to include any attributes in the `node['postfix']['main']` data structure. The following attributes are still included with this cookbook to maintain some semblance of backwards compatibility.\n\nThis change in namespace to `node['postfix']['main']` should allow for greater flexibility, given the large number of configuration variables for the postfix daemon. All of these cookbook attributes correspond to the option of the same name in `/etc/postfix/main.cf`.\n\n- `node['postfix']['main']['biff']` - (yes/no); default no\n- `node['postfix']['main']['append_dot_mydomain']` - (yes/no); default no\n- `node['postfix']['main']['myhostname']` - defaults to fqdn from Ohai\n- `node['postfix']['main']['mydomain']` - defaults to domain from Ohai\n- `node['postfix']['main']['myorigin']` - defaults to $myhostname\n- `node['postfix']['main']['mynetworks']` - default is nil, which forces Postfix to default to loopback addresses.\n- `node['postfix']['main']['inet_interfaces']` - set to `loopback-only`, or `all` for server recipe\n- `node['postfix']['main']['alias_maps']` - set to `hash:/etc/aliases`\n- `node['postfix']['main']['mailbox_size_limit']` - set to `0` (disabled)\n- `node['postfix']['main']['mydestination']` - default fqdn, hostname, localhost.localdomain, localhost\n- `node['postfix']['main']['smtpd_use_tls']` - (yes/no); default yes. See conditional cert/key attributes.\n- `node['postfix']['main']['smtpd_tls_cert_file']` - conditional attribute, set to full path of server's x509 certificate.\n- `node['postfix']['main']['smtpd_tls_key_file']` - conditional attribute, set to full path of server's private key\n- `node['postfix']['main']['smtpd_tls_CAfile']` - set to platform specific CA bundle\n- `node['postfix']['main']['smtpd_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`\n- `node['postfix']['main']['smtp_use_tls']` - (yes/no); default yes. See following conditional attributes.\n- `node['postfix']['main']['smtp_tls_CAfile']` - set to platform specific CA bundle\n- `node['postfix']['main']['smtp_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`\n- `node['postfix']['main']['smtp_sasl_auth_enable']` - (yes/no); default no. If enabled, see following conditional attributes.\n- `node['postfix']['main']['smtp_sasl_password_maps']` - Set to `hash:/etc/postfix/sasl_passwd` template file\n- `node['postfix']['main']['smtp_sasl_security_options']` - Set to noanonymous\n- `node['postfix']['main']['relayhost']` - Set to empty string\n- `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as. Default empty\n- `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use. Default empty.\n- `node['postfix']['sender_canonical_map_entries']` - (hash with key value pairs); default not configured. Setup generic canonical maps. See `man 5 canonical`. If has at least one value, then will be enabled in config.\n- `node['postfix']['smtp_generic_map_entries']` - (hash with key value pairs); default not configured. Setup generic postfix maps. See `man 5 generic`. If has at least one value, then will be enabled in config.\n\nExample of json role config, for setup *_map_entries:\n\n`postfix : {`\n\n`...`\n\n`\"smtp_generic_map_entries\" : { \"root@youinternaldomain.local\" : \"admin@example.com\", \"admin@youinternaldomain.local\" : \"admin@example.com\" }`\n\n`}`\n\n### master.cf template attributes\n\nThe master.cf template has been changed to allow full customization of the file content. For purpose of backwards compatibility default attributes generate the same master.cf. But via `node['postfix']['master']` data structure in your role for instance it can be completelly rewritten.\n\nExamples of json role config, for customize master.cf:\n\n`postfix : {`\n\n`...`\n\nturn some services off or on:\n\n```json\n \"master\" : {\n \"smtps\": {\n \"active\": true\n },\n \"old-cyrus\": {\n \"active\": false\n },\n \"cyrus\": {\n \"active\": false\n },\n \"uucp\": {\n \"active\": false\n },\n \"ifmail\": {\n \"active\": false\n },\n```\n\n`...` define you own service:\n\n```json\n \"spamfilter\": {\n \"comment\": \"My own spamfilter\",\n \"active\": true,\n \"order\": 590,\n \"type\": \"unix\",\n \"unpriv\": false,\n \"chroot\": false,\n \"command\": \"pipe\",\n \"args\": [\"flags=Rq user=spamd argv=/usr/bin/spamfilter.sh -oi -f ${sender} ${recipient}\"]\n }\n```\n\n`...`\n\n`}` `}`\n\nThe possible service hash fields and their meanings: hash key - have to be unique, unless you wish to override default definition.