WIP virtual domain configs

site-cookbooks/kosmos_email/recipes/dovecot.rb

@@ -17,6 +17,9 @@ domain   = node["email"]["domain"]
 hostname = node["email"]["hostname"]
 ip_addr  = node["knife_zero"]["host"]
 
+ldap_search_base = node["email"]["ldap_search_base"]
+ldap_user_filter = "(&(objectClass=person)(mailRoutingAddress=%u))"
+
 credentials = Chef::EncryptedDataBagItem.load('credentials', 'email')
 
 user "vmail" do
@@ -41,11 +44,11 @@ template "/etc/dovecot/dovecot-ldap.conf.ext" do
   variables uris: "ldap://ldap.kosmos.local", # TODO add list of all IPs instead?
             dn: credentials['ldap_dn'],
             dnpass: credentials['ldap_dnpass'],
-            base: "ou=kosmos.org,cn=users,dc=kosmos,dc=org",
-            user_attrs: "mailhome=home",
-            user_filter: "(&(objectClass=person)(cn=%u))",
-            pass_attrs: "cn=user,mailpassword=password",
-            pass_filter: "(&(objectClass=person)(cn=%u))",
+            base: ldap_search_base,
+            user_filter: ldap_user_filter,
+            user_attrs: "",
+            pass_filter: ldap_user_filter,
+            pass_attrs: "mailRoutingAddress=user,mailpassword=password",
             default_pass_scheme: "BLF-CRYPT"
   notifies :restart, "service[dovecot]", :delayed
 end
@@ -60,7 +63,9 @@ template "/etc/dovecot/conf.d/10-mail.conf" do
   source    "dovecot_10-mail.conf.erb"
   mode      0644
   variables mail_uid: "vmail",
-            mail_gid: "mail"
+            mail_gid: "mail",
+            mail_location: "mbox:~/mail:INBOX=~/mail/INBOX",
+            mail_home: "/var/vmail/%d/%n"
   notifies :restart, "service[dovecot]", :delayed
 end
 
@@ -79,6 +84,12 @@ template "/etc/dovecot/conf.d/10-ssl.conf" do
   notifies :restart, "service[dovecot]", :delayed
 end
 
+template "/etc/dovecot/conf.d/15-mailboxes.conf" do
+  source    "dovecot_15-mailboxes.conf.erb"
+  mode      0644
+  notifies :restart, "service[dovecot]", :delayed
+end
+
 service "dovecot" do
   action [:enable, :start]
 end

site-cookbooks/kosmos_email/recipes/postfix.rb

@@ -14,17 +14,19 @@ domain   = node["email"]["domain"]
 hostname = node["email"]["hostname"]
 ip_addr  = node["knife_zero"]["host"]
 
+ldap_host        = node["email"]["ldap_host"]
+ldap_search_base = node["email"]["ldap_search_base"]
+
 credentials = Chef::EncryptedDataBagItem.load('credentials', 'email')
 
 node.normal["postfix"]["mail_type"] = "master"
 node.normal["postfix"]["use_relay_restrictions_maps"] = true
 node.normal["postfix"]["relay_restrictions"] = { domain => "OK", hostname => "OK" }
 
