kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Update upstream cookbooks

Browse Source
This commit is contained in:
Greg Karékinian
2017-03-20 13:19:10 +00:00
parent bfd2d52ea8
commit bcfd44b923
340 changed files with 12576 additions and 5465 deletions
Download Patch File Download Diff File Expand all files Collapse all files

175
cookbooks/postfix/CHANGELOG.md
View File

@@ -1,172 +1,215 @@
postfix Cookbook CHANGELOG
==========================
# postfix Cookbook CHANGELOG
This file is used to list changes made in each version of the postfix cookbook.
v3.7.0 (2015-04-30)
-------------------
## 5.0.1 (2017-03-03)
- Fix documentation error on inet-interfaces
- Test with Local Delivery instead of Rake
- Fix master.cf attributes types on README
## 5.0.0 (2017-01-17)
- Manage any hash: tables for postfix with hash_maps recipe
- Fully customizable master.cf file
- Support for any kind of postfix lookup tables
- Remove old minitest files
- Update chef requirement in the readme
- Update tests for new config comment blocks
- fixing /etc/aliases syntax for full-mailaddresses
## 4.0.0 (2016-09-07)
- Update supported platforms in metadata
- Remove node name from config file
- Testing updates
- Use node.normal vs. node.set to avoid deprecation warnings
- Require Chef 12+
## v3.8.0 (2016-04-01)
- Updated attributes to use node.default_unless instead of node.default to be more wrapper friendly
- Added integration and unit testing in Travis CI
- Added rubocop config and resolved rubocop warnings
- Added Gemfile with all necessary test deps
- Added standard gitignore and chefignore files
- Added updated contributing and testing docs
- Removed the Kitchen Digital Ocean files and dependencies
- Added additional platforms to the Test Kitchen config
- Added a Rakefile for simplified testing
- Fixed a typo in the use_relay_restrictions_maps attribute that prevented the default from being set
- Added fedora and oracle as supported platforms in the metadata
- Removed the attributes from the metadata.
- Added long_description to the metadata
- Added Chef 11 compatibility checks to issues_url and source_url in metadata.rb
- Added maintainers.md and maintainers.toml files
## v3.7.0 (2015-04-30)
- Adding support for relay restrictions
- Update chefspec and serverspec tests
v3.6.2 (2014-10-31)
-------------------
## v3.6.2 (2014-10-31)
- Fix FreeBSDisms
v3.6.1 (2014-10-28)
-------------------
## v3.6.1 (2014-10-28)
- Fix documentation around node['postfix']['main']['relayhost'] attribute
- Fix logic around include_recipe 'postfix::virtual_aliases_domains'
v3.6.0 (2014-08-25)
-------------------
## v3.6.0 (2014-08-25)
- restart postfix after updating virtual alias templates #86
- fixing typo for alias_db location in omnios
- moving conditional attributes to a recipe so they can be modified
via other cookbook attributes
- via other cookbook attributes
## v3.5.0 (2014-08-25)
v3.5.0 (2014-08-25)
-------------------
Adding virtual_domains functionality
v3.4.1 (2014-08-20)
-------------------
## v3.4.1 (2014-08-20)
Removing unused parameters from main.cf
v3.4.0 (2014-07-25)
-------------------
## v3.4.0 (2014-07-25)
Refactoring to fix some logic issues
v3.3.1 (2014-06-11)
-------------------
## v3.3.1 (2014-06-11)
Reverting #37 - [COOK-3418] Virtual Domain Support PR - duplicate of #55
## v3.3.0 (2014-06-11)
v3.3.0 (2014-06-11)
-------------------
- #37 - [COOK-3418] - Virtual Domain Support
- #44 - Fix minor formatting issue in attributes
- #55 - Add support for virtual aliases
- #57 - Fixing attributes bug in README
- #64 - add smtp_generic maps configuration option
- #66 - [COOK-3652] Add support for transport mappings
- #67 - [COOK-4662] Added support for access control
- #68 - Properly handle binding to loopback on mixed IPV4/IPV6 systems
- 37 - [COOK-3418] - Virtual Domain Support
- 44 - Fix minor formatting issue in attributes
- 55 - Add support for virtual aliases
- 57 - Fixing attributes bug in README
- 64 - add smtp_generic maps configuration option
- 66 - [COOK-3652] Add support for transport mappings
- 67 - [COOK-4662] Added support for access control
- 68 - Properly handle binding to loopback on mixed IPV4/IPV6 systems
## v3.2.0 (2014-05-09)
v3.2.0 (2014-05-09)
-------------------
- [COOK-4619] - no way to unset recipient_delimiter
## v3.1.8 (2014-03-27)
v3.1.8 (2014-03-27)
-------------------
- [COOK-4410] - Fix sender_canonical configuration by adding template
and postmap execution
- and postmap execution
## v3.1.6 (2014-03-19)
v3.1.6 (2014-03-19)
-------------------
- [COOK-4423] - use platform_family, find cert.pem on rhel
## v3.1.4 (2014-02-27)
v3.1.4 (2014-02-27)
-------------------
[COOK-4329] Migrate minitest PITs to latest test-kitchen + serverspec
## v3.1.2 (2014-02-19)
v3.1.2 (2014-02-19)
-------------------
### Bug
- **[COOK-4357](https://tickets.chef.io/browse/COOK-4357)** - postfix::sasl_auth recipe fails to converge
## v3.1.0 (2014-02-19)
v3.1.0 (2014-02-19)
-------------------
### Bug
- **[COOK-4322](https://tickets.chef.io/browse/COOK-4322)** - Postfix cookbook has incorrect default path for sasl_passwd
### New Feature
- **[COOK-4086](https://tickets.chef.io/browse/COOK-4086)** - use conf_dir attribute for sasl recipe, and add omnios support
- **[COOK-2551](https://tickets.chef.io/browse/COOK-2551)** - Support creating the sender_canonical map file
## v3.0.4
v3.0.4
------
### Bug
- **[COOK-3824](https://tickets.chef.io/browse/COOK-3824)** - main.cf.erb mishandles lists
### Improvement
- **[COOK-3822](https://tickets.chef.io/browse/COOK-3822)** - postfix cookbook readme has an incorrect example
- Got rubocop errors down to 32
### New Feature
- **[COOK-2551](https://tickets.chef.io/browse/COOK-2551)** - Support creating the sender_canonical map file
## v3.0.2
v3.0.2
------
### Bug
- **[COOK-3617](https://tickets.chef.io/browse/COOK-3617)** - Fix error when no there is no FQDN
- **[COOK-3530](https://tickets.chef.io/browse/COOK-3530)** - Update `client.rb` after 3.0.0 refactor
- **[COOK-2499](https://tickets.chef.io/browse/COOK-2499)** - Do not use resource cloning
### Improvement
- **[COOK-3116](https://tickets.chef.io/browse/COOK-3116)** - Add SmartOS support
## v3.0.0
v3.0.0
------
### Improvement
- **[COOK-3328](https://tickets.chef.io/browse/COOK-3328)** - Postfix main/master and attributes refactor
**Breaking changes**:
- Attributes are namespaced as `node['postfix']`, `node['postfix']['main']`, and `node['postfix']['master']`.
v2.1.6
------
## v2.1.6
### Bug
- [COOK-2501]: Reference to `['postfix']['domain']` should be `['postfix']['mydomain']`
- [COOK-2715]: master.cf uses old name for `smtp_fallback_relay` (`fallback_relay`) parameter in master.cf
v2.1.4
------
## v2.1.4
- [COOK-2281] - postfix aliases uses require_recipe statement
v2.1.2
------
## v2.1.2
- [COOK-2010] - postfix sasl_auth does not include the sasl plain package
v2.1.0
------
## v2.1.0
- [COOK-1233] - optional configuration for canonical maps
- [COOK-1660] - allow comma separated arrays in aliases
- [COOK-1662] - allow inet_interfaces configuration via attribute
v2.0.0
------
## v2.0.0
This version uses platform_family attribute, making the cookbook incompatible with older versions of Chef/Ohai, hence the major version bump.
- [COOK-1535] - `smtpd_cache` should be in `data_directory`, not `queue_directory`
- [COOK-1790] - /etc/aliases template is only in ubuntu directory
- [COOK-1792] - add minitest-chef tests to postfix cookbook
v1.2.2
------
## v1.2.2
- [COOK-1442] - Missing ['postfix']['domain'] Attribute causes initial installation failure
- [COOK-1520] - Add support for procmail delivery
- [COOK-1528] - Make aliasses template less specific
- [COOK-1538] - Add iptables_rule template
- [COOK-1540] - Add smtpd_milters and non_smtpd_milters parameters to main.cf
v1.2.0
------
## v1.2.0
- [COOK-880] - add client/server roles for search-based discovery of relayhost
v1.0.0
------
## v1.0.0
- [COOK-668] - RHEL/CentOS/Scientific/Amazon platform support
- [COOK-733] - postfix::aliases recipe to manage /etc/aliases
- [COOK-821] - add README.md :)
v0.8.4
------
## v0.8.4
- Current public release.