\n\nField | Mandatory | Description\n------- | --------- | --------------------------------------------------------------------\nactive | Yes | Boolean. Defines whether or not the service needs to be in master.cf\ncomment | No | String. If you would like to add a comment line before service line\norder | Yes | Integer. Number to define the order of lines in the file\ntype | Yes | String. Type of the service (inet, unix, fifo)\nprivate | No | Boolean. If present replaced by `y` or `n`, otherwise by `-`\nunpriv | No | Boolean. If present replaced by `y` or `n`, otherwise by `-`\nchroot | No | Boolean. If present replaced by `y` or `n`, otherwise by `-`\nwakeup | No | String. If present value placed in file, otherwise replaced by `-`\nmaxproc | No | String. If present value placed in file, otherwise replaced by `-`\ncommand | Yes | String. The command to be executed.\nargs | Yes | Array of Strings. Arguments passed to command.\n\nFor more information about meaning of the fields consult `master (5)` manual: \n\n## Recipes\n\n### default\n\nInstalls the postfix package and manages the service and the main configuration files (`/etc/postfix/main.cf` and `/etc/postfix/master.cf`). See **Usage** and **Examples** to see how to affect behavior of this recipe through configuration. Depending on the `node['postfix']['use_alias_maps']`, `node['postfix']['use_transport_maps']`, `node['postfix']['use_access_maps']` and `node['postfix']['use_virtual_aliases']` attributes the default recipe can call additional recipes to manage additional postfix configuration files\n\nFor a more dynamic approach to discovery for the relayhost, see the `client` and `server` recipes below.\n\n### client\n\nUse this recipe to have nodes automatically search for the mail relay based which node has the `node['postfix']['relayhost_role']` role. Sets the `node['postfix']['main']['relayhost']` attribute to the first result from the search.\n\nIncludes the default recipe to install, configure and start postfix.\n\nDoes not work with `chef-solo`.\n\n### sasl_auth\n\nSets up the system to authenticate with a remote mail relay using SASL authentication.\n\n### server\n\nTo use Chef Server search to automatically detect a node that is the relayhost, use this recipe in a role that will be relayhost. By default, the role should be \"relayhost\" but you can change the attribute `node['postfix']['relayhost_role']` to modify this.\n\n**Note** This recipe will set the `node['postfix']['mail_type']` to \"master\" with an override attribute.\n\n### maps\n\nGeneral recipe to manage any number of any type postfix lookup tables. You can replace with it recipes like `transport` or `virtual_aliases`, but what is more important - you can create any kinds of maps, which has no own recipe, including database lookup maps configuration. `maps` is a hash keys of which is a lookup table type and value is another hash with filenames as the keys and hash with file content as the value. File content is an any number of key/value pairs which meaning depends on lookup table type. Examlle:\n\n```json\n \"override_attributes\": {\n \"postfix\": {\n \"maps\": {\n \"hash\": {\n \"/etc/postfix/vmailbox\": {\n \"john@example.com\": \"ok\",\n \"john@example.net\": \"ok\",\n },\n \"/etc/postfix/virtual\": {\n \"postmaster@example.com\": \"john@example.com\",\n \"postmaster@example.net\": \"john@example.net\",\n \"root@mail.example.net\": \"john@example.net\"\n },\n \"/etc/postfix/envelope_senders\": {\n \"@example.com\": \"john@example.com\",\n \"@example.net\": \"john@example.net\"\n },\n \"/etc/postfix/relay_recipients\": {\n \"john@example.net\": \"ok\",\n \"john@example.com\": \"ok\",\n \"admin@example.com\": \"ok\",\n }\n },\n \"pgsql\": {\n \"/etc/postfix/pgtest\": {\n \"hosts\": \"db.local:2345\",\n \"user\": \"postfix\",\n \"password\": \"test\",\n \"dbname\": \"postdb\",\n \"query\": \"SELECT replacement FROM aliases WHERE mailbox = '%s'\"\n }\n }\n }\n }\n```\n\nTo use these files in your configuration reference them in `node['postfix']['main']`, for instance:\n\n```json\n \"postfix\": {\n \"main\": {\n \"smtpd_sender_login_maps\": \"hash:/etc/postfix/envelope_senders\",\n \"relay_recipient_maps\": \"hash:/etc/postfix/relay_recipients\",\n \"virtual_mailbox_maps\": \"hash:/etc/postfix/vmailbox\",\n \"virtual_alias_maps\": \"hash:/etc/postfix/virtual\",\n }\n }\n```\n\n### aliases\n\nManage `/etc/aliases` with this recipe. Currently only Ubuntu 10.04 platform has a template for the aliases file. Add your aliases template to the `templates/default` or to the appropriate platform+version directory per the File Specificity rules for templates. Then specify a hash of aliases for the `node['postfix']['aliases']` attribute.\n\nArrays are supported as alias values, since postfix supports comma separated values per alias, simply specify your alias as an array to use this handy feature.\n\n### aliases\n\nManage `/etc/aliases` with this recipe.\n\n### transports\n\nManage `/etc/postfix/transport` with this recipe.\n\n### access\n\nManage `/etc/postfix/access` with this recipe.\n\n### virtual_aliases\n\nManage `/etc/postfix/virtual` with this recipe.\n\n### relay_restrictions\n\nManage `/etc/postfix/relay_restriction` with this recipe The postfix option smtpd_relay_restrictions in main.cf will point to this hash map db.