Update postfix cookbook

cookbooks/postfix/recipes/_attributes.rb

@@ -1,4 +1,4 @@
-# Copyright:: 2012-2017, Chef Software, Inc.
+# Copyright:: 2012-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,9 +13,7 @@
 # limitations under the License.
 #
 
-if node['postfix']['use_procmail']
-  node.default_unless['postfix']['main']['mailbox_command'] = '/usr/bin/procmail -a "$EXTENSION"'
-end
+node.default_unless['postfix']['main']['mailbox_command'] = '/usr/bin/procmail -a "$EXTENSION"' if node['postfix']['use_procmail']
 
 if node['postfix']['main']['smtpd_use_tls'] == 'yes'
   node.default_unless['postfix']['main']['smtpd_tls_cert_file'] = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
@@ -38,34 +36,18 @@ if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
   node.default_unless['postfix']['main']['relayhost'] = ''
 end
 
-if node['postfix']['use_alias_maps']
-  node.default_unless['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"]
-end
+node.default_unless['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"] if node['postfix']['use_alias_maps']
 
-if node['postfix']['use_transport_maps']
-  node.default_unless['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"]
-end
+node.default_unless['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"] if node['postfix']['use_transport_maps']
 
-if node['postfix']['use_access_maps']
-  node.default_unless['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"]
-end
+node.default_unless['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"] if node['postfix']['use_access_maps']
 
-if node['postfix']['use_virtual_aliases']
-  node.default_unless['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"]
-end
+node.default_unless['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"] if node['postfix']['use_virtual_aliases']
 
-if node['postfix']['use_virtual_aliases_domains']
-  node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"]
-end
+node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"] if node['postfix']['use_virtual_aliases_domains']
 
-if node['postfix']['use_relay_restrictions_maps']
-  default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject"
-end
+node.default_unless['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" if node['postfix']['use_relay_restrictions_maps']
 
-if node['postfix']['master']['maildrop']['active']
-  node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1
-end
+node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1 if node['postfix']['master']['maildrop']['active']
 
-if node['postfix']['master']['cyrus']['active']
-  node.default_unless['postfix']['main']['cyrus_destination_recipient_limit'] = 1
-end
+node.default_unless['postfix']['main']['cyrus_destination_recipient_limit'] = 1 if node['postfix']['master']['cyrus']['active']

cookbooks/postfix/recipes/_common.rb

@@ -2,7 +2,7 @@
 # Cookbook:: common
 # Recipe:: default
 #
-# Copyright:: 2009-2017, Chef Software, Inc.
+# Copyright:: 2009-2020, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,12 +19,19 @@
 
 include_recipe 'postfix::_attributes'
 
-package 'postfix'
+# use multi-package when we can
+if node['os'] == 'linux'
+  package node['postfix']['packages']
+else
+  node['postfix']['packages'].each do |pkg|
+    package pkg
+  end
+end
 
 package 'procmail' if node['postfix']['use_procmail']
 
 case node['platform_family']
-when 'rhel', 'fedora'
+when 'rhel', 'fedora', 'amazon'
   service 'sendmail' do
     action :nothing
   end
@@ -35,6 +42,8 @@ when 'rhel', 'fedora'
     notifies :start, 'service[postfix]'
     not_if '/usr/bin/test /etc/alternatives/mta -ef /usr/sbin/sendmail.postfix'
   end
+when 'suse'
+  file '/var/adm/postfix.configured'
 when 'omnios'
   manifest_path = ::File.join(Chef::Config[:file_cache_path], 'manifest-postfix.xml')
 