1
cookbooks/postfix/CONTRIBUTING.md Normal file
View File

@@ -0,0 +1 @@
Please refer to <https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD>

15
cookbooks/postfix/MAINTAINERS.md Normal file
View File

@@ -0,0 +1,15 @@
<!-- This is a generated file. Please do not edit directly -->
# Maintainers
This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead.
Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead.
# Project Maintainer
* [Tim Smith](https://github.com/tas50)
# Maintainers
* [Jennifer Davis](https://github.com/sigje)
* [Tim Smith](https://github.com/tas50)
* [Thom May](https://github.com/thommay)

281
cookbooks/postfix/README.md
View File

@@ -1,73 +1,84 @@
postfix Cookbook
================
# postfix Cookbook
[![Build Status](https://travis-ci.org/chef-cookbooks/postfix.svg?branch=master)](https://travis-ci.org/chef-cookbooks/postfix) [![Cookbook Version](https://img.shields.io/cookbook/v/postfix.svg)](https://supermarket.chef.io/cookbooks/postfix)
Installs and configures postfix for client or outbound relayhost, or to do SASL authentication.
On RHEL-family systems, sendmail will be replaced with postfix.
## Requirements
Requirements
------------
### Platforms
- Ubuntu 10.04+
- Debian 6.0+
- Ubuntu 12.04+
- Debian 7.0+
- RHEL/CentOS/Scientific 5.7+, 6.2+
- Amazon Linux (as of AMIs created after 4/9/2012)
May work on other platforms with or without modification.
### Chef
- Chef 12.1+
### Cookbooks
- none
## Attributes
Attributes
----------
See `attributes/default.rb` for default values.
### Generic cookbook attributes
* `node['postfix']['mail_type']` - Sets the kind of mail configuration. `master` will set up a server (relayhost).
* `node['postfix']['relayhost_role']` - name of a role used for search in the client recipe.
* `node['postfix']['multi_environment_relay']` - set to true if nodes should not constrain search for the relayhost in their own environment.
* `node['postfix']['use_procmail']` - set to true if nodes should use procmail as the delivery agent.
* `node['postfix']['use_alias_maps']` - set to true if you want the cookbook to use/configure alias maps
* `node['postfix']['use_transport_maps']` - set to true if you want the cookbook to use/configure transport maps
* `node['postfix']['use_access_maps']` - set to true if you want the cookbook to use/configure access maps
* `node['postfix']['use_virtual_aliases']` - set to true if you want the cookbook to use/configure virtual alias maps
* `node['postfix']['use_relay_restrictions_maps']` - set to true if you want the cookbook to use/configure a list of domains to which postfix will allow relay
* `node['postfix']['aliases']` - hash of aliases to create with `recipe[postfix::aliases]`, see below under __Recipes__ for more information.
* `node['postfix']['transports']` - hash of transports to create with `recipe[postfix::transports]`, see below under __Recipes__ for more information.
* `node['postfix']['access']` - hash of access to create with `recipe[postfix::access]`, see below under __Recipes__ for more information.
* `node['postfix']['virtual_aliases']` - hash of virtual_aliases to create with `recipe[postfix::virtual_aliases]`, see below under __Recipes__ for more information.
* `node['postfix']['main_template_source']` - Cookbook source for main.cf template. Default 'postfix'
* `node['postfix']['master_template_source']` - Cookbook source for master.cf template. Default 'postfix'
### main.cf and sasl\_passwd template attributes
The main.cf template has been simplified to include any attributes in the `node['postfix']['main']` data structure. The following attributes are still included with this cookbook to maintain some semblance of backwards compatibility.
- `node['postfix']['mail_type']` - Sets the kind of mail configuration. `master` will set up a server (relayhost).
- `node['postfix']['relayhost_role']` - name of a role used for search in the client recipe.
- `node['postfix']['multi_environment_relay']` - set to true if nodes should not constrain search for the relayhost in their own environment.
- `node['postfix']['use_procmail']` - set to true if nodes should use procmail as the delivery agent.
- `node['postfix']['use_alias_maps']` - set to true if you want the cookbook to use/configure alias maps
- `node['postfix']['use_transport_maps']` - set to true if you want the cookbook to use/configure transport maps
- `node['postfix']['use_access_maps']` - set to true if you want the cookbook to use/configure access maps
- `node['postfix']['use_virtual_aliases']` - set to true if you want the cookbook to use/configure virtual alias maps
- `node['postfix']['use_relay_restrictions_maps']` - set to true if you want the cookbook to use/configure a list of domains to which postfix will allow relay
- `node['postfix']['aliases']` - hash of aliases to create with `recipe[postfix::aliases]`, see below under **Recipes** for more information.
- `node['postfix']['transports']` - hash of transports to create with `recipe[postfix::transports]`, see below under **Recipes** for more information.
- `node['postfix']['access']` - hash of access to create with `recipe[postfix::access]`, see below under **Recipes** for more information.
- `node['postfix']['virtual_aliases']` - hash of virtual_aliases to create with `recipe[postfix::virtual_aliases]`, see below under __Recipes__ for more information.
- `node['postfix']['main_template_source']` - Cookbook source for main.cf template. Default 'postfix'
- `node['postfix']['master_template_source']` - Cookbook source for master.cf template. Default 'postfix'
This change in namespace to `node['postfix']['main']` should allow for greater flexibility, given the large number of configuration variables for the postfix daemon. All of these cookbook attributes correspond to the option of the same name in `/etc/postfix/main.cf`.
### main.cf and sasl_passwd template attributes
* `node['postfix']['main']['biff']` - (yes/no); default no
* `node['postfix']['main']['append_dot_mydomain']` - (yes/no); default no
* `node['postfix']['main']['myhostname']` - defaults to fqdn from Ohai
* `node['postfix']['main']['mydomain']` - defaults to domain from Ohai
* `node['postfix']['main']['myorigin']` - defaults to $myhostname
* `node['postfix']['main']['mynetworks']` - default is nil, which forces Postfix to default to loopback addresses.
* `node['postfix']['main']['inet_interfaces']` - set to `loopback-only`, or `all` for server recipe
* `node['postfix']['main']['alias_maps']` - set to `hash:/etc/aliases`
* `node['postfix']['main']['mailbox_size_limit']` - set to `0` (disabled)
* `node['postfix']['main']['mydestination']` - default fqdn, hostname, localhost.localdomain, localhost
* `node['postfix']['main']['smtpd_use_tls']` - (yes/no); default yes. See conditional cert/key attributes.
- `node['postfix']['main']['smtpd_tls_cert_file']` - conditional attribute, set to full path of server's x509 certificate.
- `node['postfix']['main']['smtpd_tls_key_file']` - conditional attribute, set to full path of server's private key