\n\n\n\n## Usage\n\nOn systems that should simply send mail directly to a relay, or out to the internet, use `recipe[postfix]` and modify the `node['postfix']['main']['relayhost']` attribute via a role.\n\nOn systems that should be the MX for a domain, set the attributes accordingly and make sure the `node['postfix']['mail_type']` attribute is `master`. See **Examples** for information on how to use `recipe[postfix::server]` to do this automatically.\n\nIf you need to use SASL authentication to send mail through your ISP (such as on a home network), use `postfix::sasl_auth` and set the appropriate attributes.\n\nFor each of these implementations, see **Examples** for role usage.\n\n### Examples\n\nThe example roles below only have the relevant postfix usage. You may have other contents depending on what you're configuring on your systems.\n\nThe `base` role is applied to all nodes in the environment.\n\n```ruby\nname \"base\"\nrun_list(\"recipe[postfix]\")\noverride_attributes(\n \"postfix\" => {\n \"mail_type\" => \"client\",\n \"main\" => {\n \"mydomain\" => \"example.com\",\n \"myorigin\" => \"example.com\",\n \"relayhost\" => \"[smtp.example.com]\",\n \"smtp_use_tls\" => \"no\"\n }\n }\n)\n```\n\nThe `relayhost` role is applied to the nodes that are relayhosts. Often this is 2 systems using a CNAME of `smtp.example.com`.\n\n```ruby\nname \"relayhost\"\nrun_list(\"recipe[postfix::server]\")\noverride_attributes(\n \"postfix\" => {\n \"mail_type\" => \"master\",\n \"main\" => {\n \"mynetworks\" => [ \"10.3.3.0/24\", \"127.0.0.0/8\" ],\n \"inet_interfaces\" => \"all\",\n \"mydomain\" => \"example.com\",\n \"myorigin\" => \"example.com\"\n }\n)\n```\n\nThe `sasl_relayhost` role is applied to the nodes that are relayhosts and require authenticating with SASL. For example this might be on a household network with an ISP that otherwise blocks direct internet access to SMTP.\n\n```ruby\nname \"sasl_relayhost\"\nrun_list(\"recipe[postfix], recipe[postfix::sasl_auth]\")\noverride_attributes(\n \"postfix\" => {\n \"mail_type\" => \"master\",\n \"main\" => {\n \"mynetworks\" => \"10.3.3.0/24\",\n \"mydomain\" => \"example.com\",\n \"myorigin\" => \"example.com\",\n \"relayhost\" => \"[smtp.comcast.net]:587\",\n \"smtp_sasl_auth_enable\" => \"yes\"\n },\n \"sasl\" => {\n \"smtp_sasl_passwd\" => \"your_password\",\n \"smtp_sasl_user_name\" => \"your_username\"\n }\n }\n)\n```\n\nFor an example of using encrypted data bags to encrypt the SASL password, see the following blog post:\n\n- \n\n#### Examples using the client & server recipes\n\nIf you'd like to use the more dynamic search based approach for discovery, use the server and client recipes. First, create a relayhost role.\n\n```ruby\nname \"relayhost\"\nrun_list(\"recipe[postfix::server]\")\noverride_attributes(\n \"postfix\" => {\n \"main\" => {\n \"mynetworks\" => \"10.3.3.0/24\",\n \"mydomain\" => \"example.com\",\n \"myorigin\" => \"example.com\"\n }\n }\n)\n```\n\nThen, add the `postfix::client` recipe to the run list of your `base` role or equivalent role for postfix clients.\n\n```ruby\nname \"base\"\nrun_list(\"recipe[postfix::client]\")\noverride_attributes(\n \"postfix\" => {\n \"mail_type\" => \"client\",\n \"main\" => {\n \"mydomain\" => \"example.com\",\n \"myorigin\" => \"example.com\"\n }\n }\n)\n```\n\nIf you wish to use a different role name for the relayhost, then also set the attribute in the `base` role. For example, `postfix_master` as the role name:\n\n```ruby\nname \"postfix_master\"\ndescription \"a role for postfix master that isn't relayhost\"\nrun_list(\"recipe[postfix::server]\")\noverride_attributes(\n \"postfix\" => {\n \"main\" => {\n \"mynetworks\" => \"10.3.3.0/24\",\n \"mydomain\" => \"example.com\",\n \"myorigin\" => \"example.com\"\n }\n }\n)\n```\n\nThe base role would look something like this:\n\n```ruby\nname \"base\"\nrun_list(\"recipe[postfix::client]\")\noverride_attributes(\n \"postfix\" => {\n \"relayhost_role\" => \"postfix_master\",\n \"mail_type\" => \"client\",\n \"main\" => {\n \"mydomain\" => \"example.com\",\n \"myorigin\" => \"example.com\"\n }\n }\n)\n```\n\nTo use relay restrictions override the relay restrictions attribute in this format:\n\n```ruby\noverride_attributes(\n \"postfix\" => {\n \"use_relay_restrictions_maps\" => true,\n \"relay_restrictions\" => {\n \"chef.io\" => \"OK\",\n \".chef.io\" => \"OK\",\n \"example.com\" => \"OK\"\n }\n }\n)\n```\n\n## License & Authors\n\n**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))\n\n**Copyright:** 2009-2016, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"ubuntu":">= 0.0.0","debian":">= 0.0.0","redhat":">= 0.0.0","centos":">= 0.0.0","amazon":">= 0.0.0","oracle":">= 0.0.0","scientific":">= 0.0.0","smartos":">= 0.0.0","fedora":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"postfix":"Installs and