@@ -67,7 +76,68 @@ when 'omnios'
   execute 'load postfix manifest' do
     action :nothing
     command "svccfg import #{manifest_path}"
-    notifies :restart, 'service[postfix]'
+    notifies :restart, 'service[postfix]' unless platform_family?('solaris2')
+  end
+when 'freebsd'
+  # Actions are based on docs provided by FreeBSD:
+  # https://www.freebsd.org/doc/handbook/mail-changingmta.html
+  service 'sendmail' do
+    action :nothing
+  end
+
+  template '/etc/mail/mailer.conf' do
+    source 'mailer.erb'
+    owner 'root'
+    group 0
+    notifies :restart, 'service[postfix]' unless platform_family?('solaris2')
+  end
+
+  execute 'switch_mailer_to_postfix' do
+    command [
+      'sysrc',
+      'sendmail_enable=NO',
+      'sendmail_submit_enable=NO',
+      'sendmail_outbound_enable=NO',
+      'sendmail_msp_queue_enable=NO',
+      'postfix_enable=YES',
+    ]
+    notifies :stop, 'service[sendmail]', :immediately
+    notifies :disable, 'service[sendmail]', :immediately
+    notifies :start, 'service[postfix]', :delayed
+    only_if "sysrc sendmail_enable sendmail_submit_enable sendmail_outbound_enable sendmail_msp_queue_enable | egrep -q '(YES|unknown variable)' || sysrc postfix_enable | egrep -q '(NO|unknown variable)'"
+  end
+
+  execute 'disable_periodic' do
+    # rubocop:disable Lint/ParenthesesAsGroupedExpression
+    environment ({ 'RC_CONFS' => '/etc/periodic.conf' })
+    command [
+      'sysrc',
+      'daily_clean_hoststat_enable=NO',
+      'daily_status_mail_rejects_enable=NO',
+      'daily_status_include_submit_mailq=NO',
+      'daily_submit_queuerun=NO',
+    ]
+    only_if "RC_CONFS=/etc/periodic.conf sysrc daily_clean_hoststat_enable daily_status_mail_rejects_enable daily_status_include_submit_mailq daily_submit_queuerun | egrep -q '(YES|unknown variable)'"
+  end
+end
+
+# We need to write the config first as the below postmap immediately commands assume config is correct
+# Which is not the case as ipv6 is assumed to be available by the postfix package
+# And if someone wants to disable this first we need to update the config first aswell
+%w( main master ).each do |cfg|
+  template "#{node['postfix']['conf_dir']}/#{cfg}.cf" do
+    source "#{cfg}.cf.erb"
+    owner 'root'
+    group node['root_group']
+    mode '0644'
+    # restart service for solaris on chef-client has a bug
+    # unless condition can be removed after
+    # https://github.com/chef/chef/pull/6596 merge/release
+    notifies :restart, 'service[postfix]' unless platform_family?('solaris2')
+    variables(
+      lazy { { settings: node['postfix'][cfg] } }
+    )
+    cookbook node['postfix']["#{cfg}_template_source"]
   end
 end
 
@@ -81,13 +151,11 @@ unless node['postfix']['sender_canonical_map_entries'].empty?
     owner 'root'
     group node['root_group']
     mode '0644'
-    notifies :run, 'execute[update-postfix-sender_canonical]'
+    notifies :run, 'execute[update-postfix-sender_canonical]', :immediately
     notifies :reload, 'service[postfix]'
   end
 
-  unless node['postfix']['main'].key?('sender_canonical_maps')
-    node.normal['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical"
-  end
+  node.default['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical" unless node['postfix']['main'].key?('sender_canonical_maps')
 end
 
 execute 'update-postfix-smtp_generic' do
@@ -100,28 +168,31 @@ unless node['postfix']['smtp_generic_map_entries'].empty?
     owner 'root'
     group node['root_group']
     mode '0644'
-    notifies :run, 'execute[update-postfix-smtp_generic]'
+    notifies :run, 'execute[update-postfix-smtp_generic]', :immediately
     notifies :reload, 'service[postfix]'
   end
 
-  unless node['postfix']['main'].key?('smtp_generic_maps')
-    node.normal['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic"
-  end
+  node.default['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic" unless node['postfix']['main'].key?('smtp_generic_maps')
 end
 