- `node['postfix']['main']['smtpd_tls_CAfile']` - set to platform specific CA bundle
- `node['postfix']['main']['smtpd_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
* `node['postfix']['main']['smtp_use_tls']` - (yes/no); default yes. See following conditional attributes.
- `node['postfix']['main']['smtp_tls_CAfile']` - set to platform specific CA bundle
- `node['postfix']['main']['smtp_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
* `node['postfix']['main']['smtp_sasl_auth_enable']` - (yes/no); default no. If enabled, see following conditional attributes.
- `node['postfix']['main']['smtp_sasl_password_maps']` - Set to `hash:/etc/postfix/sasl_passwd` template file
- `node['postfix']['main']['smtp_sasl_security_options']` - Set to noanonymous
- `node['postfix']['main']['relayhost']` - Set to empty string
- `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as. Default empty
- `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use. Default empty.
* `node['postfix']['sender_canonical_map_entries']` - (hash with key value pairs); default not configured. Setup generic canonical maps. See `man 5 canonical`. If has at least one value, then will be enabled in config.
* `node['postfix']['smtp_generic_map_entries']` - (hash with key value pairs); default not configured. Setup generic postfix maps. See `man 5 generic`. If has at least one value, then will be enabled in config.
The main.cf template has been simplified to include any attributes in the `node['postfix']['main']` data structure. The following attributes are still included with this cookbook to maintain some semblance of backwards compatibility.
This change in namespace to `node['postfix']['main']` should allow for greater flexibility, given the large number of configuration variables for the postfix daemon. All of these cookbook attributes correspond to the option of the same name in `/etc/postfix/main.cf`.
- `node['postfix']['main']['biff']` - (yes/no); default no
- `node['postfix']['main']['append_dot_mydomain']` - (yes/no); default no
- `node['postfix']['main']['myhostname']` - defaults to fqdn from Ohai
- `node['postfix']['main']['mydomain']` - defaults to domain from Ohai
- `node['postfix']['main']['myorigin']` - defaults to $myhostname
- `node['postfix']['main']['mynetworks']` - default is nil, which forces Postfix to default to loopback addresses.
- `node['postfix']['main']['inet_interfaces']` - set to `loopback-only`, or `all` for server recipe
- `node['postfix']['main']['alias_maps']` - set to `hash:/etc/aliases`
- `node['postfix']['main']['mailbox_size_limit']` - set to `0` (disabled)
- `node['postfix']['main']['mydestination']` - default fqdn, hostname, localhost.localdomain, localhost
- `node['postfix']['main']['smtpd_use_tls']` - (yes/no); default yes. See conditional cert/key attributes.
- `node['postfix']['main']['smtpd_tls_cert_file']` - conditional attribute, set to full path of server's x509 certificate.
- `node['postfix']['main']['smtpd_tls_key_file']` - conditional attribute, set to full path of server's private key
- `node['postfix']['main']['smtpd_tls_CAfile']` - set to platform specific CA bundle
- `node['postfix']['main']['smtpd_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
- `node['postfix']['main']['smtp_use_tls']` - (yes/no); default yes. See following conditional attributes.
- `node['postfix']['main']['smtp_tls_CAfile']` - set to platform specific CA bundle
- `node['postfix']['main']['smtp_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
- `node['postfix']['main']['smtp_sasl_auth_enable']` - (yes/no); default no. If enabled, see following conditional attributes.
- `node['postfix']['main']['smtp_sasl_password_maps']` - Set to `hash:/etc/postfix/sasl_passwd` template file
- `node['postfix']['main']['smtp_sasl_security_options']` - Set to noanonymous
- `node['postfix']['main']['relayhost']` - Set to empty string
- `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as. Default empty
- `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use. Default empty.
- `node['postfix']['sender_canonical_map_entries']` - (hash with key value pairs); default not configured. Setup generic canonical maps. See `man 5 canonical`. If has at least one value, then will be enabled in config.
- `node['postfix']['smtp_generic_map_entries']` - (hash with key value pairs); default not configured. Setup generic postfix maps. See `man 5 generic`. If has at least one value, then will be enabled in config.
Example of json role config, for setup *_map_entries:
@@ -80,68 +91,193 @@ Example of json role config, for setup *_map_entries:
`}`
### master.cf template attributes
* `node['postfix']['master']['submission'] - Whether to use submission (TCP 587) daemon. (true/false); default false
The master.cf template has been changed to allow full customization of the file content. For purpose of backwards compatibility default attributes generate the same master.cf. But via `node['postfix']['master']` data structure in your role for instance it can be completelly rewritten.
Examples of json role config, for customize master.cf:
`postfix : {`
`...`
turn some services off or on:
```json
"master" : {
"smtps": {
"active": true
},
"old-cyrus": {
"active": false
},
"cyrus": {
"active": false
},
"uucp": {
"active": false
},
"ifmail": {
"active": false
},
```
`...` define you own service:
```json
"spamfilter": {
"comment": "My own spamfilter",
"active": true,
"order": 590,
"type": "unix",
"unpriv": false,
"chroot": false,
"command": "pipe",
"args": ["flags=Rq user=spamd argv=/usr/bin/spamfilter.sh -oi -f ${sender} ${recipient}"]
}
```
`...`
`}` `}`
The possible service hash fields and their meanings: hash key - have to be unique, unless you wish to override default definition.
Field | Mandatory | Description
------- | --------- | --------------------------------------------------------------------
active | Yes | Boolean. Defines whether or not the service needs to be in master.cf
comment | No | String. If you would like to add a comment line before service line
order | Yes | Integer. Number to define the order of lines in the file
type | Yes | String. Type of the service (inet, unix, fifo)
private | No | Boolean. If present replaced by `y` or `n`, otherwise by `-`
unpriv | No | Boolean. If present replaced by `y` or `n`, otherwise by `-`
chroot | No | Boolean. If present replaced by `y` or `n`, otherwise by `-`
wakeup | No | String. If present value placed in file, otherwise replaced by `-`
maxproc | No | String. If present value placed in file, otherwise replaced by `-`
command | Yes | String. The command to be executed.
args | Yes | Array of Strings. Arguments passed to command.
For more information about meaning of the fields consult `master (5)` manual: <http://www.postfix.org/master.5.html>
## Recipes
Recipes
-------