configures postfix","postfix::sasl_auth":"Set up postfix to auth to a server with sasl","postfix::aliases":"Manages /etc/aliases","postfix::transports":"Manages /etc/postfix/transport","postfix::access":"Manages /etc/postfix/access","postfix::virtual_aliases":"Manages /etc/postfix/virtual","postfix::client":"Searches for the relayhost based on an attribute","postfix::server":"Sets the mail_type attribute to master","postfix::maps":"Manages any number of any type postfix lookup tables"},"source_url":"https://github.com/chef-cookbooks/postfix","issues_url":"https://github.com/chef-cookbooks/postfix/issues","chef_version":[[">= 12.1"]],"ohai_version":[]} \ No newline at end of file +{ + "name": "postfix", + "description": "Installs and configures postfix for client or outbound relayhost, or to do SASL auth", + "long_description": "", + "maintainer": "Sous Chefs", + "maintainer_email": "help@sous-chefs.org", + "license": "Apache-2.0", + "platforms": { + "amazon": ">= 0.0.0", + "centos": ">= 0.0.0", + "debian": ">= 0.0.0", + "fedora": ">= 0.0.0", + "freebsd": ">= 0.0.0", + "oracle": ">= 0.0.0", + "redhat": ">= 0.0.0", + "scientific": ">= 0.0.0", + "smartos": ">= 0.0.0", + "ubuntu": ">= 0.0.0" + }, + "dependencies": { + + }, + "providing": { + + }, + "recipes": { + + }, + "version": "6.0.26", + "source_url": "https://github.com/sous-chefs/postfix", + "issues_url": "https://github.com/sous-chefs/postfix/issues", + "privacy": false, + "chef_versions": [ + [ + ">= 12.15" + ] + ], + "ohai_versions": [ + + ], + "gems": [ + + ], + "eager_load_libraries": true +} diff --git a/cookbooks/postfix/metadata.rb b/cookbooks/postfix/metadata.rb new file mode 100644 index 0000000..7289daa --- /dev/null +++ b/cookbooks/postfix/metadata.rb @@ -0,0 +1,20 @@ +name 'postfix' +maintainer 'Sous Chefs' +maintainer_email 'help@sous-chefs.org' +license 'Apache-2.0' +description 'Installs and configures postfix for client or outbound relayhost, or to do SASL auth' +version '6.0.26' +source_url 'https://github.com/sous-chefs/postfix' +issues_url 'https://github.com/sous-chefs/postfix/issues' +chef_version '>= 12.15' + +supports 'amazon' +supports 'centos' +supports 'debian' +supports 'fedora' +supports 'freebsd' +supports 'oracle' +supports 'redhat' +supports 'scientific' +supports 'smartos' +supports 'ubuntu' diff --git a/cookbooks/postfix/recipes/_attributes.rb b/cookbooks/postfix/recipes/_attributes.rb index f3ffe6e..5e7449d 100644 --- a/cookbooks/postfix/recipes/_attributes.rb +++ b/cookbooks/postfix/recipes/_attributes.rb @@ -1,4 +1,4 @@ -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,9 +13,7 @@ # limitations under the License. # -if node['postfix']['use_procmail'] - node.default_unless['postfix']['main']['mailbox_command'] = '/usr/bin/procmail -a "$EXTENSION"' -end +node.default_unless['postfix']['main']['mailbox_command'] = '/usr/bin/procmail -a "$EXTENSION"' if node['postfix']['use_procmail'] if node['postfix']['main']['smtpd_use_tls'] == 'yes' node.default_unless['postfix']['main']['smtpd_tls_cert_file'] = '/etc/ssl/certs/ssl-cert-snakeoil.pem' @@ -38,34 +36,18 @@ if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes' node.default_unless['postfix']['main']['relayhost'] = '' end -if node['postfix']['use_alias_maps'] - node.default_unless['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"] -end +node.default_unless['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"] if node['postfix']['use_alias_maps'] -if node['postfix']['use_transport_maps'] - node.default_unless['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"] -end +node.default_unless['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"] if node['postfix']['use_transport_maps'] -if node['postfix']['use_access_maps'] - node.default_unless['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"] -end +node.default_unless['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"] if node['postfix']['use_access_maps'] -if node['postfix']['use_virtual_aliases'] - node.default_unless['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"] -end +node.default_unless['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"] if node['postfix']['use_virtual_aliases'] -if node['postfix']['use_virtual_aliases_domains'] - node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"] -end +node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"] if node['postfix']['use_virtual_aliases_domains'] -if node['postfix']['use_relay_restrictions_maps'] - default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" -end +node.default_unless['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps'] -if node['postfix']['master']['maildrop']['active'] - node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1 -end +node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1 if node['postfix']['master']['maildrop']['active'] -if