-%w( main master ).each do |cfg|
-  template "#{node['postfix']['conf_dir']}/#{cfg}.cf" do
-    source "#{cfg}.cf.erb"
+execute 'update-postfix-recipient_canonical' do
+  command "postmap #{node['postfix']['conf_dir']}/recipient_canonical"
+  action :nothing
+end
+
+unless node['postfix']['recipient_canonical_map_entries'].empty?
+  template "#{node['postfix']['conf_dir']}/recipient_canonical" do
     owner 'root'
     group node['root_group']
     mode '0644'
-    notifies :restart, 'service[postfix]'
-    variables(settings: node['postfix'][cfg])
-    cookbook node['postfix']["#{cfg}_template_source"]
+    notifies :run, 'execute[update-postfix-recipient_canonical]', :immediately
+    notifies :reload, 'service[postfix]'
   end
+
+  node.default['postfix']['main']['recipient_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/recipient_canonical" unless node['postfix']['main'].key?('recipient_canonical_maps')
 end
 
 service 'postfix' do
   supports status: true, restart: true, reload: true
-  action :enable
+  action [:enable, :start]
 end

cookbooks/postfix/recipes/access.rb

@@ -1,4 +1,4 @@
-# Copyright:: 2012-2017, Chef Software, Inc.
+# Copyright:: 2012-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,5 +23,5 @@ end
 
 template node['postfix']['access_db'] do
   source 'access.erb'
-  notifies :run, 'execute[update-postfix-access]'
+  notifies :run, 'execute[update-postfix-access]', :immediately
 end

cookbooks/postfix/recipes/aliases.rb

@@ -1,4 +1,4 @@
-# Copyright:: 2012-2017, Chef Software, Inc.
+# Copyright:: 2012-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -25,5 +25,5 @@ end
 
 template node['postfix']['aliases_db'] do
   source 'aliases.erb'
-  notifies :run, 'execute[update-postfix-aliases]'
+  notifies :run, 'execute[update-postfix-aliases]', :immediately
 end

cookbooks/postfix/recipes/client.rb

@@ -2,7 +2,7 @@
 # Cookbook:: postfix
 # Recipe:: client
 #
-# Copyright:: 2009-2017, Chef Software, Inc.
+# Copyright:: 2009-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -24,6 +24,9 @@ end
 
 query = "role:#{node['postfix']['relayhost_role']}"
 relayhost = ''
+# if the relayhost_port attribute is not port 25, append to the relayhost
+relayhost_port = node['postfix']['relayhost_port'].to_s != '25' ? ":#{node['postfix']['relayhost_port']}" : ''
+
 # results = []
 
 if node.run_list.roles.include?(node['postfix']['relayhost_role'])
@@ -36,6 +39,6 @@ else
   relayhost = results.map { |n| n['ipaddress'] }.first
 end
 
-node.normal['postfix']['main']['relayhost'] = "[#{relayhost}]"
+node.default['postfix']['main']['relayhost'] = "[#{relayhost}]#{relayhost_port}"
 
 include_recipe 'postfix'

cookbooks/postfix/recipes/default.rb

@@ -2,7 +2,7 @@
 # Cookbook:: postfix
 # Recipe:: default
 #
-# Copyright:: 2009-2017, Chef Software, Inc.
+# Copyright:: 2009-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

cookbooks/postfix/recipes/maps.rb

@@ -1,5 +1,4 @@
-# encoding: utf-8
-# Copyright:: 2012-2017, Chef Software, Inc.
+# Copyright:: 2012-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,7 +14,11 @@
 #
 
 node['postfix']['maps'].each do |type, maps|
-  if node['platform_family'] == 'debian'
+  if platform_family?('debian')
+    package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
+  end
+
+  if platform?('redhat') && node['platform_version'].to_i == 8
     package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
   end
 
@@ -38,9 +41,7 @@ node['postfix']['maps'].each do |type, maps|
         map: content,
         separator: separator
       )
-      if %w(btree cdb dbm hash sdbm).include?(type)
-        notifies :run, "execute[update-postmap-#{file}]"
-      end
+      notifies :run, "execute[update-postmap-#{file}]" if %w(btree cdb dbm hash sdbm).include?(type)
       notifies :restart, 'service[postfix]'
     end
   end

cookbooks/postfix/recipes/relay_restrictions.rb

@@ -1,4 +1,4 @@
-# Copyright:: 2012-2017, Chef Software, Inc.
+# Copyright:: 2012-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,13 +15,15 @@
 
 include_recipe 'postfix::_common'
 