### default
Installs the postfix package and manages the service and the main configuration files (`/etc/postfix/main.cf` and `/etc/postfix/master.cf`). See __Usage__ and __Examples__ to see how to affect behavior of this recipe through configuration. Depending on the `node['postfix']['use_alias_maps']`, `node['postfix']['use_transport_maps']`, `node['postfix']['use_access_maps']` and `node['postfix']['use_virtual_aliases']` attributes the default recipe can call additional recipes to manage additional postfix configuration files
Installs the postfix package and manages the service and the main configuration files (`/etc/postfix/main.cf` and `/etc/postfix/master.cf`). See **Usage** and **Examples** to see how to affect behavior of this recipe through configuration. Depending on the `node['postfix']['use_alias_maps']`, `node['postfix']['use_transport_maps']`, `node['postfix']['use_access_maps']` and `node['postfix']['use_virtual_aliases']` attributes the default recipe can call additional recipes to manage additional postfix configuration files
For a more dynamic approach to discovery for the relayhost, see the `client` and `server` recipes below.
### client
Use this recipe to have nodes automatically search for the mail relay based which node has the `node['postfix']['relayhost_role']` role. Sets the `node['postfix']['main']['relayhost']` attribute to the first result from the search.
Includes the default recipe to install, configure and start postfix.
Does not work with `chef-solo`.
### sasl\_auth
### sasl_auth
Sets up the system to authenticate with a remote mail relay using SASL authentication.
### server
To use Chef Server search to automatically detect a node that is the relayhost, use this recipe in a role that will be relayhost. By default, the role should be "relayhost" but you can change the attribute `node['postfix']['relayhost_role']` to modify this.
**Note** This recipe will set the `node['postfix']['mail_type']` to "master" with an override attribute.
### maps
General recipe to manage any number of any type postfix lookup tables. You can replace with it recipes like `transport` or `virtual_aliases`, but what is more important - you can create any kinds of maps, which has no own recipe, including database lookup maps configuration. `maps` is a hash keys of which is a lookup table type and value is another hash with filenames as the keys and hash with file content as the value. File content is an any number of key/value pairs which meaning depends on lookup table type. Examlle:
```json
"override_attributes": {
"postfix": {
"maps": {
"hash": {
"/etc/postfix/vmailbox": {
"john@example.com": "ok",
"john@example.net": "ok",
},
"/etc/postfix/virtual": {
"postmaster@example.com": "john@example.com",
"postmaster@example.net": "john@example.net",
"root@mail.example.net": "john@example.net"
},
"/etc/postfix/envelope_senders": {
"@example.com": "john@example.com",
"@example.net": "john@example.net"
},
"/etc/postfix/relay_recipients": {
"john@example.net": "ok",
"john@example.com": "ok",
"admin@example.com": "ok",
}
},
"pgsql": {
"/etc/postfix/pgtest": {
"hosts": "db.local:2345",
"user": "postfix",
"password": "test",
"dbname": "postdb",
"query": "SELECT replacement FROM aliases WHERE mailbox = '%s'"
}
}
}
}
```
To use these files in your configuration reference them in `node['postfix']['main']`, for instance:
```json
"postfix": {
"main": {
"smtpd_sender_login_maps": "hash:/etc/postfix/envelope_senders",
"relay_recipient_maps": "hash:/etc/postfix/relay_recipients",
"virtual_mailbox_maps": "hash:/etc/postfix/vmailbox",
"virtual_alias_maps": "hash:/etc/postfix/virtual",
}
}
```
### aliases
Manage `/etc/aliases` with this recipe. Currently only Ubuntu 10.04 platform has a template for the aliases file. Add your aliases template to the `templates/default` or to the appropriate platform+version directory per the File Specificity rules for templates. Then specify a hash of aliases for the `node['postfix']['aliases']` attribute.
Arrays are supported as alias values, since postfix supports comma separated values per alias, simply specify your alias as an array to use this handy feature.
### aliases
Manage `/etc/aliases` with this recipe.
### transports
Manage `/etc/postfix/transport` with this recipe.
### access
Manage `/etc/postfix/access` with this recipe.
### virtual_aliases
Manage `/etc/postfix/virtual` with this recipe.
### relay_restrictions
Manage `/etc/postfix/relay_restriction` with this recipe
The postfix option smtpd_relay_restrictions in main.cf will point to this hash map db.
Manage `/etc/postfix/relay_restriction` with this recipe The postfix option smtpd_relay_restrictions in main.cf will point to this hash map db.
http://wiki.chef.io/display/chef/Templates#Templates-TemplateLocationSpecificity
<http://wiki.chef.io/display/chef/Templates#Templates-TemplateLocationSpecificity>
## Usage
Usage
-----
On systems that should simply send mail directly to a relay, or out to the internet, use `recipe[postfix]` and modify the `node['postfix']['main']['relayhost']` attribute via a role.
On systems that should be the MX for a domain, set the attributes accordingly and make sure the `node['postfix']['mail_type']` attribute is `master`. See __Examples__ for information on how to use `recipe[postfix::server]` to do this automatically.
On systems that should be the MX for a domain, set the attributes accordingly and make sure the `node['postfix']['mail_type']` attribute is `master`. See **Examples** for information on how to use `recipe[postfix::server]` to do this automatically.
If you need to use SASL authentication to send mail through your ISP (such as on a home network), use `postfix::sasl_auth` and set the appropriate attributes.
For each of these implementations, see __Examples__ for role usage.
For each of these implementations, see **Examples** for role usage.
### Examples
The example roles below only have the relevant postfix usage. You may have other contents depending on what you're configuring on your systems.
The `base` role is applied to all nodes in the environment.
@@ -172,7 +308,7 @@ override_attributes(
"mail_type" => "master",
"main" => {
"mynetworks" => [ "10.3.3.0/24", "127.0.0.0/8" ],
"inet-interfaces" => "all",
"inet_interfaces" => "all",
"mydomain" => "example.com",
"myorigin" => "example.com"
}
@@ -204,9 +340,10 @@ override_attributes(
For an example of using encrypted data bags to encrypt the SASL password, see the following blog post:
* http://jtimberman.github.com/blog/2011/08/06/encrypted-data-bag-for-postfix-sasl-authentication/
- <http://jtimberman.github.com/blog/2011/08/06/encrypted-data-bag-for-postfix-sasl-authentication/>
#### Examples using the client & server recipes
If you'd like to use the more dynamic search based approach for discovery, use the server and client recipes. First, create a relayhost role.
```ruby
@@ -288,13 +425,13 @@ override_attributes(
)
```
License & Authors
-----------------
- Author:: Joshua Timberman <joshua@chef.io>
## License & Authors
```text
Copyright:: 2009-2014, Chef Software, Inc
**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))
**Copyright:** 2009-2016, Chef Software, Inc.
```
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