-node.normal['postfix']['main']['mydomain'] = domain
-node.normal['postfix']['main']['myorigin'] = domain
 node.normal['postfix']['main']['myhostname'] = hostname
+node.normal['postfix']['main']['mydomain'] = "$myhostname"
+node.normal['postfix']['main']['myorigin'] = "$myhostname"
 node.normal['postfix']['main']['mynetworks'] = ["10.1.1.0/24", "127.0.0.0/8"]
-node.normal['postfix']['main']['mydestination'] = [domain, hostname, 'localhost.localdomain', 'localhost'].compact
 node.normal['postfix']['main']['smtp_use_tls'] = "yes"
 node.normal['postfix']['main']['smtp_tls_security_level'] = "may"
 node.normal['postfix']['main']['smtpd_use_tls'] = "yes"
@@ -35,8 +37,13 @@ node.normal['postfix']['main']['mailbox_transport'] = "lmtp:unix:private/dovecot
 node.normal['postfix']['main']['virtual_transport'] = "lmtp:unix:private/dovecot-lmtp"
 node.normal['postfix']['main']['smtputf8_enable'] = "no"
 node.normal['postfix']['main']['recipient_delimiter'] = "+"
-node.normal['postfix']['main']['alias_maps'] = "hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf"
-node.normal['postfix']['main']['smtpd_sender_login_maps'] = "ldap:/etc/postfix/ldap-username-aliases.cf"
+
+# node.normal['postfix']['main']['virtual_alias_domains'] = "ldap:/etc/postfix/ldap-virtual_alias_domains.cf"
+node.normal['postfix']['main']['virtual_alias_maps'] = "hash:/var/vmail/aliases, ldap:/etc/postfix/ldap-virtual_alias_maps.cf"
+node.normal['postfix']['main']['virtual_mailbox_domains'] = "ldap:/etc/postfix/ldap-virtual_mailbox_domains.cf"
+node.normal['postfix']['main']['virtual_mailbox_maps'] = "ldap:/etc/postfix/ldap-virtual_mailbox_maps.cf"
+node.normal['postfix']['main']['smtpd_sender_login_maps'] = "ldap:/etc/postfix/ldap-smtpd_sender_login_maps.cf"
+
 node.normal['postfix']['main']['milter_protocol'] = "6"
 node.normal['postfix']['main']['milter_default_action'] = "accept"
 node.normal['postfix']['main']['smtpd_milters'] = "inet:localhost:12301 local:spamass/spamass.sock"
@@ -70,7 +77,7 @@ node.normal['postfix']['master'] = {
       "-o smtpd_sasl_auth_enable=yes",
       "-o smtpd_sender_restrictions=reject_sender_login_mismatch",
       "-o smtpd_relay_restrictions=permit_sasl_authenticated,reject",
-      "-o smtpd_recipient_restrictions=permit_mynetworks,reject_sender_login_mismatch,permit_sasl_authenticated,reject",
+      "-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject",
       "-o smtpd_sasl_type=dovecot",
       "-o smtpd_sasl_path=private/auth",
       "-o smtpd_upstream_proxy_protocol=haproxy",
@@ -123,27 +130,51 @@ node.normal['postfix']['master'] = {
   }
 }
 
-template "/etc/postfix/ldap-aliases.cf" do
-  source    "ldap-aliases.cf.erb"
+ldap_default_variables = {
+  server_host: ldap_host,
+  bind_dn: credentials['ldap_dn'],
+  bind_pw: credentials['ldap_dnpass'],
+  search_base: ldap_search_base
+}
+
+template "/etc/postfix/ldap-virtual_mailbox_domains.cf" do
+  source    "postfix_ldap-map.cf.erb"
   mode      0600
-  variables server_host: "ldap.kosmos.local",
-            bind_dn: credentials['ldap_dn'],
-            bind_pw: credentials['ldap_dnpass'],
-            search_base: "ou=kosmos.org,cn=users,dc=kosmos,dc=org",
-            query_filter: "(&(objectClass=person)(cn=%u))",
-            result_attribute: "maildrop"
+  variables ldap_default_variables.merge({
+              query_filter: "mailRoutingAddress=*@%s",
+              result_attribute: "mailRoutingAddress",
+              result_format: "%d"
+            })
   notifies :restart, "service[postfix]", :delayed
 end
 
-template "/etc/postfix/ldap-username-aliases.cf" do
-  source    "ldap-aliases.cf.erb"
+template "/etc/postfix/ldap-virtual_alias_maps.cf" do
+  source    "postfix_ldap-map.cf.erb"
   mode      0600
-  variables server_host: "ldap.kosmos.local",
-            bind_dn: credentials['ldap_dn'],
-            bind_pw: credentials['ldap_dnpass'],
-            search_base: "ou=kosmos.org,cn=users,dc=kosmos,dc=org",
-            query_filter: "(&(objectClass=person)(cn=%u))",
-            result_attribute: "cn"
+  variables ldap_default_variables.merge({
+              query_filter: "(&(mailRoutingAddress=%s)(mailForwardingAddress=*))",
+              result_attribute: "mailForwardingAddress"
+            })
+  notifies :restart, "service[postfix]", :delayed
+end
+
+template "/etc/postfix/ldap-virtual_mailbox_maps.cf" do
+  source    "postfix_ldap-map.cf.erb"
+  mode      0600
+  variables ldap_default_variables.merge({
+              query_filter: "mailRoutingAddress=%s",
+              result_attribute: "mailRoutingAddress"
+            })
+  notifies :restart, "service[postfix]", :delayed
+end
+
+template "/etc/postfix/ldap-smtpd_sender_login_maps.cf" do
+  source    "postfix_ldap-map.cf.erb"
+  mode      0600
+  variables ldap_default_variables.merge({
+              query_filter: "mailRoutingAddress=%s",
+              result_attribute: "mailRoutingAddress, mailForwardingAddress"
+            })
   notifies :restart, "service[postfix]", :delayed
 end