node['postfix']['master']['cyrus']['active'] - node.default_unless['postfix']['main']['cyrus_destination_recipient_limit'] = 1 -end +node.default_unless['postfix']['main']['cyrus_destination_recipient_limit'] = 1 if node['postfix']['master']['cyrus']['active'] diff --git a/cookbooks/postfix/recipes/_common.rb b/cookbooks/postfix/recipes/_common.rb index 17d5e0e..ab3aeab 100644 --- a/cookbooks/postfix/recipes/_common.rb +++ b/cookbooks/postfix/recipes/_common.rb @@ -2,7 +2,7 @@ # Cookbook:: common # Recipe:: default # -# Copyright:: 2009-2017, Chef Software, Inc. +# Copyright:: 2009-2020, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,12 +19,19 @@ include_recipe 'postfix::_attributes' -package 'postfix' +# use multi-package when we can +if node['os'] == 'linux' + package node['postfix']['packages'] +else + node['postfix']['packages'].each do |pkg| + package pkg + end +end package 'procmail' if node['postfix']['use_procmail'] case node['platform_family'] -when 'rhel', 'fedora' +when 'rhel', 'fedora', 'amazon' service 'sendmail' do action :nothing end @@ -35,6 +42,8 @@ when 'rhel', 'fedora' notifies :start, 'service[postfix]' not_if '/usr/bin/test /etc/alternatives/mta -ef /usr/sbin/sendmail.postfix' end +when 'suse' + file '/var/adm/postfix.configured' when 'omnios' manifest_path = ::File.join(Chef::Config[:file_cache_path], 'manifest-postfix.xml') @@ -67,7 +76,68 @@ when 'omnios' execute 'load postfix manifest' do action :nothing command "svccfg import #{manifest_path}" - notifies :restart, 'service[postfix]' + notifies :restart, 'service[postfix]' unless platform_family?('solaris2') + end +when 'freebsd' + # Actions are based on docs provided by FreeBSD: + # https://www.freebsd.org/doc/handbook/mail-changingmta.html + service 'sendmail' do + action :nothing + end + + template '/etc/mail/mailer.conf' do + source 'mailer.erb' + owner 'root' + group 0 + notifies :restart, 'service[postfix]' unless platform_family?('solaris2') + end + + execute 'switch_mailer_to_postfix' do + command [ + 'sysrc', + 'sendmail_enable=NO', + 'sendmail_submit_enable=NO', + 'sendmail_outbound_enable=NO', + 'sendmail_msp_queue_enable=NO', + 'postfix_enable=YES', + ] + notifies :stop, 'service[sendmail]', :immediately + notifies :disable, 'service[sendmail]', :immediately + notifies :start, 'service[postfix]', :delayed + only_if "sysrc sendmail_enable sendmail_submit_enable sendmail_outbound_enable sendmail_msp_queue_enable | egrep -q '(YES|unknown variable)' || sysrc postfix_enable | egrep -q '(NO|unknown variable)'" + end + + execute 'disable_periodic' do + # rubocop:disable Lint/ParenthesesAsGroupedExpression + environment ({ 'RC_CONFS' => '/etc/periodic.conf' }) + command [ + 'sysrc', + 'daily_clean_hoststat_enable=NO', + 'daily_status_mail_rejects_enable=NO', + 'daily_status_include_submit_mailq=NO', + 'daily_submit_queuerun=NO', + ] + only_if "RC_CONFS=/etc/periodic.conf sysrc daily_clean_hoststat_enable daily_status_mail_rejects_enable daily_status_include_submit_mailq daily_submit_queuerun | egrep -q '(YES|unknown variable)'" + end +end + +# We need to write the config first as the below postmap immediately commands assume config is correct +# Which is not the case as ipv6 is assumed to be available by the postfix package +# And if someone wants to disable this first we need to update the config first aswell +%w( main master ).each do |cfg| + template "#{node['postfix']['conf_dir']}/#{cfg}.cf" do + source "#{cfg}.cf.erb" + owner 'root' + group node['root_group'] + mode '0644' + # restart service for solaris on chef-client has a bug + # unless condition can be removed after + # https://github.com/chef/chef/pull/6596 merge/release + notifies :restart, 'service[postfix]' unless platform_family?('solaris2') + variables( + lazy { { settings: node['postfix'][cfg] } } + ) + cookbook node['postfix']["#{cfg}_template_source"] end end @@ -81,13 +151,11 @@ unless node['postfix']['sender_canonical_map_entries'].empty? owner 'root' group node['root_group'] mode '0644' - notifies :run, 'execute[update-postfix-sender_canonical]' + notifies :run, 'execute[update-postfix-sender_canonical]', :immediately notifies :reload, 'service[postfix]' end - unless node['postfix']['main'].key?('sender_canonical_maps') - node.normal['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical" - end + node.default['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical" unless node['postfix']['main'].key?('sender_canonical_maps') end execute 'update-postfix-smtp_generic' do @@ -100,28 +168,31 @@ unless node['postfix']['smtp_generic_map_entries'].empty? owner 'root' group node['root_group'] mode '0644' - notifies :run, 'execute[update-postfix-smtp_generic]' + notifies :run, 'execute[update-postfix-smtp_generic]', :immediately notifies :reload, 'service[postfix]' end - unless node['postfix']['main'].key?