304
cookbooks/postfix/attributes/default.rb
View File

@@ -1,6 +1,5 @@
# encoding: utf-8
# Author:: Joshua Timberman <joshua@chef.io>
# Copyright:: Copyright 2009-2014, Chef Software, Inc.
# Copyright:: 2009-2016, Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -16,7 +15,7 @@
# limitations under the License.
# Generic cookbook attributes
default['postfix']['mail_type'] = 'client'
default['postfix']['mail_type'] = 'client'
default['postfix']['relayhost_role'] = 'relayhost'
default['postfix']['multi_environment_relay'] = false
default['postfix']['use_procmail'] = false
@@ -25,7 +24,7 @@ default['postfix']['use_transport_maps'] = false
default['postfix']['use_access_maps'] = false
default['postfix']['use_virtual_aliases'] = false
default['postfix']['use_virtual_aliases_domains'] = false
default['postfix']['use_relay_restirictions_maps'] = false
default['postfix']['use_relay_restrictions_maps'] = false
default['postfix']['transports'] = {}
default['postfix']['access'] = {}
default['postfix']['virtual_aliases'] = {}
@@ -118,31 +117,284 @@ end
# default['postfix']['main']['canonical_maps'] = nil
# Master.cf attributes
default['postfix']['master']['submission'] = false
default['postfix']['master']['smtp']['active'] = true
default['postfix']['master']['smtp']['order'] = 10
default['postfix']['master']['smtp']['type'] = 'inet'
default['postfix']['master']['smtp']['private'] = false
default['postfix']['master']['smtp']['chroot'] = false
default['postfix']['master']['smtp']['command'] = 'smtpd'
default['postfix']['master']['smtp']['args'] = []
default['postfix']['master']['submission']['active'] = false
default['postfix']['master']['submission']['order'] = 20
default['postfix']['master']['submission']['type'] = 'inet'
default['postfix']['master']['submission']['private'] = false
default['postfix']['master']['submission']['chroot'] = false
default['postfix']['master']['submission']['command'] = 'smtpd'
default['postfix']['master']['submission']['args'] = ['-o smtpd_enforce_tls=yes', ' -o smtpd_sasl_auth_enable=yes', '-o smtpd_client_restrictions=permit_sasl_authenticated,reject']
default['postfix']['master']['smtps']['active'] = false
default['postfix']['master']['smtps']['order'] = 30
default['postfix']['master']['smtps']['type'] = 'inet'
default['postfix']['master']['smtps']['private'] = false
default['postfix']['master']['smtps']['chroot'] = false
default['postfix']['master']['smtps']['command'] = 'smtpd'
default['postfix']['master']['smtps']['args'] = ['-o smtpd_tls_wrappermode=yes', '-o smtpd_sasl_auth_enable=yes', '-o smtpd_client_restrictions=permit_sasl_authenticated,reject']
default['postfix']['master']['628']['active'] = false
default['postfix']['master']['628']['order'] = 40
default['postfix']['master']['628']['type'] = 'inet'
default['postfix']['master']['628']['private'] = false
default['postfix']['master']['628']['chroot'] = false
default['postfix']['master']['628']['command'] = 'qmqpdd'
default['postfix']['master']['628']['args'] = []
default['postfix']['master']['pickup']['active'] = true
default['postfix']['master']['pickup']['order'] = 50
default['postfix']['master']['pickup']['type'] = 'fifo'
default['postfix']['master']['pickup']['private'] = false
default['postfix']['master']['pickup']['chroot'] = false
default['postfix']['master']['pickup']['wakeup'] = '60'
default['postfix']['master']['pickup']['maxproc'] = '1'
default['postfix']['master']['pickup']['command'] = 'pickup'
default['postfix']['master']['pickup']['args'] = []
default['postfix']['master']['cleanup']['active'] = true
default['postfix']['master']['cleanup']['order'] = 60
default['postfix']['master']['cleanup']['type'] = 'unix'
default['postfix']['master']['cleanup']['private'] = false
default['postfix']['master']['cleanup']['chroot'] = false
default['postfix']['master']['cleanup']['maxproc'] = '0'
default['postfix']['master']['cleanup']['command'] = 'cleanup'
default['postfix']['master']['cleanup']['args'] = []
default['postfix']['master']['qmgr']['active'] = true
default['postfix']['master']['qmgr']['order'] = 70
default['postfix']['master']['qmgr']['type'] = 'fifo'
default['postfix']['master']['qmgr']['private'] = false
default['postfix']['master']['qmgr']['chroot'] = false
default['postfix']['master']['qmgr']['wakeup'] = '300'
default['postfix']['master']['qmgr']['maxproc'] = '1'
default['postfix']['master']['qmgr']['command'] = 'qmgr'
default['postfix']['master']['qmgr']['args'] = []
default['postfix']['master']['tlsmgr']['active'] = true
default['postfix']['master']['tlsmgr']['order'] = 80
default['postfix']['master']['tlsmgr']['type'] = 'unix'
default['postfix']['master']['tlsmgr']['chroot'] = false
default['postfix']['master']['tlsmgr']['wakeup'] = '1000?'
default['postfix']['master']['tlsmgr']['maxproc'] = '1'
default['postfix']['master']['tlsmgr']['command'] = 'tlsmgr'
default['postfix']['master']['tlsmgr']['args'] = []
default['postfix']['master']['rewrite']['active'] = true
default['postfix']['master']['rewrite']['order'] = 90
default['postfix']['master']['rewrite']['type'] = 'unix'
default['postfix']['master']['rewrite']['chroot'] = false
default['postfix']['master']['rewrite']['command'] = 'trivial-rewrite'
default['postfix']['master']['rewrite']['args'] = []
default['postfix']['master']['bounce']['active'] = true
default['postfix']['master']['bounce']['order'] = 100
default['postfix']['master']['bounce']['type'] = 'unix'
default['postfix']['master']['bounce']['chroot'] = false
default['postfix']['master']['bounce']['maxproc'] = '0'
default['postfix']['master']['bounce']['command'] = 'bounce'
default['postfix']['master']['bounce']['args'] = []
default['postfix']['master']['defer']['active'] = true
default['postfix']['master']['defer']['order'] = 110
default['postfix']['master']['defer']['type'] = 'unix'
default['postfix']['master']['defer']['chroot'] = false
default['postfix']['master']['defer']['maxproc'] = '0'
default['postfix']['master']['defer']['command'] = 'bounce'
default['postfix']['master']['defer']['args'] = []
default['postfix']['master']['trace']['active'] = true
default['postfix']['master']['trace']['order'] = 120
default['postfix']['master']['trace']['type'] = 'unix'
default['postfix']['master']['trace']['chroot'] = false
default['postfix']['master']['trace']['maxproc'] = '0'
default['postfix']['master']['trace']['command'] = 'bounce'
default['postfix']['master']['trace']['args'] = []
default['postfix']['master']['verify']['active'] = true
default['postfix']['master']['verify']['order'] = 130
default['postfix']['master']['verify']['type'] = 'unix'
default['postfix']['master']['verify']['chroot'] = false
default['postfix']['master']['verify']['maxproc'] = '1'
default['postfix']['master']['verify']['command'] = 'verify'
default['postfix']['master']['verify']['args'] = []
default['postfix']['master']['flush']['active'] = true
default['postfix']['master']['flush']['order'] = 140
default['postfix']['master']['flush']['type'] = 'unix'
default['postfix']['master']['flush']['private'] = false
default['postfix']['master']['flush']['chroot'] = false
default['postfix']['master']['flush']['wakeup'] = '1000?'
default['postfix']['master']['flush']['maxproc'] = '0'
default['postfix']['master']['flush']['command'] = 'flush'
default['postfix']['master']['flush']['args'] = []
default['postfix']['master']['proxymap']['active'] = true
default['postfix']['master']['proxymap']['order'] = 150
default['postfix']['master']['proxymap']['type'] = 'unix'
default['postfix']['master']['proxymap']['chroot'] = false
default['postfix']['master']['proxymap']['command'] = 'proxymap'
default['postfix']['master']['proxymap']['args'] = []
default['postfix']['master']['smtpunix']['service'] = 'smtp'
default['postfix']['master']['smtpunix']['active'] = true
default['postfix']['master']['smtpunix']['order'] = 160
