Update postfix cookbook

2023-11-29 22:26:29 +01:00
parent 1e9878d17e
commit 158a9c2fbe
43 changed files with 836 additions and 156 deletions
--- a/cookbooks/postfix/attributes/default.rb
+++ b/cookbooks/postfix/attributes/default.rb
@@ -1,5 +1,5 @@
 # Author:: Joshua Timberman <joshua@chef.io>
-# Copyright:: 2009-2017, Chef Software, Inc.
+# Copyright:: 2009-2019, Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,12 +14,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+default['postfix']['packages'] = %w(postfix)
+
 # Generic cookbook attributes
 default['postfix']['mail_type'] = 'client'
 default['postfix']['relayhost_role'] = 'relayhost'
+default['postfix']['relayhost_port'] = '25'
 default['postfix']['multi_environment_relay'] = false
 default['postfix']['use_procmail'] = false
-default['postfix']['use_alias_maps'] = (node['platform'] == 'freebsd')
+default['postfix']['use_alias_maps'] = platform?('freebsd')
 default['postfix']['use_transport_maps'] = false
 default['postfix']['use_access_maps'] = false
 default['postfix']['use_virtual_aliases'] = false
@@ -33,6 +36,7 @@ default['postfix']['main_template_source'] = 'postfix'
 default['postfix']['master_template_source'] = 'postfix'
 default['postfix']['sender_canonical_map_entries'] = {}
 default['postfix']['smtp_generic_map_entries'] = {}
+default['postfix']['recipient_canonical_map_entries'] = {}
 default['postfix']['access_db_type'] = 'hash'
 default['postfix']['aliases_db_type'] = 'hash'
 default['postfix']['transport_db_type'] = 'hash'
@@ -84,6 +88,10 @@ default['postfix']['main']['myorigin'] = '$myhostname'
 default['postfix']['main']['mydestination'] = [node['postfix']['main']['myhostname'], node['hostname'], 'localhost.localdomain', 'localhost'].compact
 default['postfix']['main']['smtpd_use_tls'] = 'yes'
 default['postfix']['main']['smtp_use_tls'] = 'yes'
+default['postfix']['main']['smtpd_tls_mandatory_protocols'] = '!SSLv2,!SSLv3'
+default['postfix']['main']['smtp_tls_mandatory_protocols'] = '!SSLv2,!SSLv3'
+default['postfix']['main']['smtpd_tls_protocols'] = '!SSLv2,!SSLv3'
+default['postfix']['main']['smtp_tls_protocols'] = '!SSLv2,!SSLv3'
 default['postfix']['main']['smtp_sasl_auth_enable'] = 'no'
 default['postfix']['main']['mailbox_size_limit'] = 0
 default['postfix']['main']['mynetworks'] = nil
@@ -99,6 +107,11 @@ when 'smartos'
  default['postfix']['cafile'] = '/opt/local/etc/postfix/cacert.pem'
 when 'rhel'
  default['postfix']['cafile'] = '/etc/pki/tls/cert.pem'
+when 'amazon'
+  default['postfix']['cafile'] = '/etc/pki/tls/cert.pem'
+when 'suse'
+  default['postfix']['main']['setgid_group'] = 'maildrop'
+  default['postfix']['main']['daemon_directory'] = '/usr/lib/postfix/bin'
 else
  default['postfix']['cafile'] = "#{node['postfix']['conf_dir']}/cacert.pem"
 end
@@ -374,27 +387,24 @@ default['postfix']['master']['bsmtp']['command'] = 'pipe'
 default['postfix']['master']['bsmtp']['args'] = ['flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient']

 # OS Aliases
-default['postfix']['aliases'] = case node['platform']
-                                when 'freebsd'
+default['postfix']['aliases'] = if platform?('freebsd')
                                  {
-                                    'MAILER-DAEMON' =>  'postmaster',
-                                    'bin' =>            'root',
-                                    'daemon' =>         'root',
-                                    'named' =>          'root',
-                                    'nobody' =>         'root',
-                                    'uucp' =>           'root',
-                                    'www' =>            'root',
-                                    'ftp-bugs' =>       'root',
-                                    'postfix' =>        'root',
-                                    'manager' =>        'root',
-                                    'dumper' =>         'root',
-                                    'operator' =>       'root',
-                                    'abuse' =>          'postmaster',
+                                    'MAILER-DAEMON' => 'postmaster',
+                                    'bin' => 'root',
+                                    'daemon' => 'root',
+                                    'named' => 'root',
+                                    'nobody' => 'root',
+                                    'uucp' => 'root',
+                                    'www' => 'root',
+                                    'ftp-bugs' => 'root',
+                                    'postfix' => 'root',
+                                    'manager' => 'root',
+                                    'dumper' => 'root',
+                                    'operator' => 'root',
+                                    'abuse' => 'postmaster',
                                  }
                                else
                                  {}
                                end

-if node['postfix']['use_relay_restrictions_maps']
-  default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject"
-end
+default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']