('smtp_generic_maps') - node.normal['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic" - end + node.default['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic" unless node['postfix']['main'].key?('smtp_generic_maps') end -%w( main master ).each do |cfg| - template "#{node['postfix']['conf_dir']}/#{cfg}.cf" do - source "#{cfg}.cf.erb" +execute 'update-postfix-recipient_canonical' do + command "postmap #{node['postfix']['conf_dir']}/recipient_canonical" + action :nothing +end + +unless node['postfix']['recipient_canonical_map_entries'].empty? + template "#{node['postfix']['conf_dir']}/recipient_canonical" do owner 'root' group node['root_group'] mode '0644' - notifies :restart, 'service[postfix]' - variables(settings: node['postfix'][cfg]) - cookbook node['postfix']["#{cfg}_template_source"] + notifies :run, 'execute[update-postfix-recipient_canonical]', :immediately + notifies :reload, 'service[postfix]' end + + node.default['postfix']['main']['recipient_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/recipient_canonical" unless node['postfix']['main'].key?('recipient_canonical_maps') end service 'postfix' do supports status: true, restart: true, reload: true - action :enable + action [:enable, :start] end diff --git a/cookbooks/postfix/recipes/access.rb b/cookbooks/postfix/recipes/access.rb index 62e3025..cfe5dbd 100644 --- a/cookbooks/postfix/recipes/access.rb +++ b/cookbooks/postfix/recipes/access.rb @@ -1,4 +1,4 @@ -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,5 +23,5 @@ end template node['postfix']['access_db'] do source 'access.erb' - notifies :run, 'execute[update-postfix-access]' + notifies :run, 'execute[update-postfix-access]', :immediately end diff --git a/cookbooks/postfix/recipes/aliases.rb b/cookbooks/postfix/recipes/aliases.rb index 67d6db7..f8eec97 100644 --- a/cookbooks/postfix/recipes/aliases.rb +++ b/cookbooks/postfix/recipes/aliases.rb @@ -1,4 +1,4 @@ -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,5 +25,5 @@ end template node['postfix']['aliases_db'] do source 'aliases.erb' - notifies :run, 'execute[update-postfix-aliases]' + notifies :run, 'execute[update-postfix-aliases]', :immediately end diff --git a/cookbooks/postfix/recipes/client.rb b/cookbooks/postfix/recipes/client.rb index 2231ce2..b5009a6 100644 --- a/cookbooks/postfix/recipes/client.rb +++ b/cookbooks/postfix/recipes/client.rb @@ -2,7 +2,7 @@ # Cookbook:: postfix # Recipe:: client # -# Copyright:: 2009-2017, Chef Software, Inc. +# Copyright:: 2009-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,6 +24,9 @@ end query = "role:#{node['postfix']['relayhost_role']}" relayhost = '' +# if the relayhost_port attribute is not port 25, append to the relayhost +relayhost_port = node['postfix']['relayhost_port'].to_s != '25' ? ":#{node['postfix']['relayhost_port']}" : '' + # results = [] if node.run_list.roles.include?(node['postfix']['relayhost_role']) @@ -36,6 +39,6 @@ else relayhost = results.map { |n| n['ipaddress'] }.first end -node.normal['postfix']['main']['relayhost'] = "[#{relayhost}]" +node.default['postfix']['main']['relayhost'] = "[#{relayhost}]#{relayhost_port}" include_recipe 'postfix' diff --git a/cookbooks/postfix/recipes/default.rb b/cookbooks/postfix/recipes/default.rb index 07026e4..9fed0be 100644 --- a/cookbooks/postfix/recipes/default.rb +++ b/cookbooks/postfix/recipes/default.rb @@ -2,7 +2,7 @@ # Cookbook:: postfix # Recipe:: default # -# Copyright:: 2009-2017, Chef Software, Inc. +# Copyright:: 2009-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/postfix/recipes/maps.rb b/cookbooks/postfix/recipes/maps.rb index 9c47486..35ea9ad 100644 --- a/cookbooks/postfix/recipes/maps.rb +++ b/cookbooks/postfix/recipes/maps.rb @@ -1,5 +1,4 @@ -# encoding: utf-8 -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,7 +14,11 @@ # node['postfix']['maps'].each do |type, maps| - if node['platform_family'] == 'debian' + if platform_family?('debian') + package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type) + end + + if platform?('redhat') && node['platform_version'].to_i == 8 package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type) end @@ -38,9 +41,7 @@ node['postfix']['maps'].each do |type, maps| map: content, separator: separator ) - if %w(btree cdb dbm hash sdbm).include?(type) - notifies :run, "execute[update-postmap-#{file}]" - end + notifies :run, "execute[update-postmap-#{file}]" if %w(btree cdb dbm hash sdbm).include?(type) notifies :restart, 'service[postfix]' end end diff --git a/cookbooks/postfix/recipes/relay_restrictions.rb b/cookbooks/postfix/recipes/relay_restrictions.rb index c5548e4..08aabcd 100644 --- a/cookbooks/postfix/recipes/relay_restrictions.rb +++ b/cookbooks/postfix/recipes/relay_restrictions.rb @@ -1,4 +1,4 @@ -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,13 +15,15 @@ include_recipe 'postfix::_common' +postmap_command = platform_family?