default['postfix']['master']['smtpunix']['type'] = 'unix'
default['postfix']['master']['smtpunix']['chroot'] = false
default['postfix']['master']['smtpunix']['maxproc'] = '500'
default['postfix']['master']['smtpunix']['command'] = 'smtp'
default['postfix']['master']['smtpunix']['args'] = []
default['postfix']['master']['relay']['active'] = true
default['postfix']['master']['relay']['comment'] = 'When relaying mail as backup MX, disable fallback_relay to avoid MX loops'
default['postfix']['master']['relay']['order'] = 170
default['postfix']['master']['relay']['type'] = 'unix'
default['postfix']['master']['relay']['chroot'] = false
default['postfix']['master']['relay']['command'] = 'smtp'
default['postfix']['master']['relay']['args'] = ['-o smtp_fallback_relay=']
default['postfix']['master']['showq']['active'] = true
default['postfix']['master']['showq']['order'] = 180
default['postfix']['master']['showq']['type'] = 'unix'
default['postfix']['master']['showq']['private'] = false
default['postfix']['master']['showq']['chroot'] = false
default['postfix']['master']['showq']['command'] = 'showq'
default['postfix']['master']['showq']['args'] = []
default['postfix']['master']['error']['active'] = true
default['postfix']['master']['error']['order'] = 190
default['postfix']['master']['error']['type'] = 'unix'
default['postfix']['master']['error']['chroot'] = false
default['postfix']['master']['error']['command'] = 'error'
default['postfix']['master']['error']['args'] = []
default['postfix']['master']['discard']['active'] = true
default['postfix']['master']['discard']['order'] = 200
default['postfix']['master']['discard']['type'] = 'unix'
default['postfix']['master']['discard']['chroot'] = false
default['postfix']['master']['discard']['command'] = 'discard'
default['postfix']['master']['discard']['args'] = []
default['postfix']['master']['local']['active'] = true
default['postfix']['master']['local']['order'] = 210
default['postfix']['master']['local']['type'] = 'unix'
default['postfix']['master']['local']['unpriv'] = false
default['postfix']['master']['local']['chroot'] = false
default['postfix']['master']['local']['command'] = 'local'
default['postfix']['master']['local']['args'] = []
default['postfix']['master']['virtual']['active'] = true
default['postfix']['master']['virtual']['order'] = 220
default['postfix']['master']['virtual']['type'] = 'unix'
default['postfix']['master']['virtual']['unpriv'] = false
default['postfix']['master']['virtual']['chroot'] = false
default['postfix']['master']['virtual']['command'] = 'virtual'
default['postfix']['master']['virtual']['args'] = []
default['postfix']['master']['lmtp']['active'] = true
default['postfix']['master']['lmtp']['order'] = 230
default['postfix']['master']['lmtp']['type'] = 'unix'
default['postfix']['master']['lmtp']['chroot'] = false
default['postfix']['master']['lmtp']['command'] = 'lmtp'
default['postfix']['master']['lmtp']['args'] = []
default['postfix']['master']['anvil']['active'] = true
default['postfix']['master']['anvil']['order'] = 240
default['postfix']['master']['anvil']['type'] = 'unix'
default['postfix']['master']['anvil']['chroot'] = false
default['postfix']['master']['anvil']['maxproc'] = '1'
default['postfix']['master']['anvil']['command'] = 'anvil'
default['postfix']['master']['anvil']['args'] = []
default['postfix']['master']['scache']['active'] = true
default['postfix']['master']['scache']['order'] = 250
default['postfix']['master']['scache']['type'] = 'unix'
default['postfix']['master']['scache']['chroot'] = false
default['postfix']['master']['scache']['maxproc'] = '1'
default['postfix']['master']['scache']['command'] = 'scache'
default['postfix']['master']['scache']['args'] = []
default['postfix']['master']['maildrop']['active'] = true
default['postfix']['master']['maildrop']['comment'] = 'See the Postfix MAILDROP_README file for details. To main.cf will be added: maildrop_destination_recipient_limit=1'
default['postfix']['master']['maildrop']['order'] = 510
default['postfix']['master']['maildrop']['type'] = 'unix'
default['postfix']['master']['maildrop']['unpriv'] = false
default['postfix']['master']['maildrop']['chroot'] = false
default['postfix']['master']['maildrop']['command'] = 'pipe'
default['postfix']['master']['maildrop']['args'] = ['flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}']
default['postfix']['master']['old-cyrus']['active'] = false
default['postfix']['master']['old-cyrus']['comment'] = 'The Cyrus deliver program has changed incompatibly, multiple times.'
default['postfix']['master']['old-cyrus']['order'] = 520
default['postfix']['master']['old-cyrus']['type'] = 'unix'
default['postfix']['master']['old-cyrus']['unpriv'] = false
default['postfix']['master']['old-cyrus']['chroot'] = false
default['postfix']['master']['old-cyrus']['command'] = 'pipe'
default['postfix']['master']['old-cyrus']['args'] = ['flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}']
default['postfix']['master']['cyrus']['active'] = true
default['postfix']['master']['cyrus']['comment'] = 'Cyrus 2.1.5 (Amos Gouaux). To main.cf will be added: cyrus_destination_recipient_limit=1'
default['postfix']['master']['cyrus']['order'] = 530
default['postfix']['master']['cyrus']['type'] = 'unix'
default['postfix']['master']['cyrus']['unpriv'] = false
default['postfix']['master']['cyrus']['chroot'] = false
default['postfix']['master']['cyrus']['command'] = 'pipe'
default['postfix']['master']['cyrus']['args'] = ['user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}']
default['postfix']['master']['uucp']['active'] = true
default['postfix']['master']['uucp']['comment'] = 'See the Postfix UUCP_README file for configuration details.'
default['postfix']['master']['uucp']['order'] = 540
default['postfix']['master']['uucp']['type'] = 'unix'
default['postfix']['master']['uucp']['unpriv'] = false
default['postfix']['master']['uucp']['chroot'] = false
default['postfix']['master']['uucp']['command'] = 'pipe'
default['postfix']['master']['uucp']['args'] = ['flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)']
default['postfix']['master']['ifmail']['active'] = false
default['postfix']['master']['ifmail']['order'] = 550
default['postfix']['master']['ifmail']['type'] = 'unix'
default['postfix']['master']['ifmail']['unpriv'] = false
default['postfix']['master']['ifmail']['chroot'] = false
default['postfix']['master']['ifmail']['command'] = 'pipe'
default['postfix']['master']['ifmail']['args'] = ['flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)']
default['postfix']['master']['bsmtp']['active'] = true
default['postfix']['master']['bsmtp']['order'] = 560
default['postfix']['master']['bsmtp']['type'] = 'unix'
default['postfix']['master']['bsmtp']['unpriv'] = false
default['postfix']['master']['bsmtp']['chroot'] = false
default['postfix']['master']['bsmtp']['command'] = 'pipe'
default['postfix']['master']['bsmtp']['args'] = ['flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient']
# OS Aliases
case node['platform']
when 'freebsd'
default['postfix']['aliases'] = {
'MAILER-DAEMON' => 'postmaster',
'bin' => 'root',
'daemon' => 'root',
'named' => 'root',
'nobody' => 'root',
'uucp' => 'root',
'www' => 'root',
'ftp-bugs' => 'root',
'postfix' => 'root',
'manager' => 'root',
'dumper' => 'root',
'operator' => 'root',
'abuse' => 'postmaster'
}
else
default['postfix']['aliases'] = {}
end
default['postfix']['aliases'] = case node['platform']
when 'freebsd'
{
'MAILER-DAEMON' => 'postmaster',
'bin' => 'root',
'daemon' => 'root',
'named' => 'root',
'nobody' => 'root',
'uucp' => 'root',
'www' => 'root',
'ftp-bugs' => 'root',
'postfix' => 'root',
'manager' => 'root',
'dumper' => 'root',
'operator' => 'root',
'abuse' => 'postmaster',
}
else
{}
end
if node['postfix']['use_relay_restirictions_maps']
default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject"
end