+postmap_command = platform_family?('rhel') ? '/usr/sbin/postmap' : 'postmap'
+
 execute 'update-postfix-relay-restrictions' do
-  command "postmap #{node['postfix']['relay_restrictions_db']}"
+  command "#{postmap_command} #{node['postfix']['relay_restrictions_db']}"
   environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
   action :nothing
 end
 
 template node['postfix']['relay_restrictions_db'] do
   source 'relay_restrictions.erb'
-  notifies :run, 'execute[update-postfix-relay-restrictions]'
+  notifies :run, 'execute[update-postfix-relay-restrictions]', :immediately
 end

cookbooks/postfix/recipes/sasl_auth.rb

@@ -3,7 +3,7 @@
 # Cookbook:: postfix
 # Recipe:: sasl_auth
 #
-# Copyright:: 2009-2017, Chef Software, Inc.
+# Copyright:: 2009-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -28,11 +28,9 @@ case node['platform_family']
 when 'debian'
   sasl_pkgs = %w(libsasl2-2 libsasl2-modules ca-certificates)
 when 'rhel'
-  sasl_pkgs = if node['platform_version'].to_i < 6
-                %w(cyrus-sasl cyrus-sasl-plain openssl)
-              else
-                %w(cyrus-sasl cyrus-sasl-plain ca-certificates)
-              end
+  sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain ca-certificates)
+when 'amazon'
+  sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain ca-certificates)
 when 'fedora'
   sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain ca-certificates)
 end

cookbooks/postfix/recipes/server.rb

@@ -3,7 +3,7 @@
 # Cookbook:: postfix
 # Recipe:: server
 #
-# Copyright:: 2009-2017, Chef Software, Inc.
+# Copyright:: 2009-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

cookbooks/postfix/recipes/transports.rb

@@ -1,4 +1,4 @@
-# Copyright:: 2012-2017, Chef Software, Inc.
+# Copyright:: 2012-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,13 +15,15 @@
 
 include_recipe 'postfix::_common'
 
+postmap_command = platform_family?('rhel') ? '/usr/sbin/postmap' : 'postmap'
+
 execute 'update-postfix-transport' do
-  command "postmap #{node['postfix']['transport_db']}"
+  command "#{postmap_command} #{node['postfix']['transport_db']}"
   environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
   action :nothing
 end
 
 template node['postfix']['transport_db'] do
   source 'transport.erb'
-  notifies :run, 'execute[update-postfix-transport]'
+  notifies :run, 'execute[update-postfix-transport]', :immediately
 end

cookbooks/postfix/recipes/virtual_aliases.rb

@@ -1,4 +1,4 @@
-# Copyright:: 2012-2017, Chef Software, Inc.
+# Copyright:: 2012-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,6 +23,6 @@ end
 
 template node['postfix']['virtual_alias_db'] do
   source 'virtual_aliases.erb'
-  notifies :run, 'execute[update-postfix-virtual-alias]'
+  notifies :run, 'execute[update-postfix-virtual-alias]', :immediately
   notifies :restart, 'service[postfix]'
 end

cookbooks/postfix/recipes/virtual_aliases_domains.rb

@@ -1,4 +1,4 @@
-# Copyright:: 2012-2017, Chef Software, Inc.
+# Copyright:: 2012-2019, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,6 +23,6 @@ end
 
 template node['postfix']['virtual_alias_domains_db'] do
   source 'virtual_aliases_domains.erb'
-  notifies :run, 'execute[update-postfix-virtual-alias-domains]'
+  notifies :run, 'execute[update-postfix-virtual-alias-domains]', :immediately
   notifies :restart, 'service[postfix]'
 end