('rhel') ? '/usr/sbin/postmap' : 'postmap' + execute 'update-postfix-relay-restrictions' do - command "postmap #{node['postfix']['relay_restrictions_db']}" + command "#{postmap_command} #{node['postfix']['relay_restrictions_db']}" environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios') action :nothing end template node['postfix']['relay_restrictions_db'] do source 'relay_restrictions.erb' - notifies :run, 'execute[update-postfix-relay-restrictions]' + notifies :run, 'execute[update-postfix-relay-restrictions]', :immediately end diff --git a/cookbooks/postfix/recipes/sasl_auth.rb b/cookbooks/postfix/recipes/sasl_auth.rb index 38f040e..bd9c18f 100644 --- a/cookbooks/postfix/recipes/sasl_auth.rb +++ b/cookbooks/postfix/recipes/sasl_auth.rb @@ -3,7 +3,7 @@ # Cookbook:: postfix # Recipe:: sasl_auth # -# Copyright:: 2009-2017, Chef Software, Inc. +# Copyright:: 2009-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,11 +28,9 @@ case node['platform_family'] when 'debian' sasl_pkgs = %w(libsasl2-2 libsasl2-modules ca-certificates) when 'rhel' - sasl_pkgs = if node['platform_version'].to_i < 6 - %w(cyrus-sasl cyrus-sasl-plain openssl) - else - %w(cyrus-sasl cyrus-sasl-plain ca-certificates) - end + sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain ca-certificates) +when 'amazon' + sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain ca-certificates) when 'fedora' sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain ca-certificates) end diff --git a/cookbooks/postfix/recipes/server.rb b/cookbooks/postfix/recipes/server.rb index 2166777..eaa14a6 100644 --- a/cookbooks/postfix/recipes/server.rb +++ b/cookbooks/postfix/recipes/server.rb @@ -3,7 +3,7 @@ # Cookbook:: postfix # Recipe:: server # -# Copyright:: 2009-2017, Chef Software, Inc. +# Copyright:: 2009-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/postfix/recipes/transports.rb b/cookbooks/postfix/recipes/transports.rb index 7386caa..5436ae6 100644 --- a/cookbooks/postfix/recipes/transports.rb +++ b/cookbooks/postfix/recipes/transports.rb @@ -1,4 +1,4 @@ -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,13 +15,15 @@ include_recipe 'postfix::_common' +postmap_command = platform_family?('rhel') ? '/usr/sbin/postmap' : 'postmap' + execute 'update-postfix-transport' do - command "postmap #{node['postfix']['transport_db']}" + command "#{postmap_command} #{node['postfix']['transport_db']}" environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios') action :nothing end template node['postfix']['transport_db'] do source 'transport.erb' - notifies :run, 'execute[update-postfix-transport]' + notifies :run, 'execute[update-postfix-transport]', :immediately end diff --git a/cookbooks/postfix/recipes/virtual_aliases.rb b/cookbooks/postfix/recipes/virtual_aliases.rb index f8e9eda..7047807 100644 --- a/cookbooks/postfix/recipes/virtual_aliases.rb +++ b/cookbooks/postfix/recipes/virtual_aliases.rb @@ -1,4 +1,4 @@ -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,6 +23,6 @@ end template node['postfix']['virtual_alias_db'] do source 'virtual_aliases.erb' - notifies :run, 'execute[update-postfix-virtual-alias]' + notifies :run, 'execute[update-postfix-virtual-alias]', :immediately notifies :restart, 'service[postfix]' end diff --git a/cookbooks/postfix/recipes/virtual_aliases_domains.rb b/cookbooks/postfix/recipes/virtual_aliases_domains.rb index 067b697..3ded82d 100644 --- a/cookbooks/postfix/recipes/virtual_aliases_domains.rb +++ b/cookbooks/postfix/recipes/virtual_aliases_domains.rb @@ -1,4 +1,4 @@ -# Copyright:: 2012-2017, Chef Software, Inc. +# Copyright:: 2012-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,6 +23,6 @@ end template node['postfix']['virtual_alias_domains_db'] do source 'virtual_aliases_domains.erb' - notifies :run, 'execute[update-postfix-virtual-alias-domains]' + notifies :run, 'execute[update-postfix-virtual-alias-domains]', :immediately notifies :restart, 'service[postfix]' end diff --git a/cookbooks/postfix/renovate.json b/cookbooks/postfix/renovate.json new file mode 100644 index 0000000..7e7a8ba --- /dev/null +++ b/cookbooks/postfix/renovate.json @@ -0,0 +1,17 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["config:base"], + "packageRules": [{ + "groupName": "Actions", + "matchUpdateTypes": ["patch", "pin", "digest"], + "automerge": true, + "addLabels": ["Release: Patch", "Skip: Announcements"] + }, + { + "groupName": "Actions", + "matchUpdateTypes": ["major"], + "automerge": false, + "addLabels": ["Release: Patch", "Skip: Announcements"] + } + ] +} diff --git a/cookbooks/postfix/templates/default/access.erb b/cookbooks/postfix/templates/access.erb similarity index 100% rename from cookbooks/postfix/templates/default/access.erb rename to cookbooks/postfix/templates/access.erb diff --git a/cookbooks/postfix/templates/default/aliases.erb b/cookbooks/postfix/templates/aliases.erb similarity index 100% rename from cookbooks/postfix/templates/default/aliases.erb