25
cookbooks/postfix/files/default/tests/minitest/support/helpers.rb
View File

@@ -1,25 +0,0 @@
# encoding: utf-8
# Copyright 2012-2014, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# helpers
module Helpers
# postfix
module Postfix
include MiniTest::Chef::Assertions
include MiniTest::Chef::Context
include MiniTest::Chef::Resources
end
end

2
cookbooks/postfix/metadata.json
View File

File diff suppressed because one or more lines are too long

51
cookbooks/postfix/recipes/_attributes.rb
View File

@@ -1,5 +1,4 @@
# encoding: utf-8
# Copyright:: Copyright 2012-2014, Chef Software, Inc.
# Copyright:: 2012-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,46 +14,58 @@
#
if node['postfix']['use_procmail']
node.default['postfix']['main']['mailbox_command'] = '/usr/bin/procmail -a "$EXTENSION"'
node.default_unless['postfix']['main']['mailbox_command'] = '/usr/bin/procmail -a "$EXTENSION"'
end
if node['postfix']['main']['smtpd_use_tls'] == 'yes'
node.default['postfix']['main']['smtpd_tls_cert_file'] = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
node.default['postfix']['main']['smtpd_tls_key_file'] = '/etc/ssl/private/ssl-cert-snakeoil.key'
node.default['postfix']['main']['smtpd_tls_CAfile'] = node['postfix']['cafile']
node.default['postfix']['main']['smtpd_tls_session_cache_database'] = 'btree:${data_directory}/smtpd_scache'
node.default_unless['postfix']['main']['smtpd_tls_cert_file'] = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
node.default_unless['postfix']['main']['smtpd_tls_key_file'] = '/etc/ssl/private/ssl-cert-snakeoil.key'
node.default_unless['postfix']['main']['smtpd_tls_CAfile'] = node['postfix']['cafile']
node.default_unless['postfix']['main']['smtpd_tls_session_cache_database'] = 'btree:${data_directory}/smtpd_scache'
end
if node['postfix']['main']['smtp_use_tls'] == 'yes'
node.default['postfix']['main']['smtp_tls_CAfile'] = node['postfix']['cafile']
node.default['postfix']['main']['smtp_tls_session_cache_database'] = 'btree:${data_directory}/smtp_scache'
node.default_unless['postfix']['main']['smtp_tls_CAfile'] = node['postfix']['cafile']
node.default_unless['postfix']['main']['smtp_tls_session_cache_database'] = 'btree:${data_directory}/smtp_scache'
end
if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
node.default['postfix']['sasl_password_file'] = "#{node['postfix']['conf_dir']}/sasl_passwd"
node.default['postfix']['main']['smtp_sasl_password_maps'] = "hash:#{node['postfix']['sasl_password_file']}"
node.default['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous'
node.default['postfix']['sasl']['smtp_sasl_user_name'] = ''
node.default['postfix']['sasl']['smtp_sasl_passwd'] = ''
node.default['postfix']['main']['relayhost'] = ''
node.default_unless['postfix']['sasl_password_file'] = "#{node['postfix']['conf_dir']}/sasl_passwd"
node.default_unless['postfix']['main']['smtp_sasl_password_maps'] = "hash:#{node['postfix']['sasl_password_file']}"
node.default_unless['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous'
node.default_unless['postfix']['sasl']['smtp_sasl_user_name'] = ''
node.default_unless['postfix']['sasl']['smtp_sasl_passwd'] = ''
node.default_unless['postfix']['main']['relayhost'] = ''
end
if node['postfix']['use_alias_maps']
node.default['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"]
node.default_unless['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"]
end
if node['postfix']['use_transport_maps']
node.default['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"]
node.default_unless['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"]
end
if node['postfix']['use_access_maps']
node.default['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"]
node.default_unless['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"]
end
if node['postfix']['use_virtual_aliases']
node.default['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"]
node.default_unless['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"]
end
if node['postfix']['use_virtual_aliases_domains']
node.default['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"]
node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"]
end
if node['postfix']['use_relay_restirictions_maps']
default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject"
end
if node['postfix']['master']['maildrop']['active']
node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1
end
if node['postfix']['master']['cyrus']['active']
node.default_unless['postfix']['main']['cyrus_destination_recipient_limit'] = 1
end