rename to cookbooks/postfix/templates/aliases.erb diff --git a/cookbooks/postfix/templates/default/sasl_passwd.erb b/cookbooks/postfix/templates/default/sasl_passwd.erb deleted file mode 100644 index 18f16b3..0000000 --- a/cookbooks/postfix/templates/default/sasl_passwd.erb +++ /dev/null @@ -1,4 +0,0 @@ -# Auto-generated by Chef. -# Local modifications will be overwritten. -# -<%= node['postfix']['main']['relayhost'] %> <%= @settings['smtp_sasl_user_name'] %>:<%= @settings['smtp_sasl_passwd'] %> diff --git a/cookbooks/postfix/templates/mailer.erb b/cookbooks/postfix/templates/mailer.erb new file mode 100644 index 0000000..1865157 --- /dev/null +++ b/cookbooks/postfix/templates/mailer.erb @@ -0,0 +1,10 @@ +# +# Auto-generated by Chef. +# Local modifications will be overwritten. +# +# Execute the Postfix sendmail program, named /usr/local/sbin/sendmail +# +sendmail /usr/local/sbin/sendmail +send-mail /usr/local/sbin/sendmail +mailq /usr/local/sbin/sendmail +newaliases /usr/local/sbin/sendmail diff --git a/cookbooks/postfix/templates/default/main.cf.erb b/cookbooks/postfix/templates/main.cf.erb similarity index 100% rename from cookbooks/postfix/templates/default/main.cf.erb rename to cookbooks/postfix/templates/main.cf.erb diff --git a/cookbooks/postfix/templates/default/manifest-postfix.xml.erb b/cookbooks/postfix/templates/manifest-postfix.xml.erb similarity index 100% rename from cookbooks/postfix/templates/default/manifest-postfix.xml.erb rename to cookbooks/postfix/templates/manifest-postfix.xml.erb diff --git a/cookbooks/postfix/templates/default/maps.erb b/cookbooks/postfix/templates/maps.erb similarity index 100% rename from cookbooks/postfix/templates/default/maps.erb rename to cookbooks/postfix/templates/maps.erb diff --git a/cookbooks/postfix/templates/default/master.cf.erb b/cookbooks/postfix/templates/master.cf.erb similarity index 100% rename from cookbooks/postfix/templates/default/master.cf.erb rename to cookbooks/postfix/templates/master.cf.erb diff --git a/cookbooks/postfix/templates/default/port_smtp.erb b/cookbooks/postfix/templates/port_smtp.erb similarity index 100% rename from cookbooks/postfix/templates/default/port_smtp.erb rename to cookbooks/postfix/templates/port_smtp.erb diff --git a/cookbooks/postfix/templates/recipient_canonical.erb b/cookbooks/postfix/templates/recipient_canonical.erb new file mode 100644 index 0000000..bfff5c1 --- /dev/null +++ b/cookbooks/postfix/templates/recipient_canonical.erb @@ -0,0 +1,9 @@ +# +# Auto-generated by Chef. +# Local modifications will be overwritten. +# +# See man 5 canonical for format + +<% node['postfix']['recipient_canonical_map_entries'].each do |name, value| %> +<%= name %> <%= value %> +<% end unless node['postfix']['recipient_canonical_map_entries'].nil? %> diff --git a/cookbooks/postfix/templates/default/relay_restrictions.erb b/cookbooks/postfix/templates/relay_restrictions.erb similarity index 100% rename from cookbooks/postfix/templates/default/relay_restrictions.erb rename to cookbooks/postfix/templates/relay_restrictions.erb diff --git a/cookbooks/postfix/templates/sasl_passwd.erb b/cookbooks/postfix/templates/sasl_passwd.erb new file mode 100644 index 0000000..7ead10e --- /dev/null +++ b/cookbooks/postfix/templates/sasl_passwd.erb @@ -0,0 +1,8 @@ +# Auto-generated by Chef. +# Local modifications will be overwritten. + +<% if !@settings.nil? && !@settings.empty? -%> +<% @settings.sort.map do |relayhost,value| -%> +<%= relayhost %> <%= value['username'] %>:<%= value['password'] %> +<% end -%> +<% end -%> diff --git a/cookbooks/postfix/templates/default/sender_canonical.erb b/cookbooks/postfix/templates/sender_canonical.erb similarity index 100% rename from cookbooks/postfix/templates/default/sender_canonical.erb rename to cookbooks/postfix/templates/sender_canonical.erb diff --git a/cookbooks/postfix/templates/default/smtp_generic.erb b/cookbooks/postfix/templates/smtp_generic.erb similarity index 100% rename from cookbooks/postfix/templates/default/smtp_generic.erb rename to cookbooks/postfix/templates/smtp_generic.erb diff --git a/cookbooks/postfix/templates/default/transport.erb b/cookbooks/postfix/templates/transport.erb similarity index 100% rename from cookbooks/postfix/templates/default/transport.erb rename to cookbooks/postfix/templates/transport.erb diff --git a/cookbooks/postfix/templates/default/virtual_aliases.erb b/cookbooks/postfix/templates/virtual_aliases.erb similarity index 100% rename from cookbooks/postfix/templates/default/virtual_aliases.erb rename to cookbooks/postfix/templates/virtual_aliases.erb diff --git a/cookbooks/postfix/templates/default/virtual_aliases_domains.erb b/cookbooks/postfix/templates/virtual_aliases_domains.erb similarity index 100% rename from cookbooks/postfix/templates/default/virtual_aliases_domains.erb rename to cookbooks/postfix/templates/virtual_aliases_domains.erb