13
cookbooks/postfix/recipes/_common.rb
View File

@@ -1,9 +1,8 @@
# encoding: utf-8
# Author:: Joshua Timberman(<joshua@chef.io>)
# Cookbook Name:: common
# Cookbook:: common
# Recipe:: default
#
# Copyright 2009-2014, Chef Software, Inc.
# Copyright:: 2009-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -57,7 +56,7 @@ when 'omnios'
# we don't guard this because if the user creation was successful (or happened out of band), then this won't get executed when the action is :nothing.
execute '/opt/omni/sbin/postfix set-permissions'
template manifest_path do
template manifest_path do
source 'manifest-postfix.xml.erb'
owner 'root'
group node['root_group']
@@ -87,7 +86,7 @@ unless node['postfix']['sender_canonical_map_entries'].empty?
end
unless node['postfix']['main'].key?('sender_canonical_maps')
node.set['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical"
node.normal['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical"
end
end
@@ -100,13 +99,13 @@ unless node['postfix']['smtp_generic_map_entries'].empty?
template "#{node['postfix']['conf_dir']}/smtp_generic" do
owner 'root'
group node['root_group']
mode '0644'
mode '0644'
notifies :run, 'execute[update-postfix-smtp_generic]'
notifies :reload, 'service[postfix]'
end
unless node['postfix']['main'].key?('smtp_generic_maps')
node.set['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic"
node.normal['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic"
end
end

3
cookbooks/postfix/recipes/access.rb
View File

@@ -1,5 +1,4 @@
# encoding: utf-8
# Copyright:: Copyright (c) 2012, Chef Software, Inc.
# Copyright:: 2012-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

5
cookbooks/postfix/recipes/aliases.rb
View File

@@ -1,5 +1,4 @@
# encoding: utf-8
# Copyright:: Copyright 2012-2014, Chef Software, Inc.
# Copyright:: Copyright 2012-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,7 +19,7 @@ execute 'update-postfix-aliases' do
command 'newaliases'
environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
# On FreeBSD, /usr/sbin/newaliases is the sendmail command, and it's in the path before postfix's /usr/local/bin/newaliases
environment ({ 'PATH' => "/usr/local/bin:#{ENV['PATH']}" }) if platform_family?('freebsd')
environment('PATH' => "/usr/local/bin:#{ENV['PATH']}") if platform_family?('freebsd')
action :nothing
end

7
cookbooks/postfix/recipes/client.rb
View File

@@ -1,9 +1,8 @@
# encoding: utf-8
# Author:: Joshua Timberman(<joshua@chef.io>)
# Cookbook Name:: postfix
# Cookbook:: postfix
# Recipe:: client
#
# Copyright 2009-2014, Chef Software, Inc.
# Copyright:: 2009-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -37,6 +36,6 @@ else
relayhost = results.map { |n| n['ipaddress'] }.first
end
node.set['postfix']['main']['relayhost'] = "[#{relayhost}]"
node.normal['postfix']['main']['relayhost'] = "[#{relayhost}]"
include_recipe 'postfix'

34
cookbooks/postfix/recipes/default.rb
View File

@@ -1,9 +1,8 @@
# encoding: utf-8
# Author:: Joshua Timberman(<joshua@chef.io>)
# Cookbook Name:: postfix
# Cookbook:: postfix
# Recipe:: default
#
# Copyright 2009-2014, Chef Software, Inc.
# Copyright:: 2009-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,31 +19,18 @@
include_recipe 'postfix::_common'
if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
include_recipe 'postfix::sasl_auth'
end
include_recipe 'postfix::sasl_auth' if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
if node['postfix']['use_alias_maps']
include_recipe 'postfix::aliases'
end
include_recipe 'postfix::aliases' if node['postfix']['use_alias_maps']
if node['postfix']['use_transport_maps']
include_recipe 'postfix::transports'
end
include_recipe 'postfix::transports' if node['postfix']['use_transport_maps']
if node['postfix']['use_access_maps']
include_recipe 'postfix::access'
end
include_recipe 'postfix::access' if node['postfix']['use_access_maps']
if node['postfix']['use_virtual_aliases']
include_recipe 'postfix::virtual_aliases'
end
include_recipe 'postfix::virtual_aliases' if node['postfix']['use_virtual_aliases']
if node['postfix']['use_virtual_aliases_domains']
include_recipe 'postfix::virtual_aliases_domains'
end
include_recipe 'postfix::virtual_aliases_domains' if node['postfix']['use_virtual_aliases_domains']
if node['postfix']['use_relay_restrictions_maps']
include_recipe 'postfix::relay_restrictions'
end
include_recipe 'postfix::relay_restrictions' if node['postfix']['use_relay_restrictions_maps']
include_recipe 'postfix::maps' if node['postfix']['maps']

47
cookbooks/postfix/recipes/maps.rb Normal file
View File

@@ -0,0 +1,47 @@
# encoding: utf-8
# Copyright:: Copyright (c) 2012, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node['postfix']['maps'].each do |type, maps|
if node['platform_family'] == 'debian'
package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
end
separator = if %w(pgsql mysql ldap memcache sqlite).include?(type)
' = '
else
' '
end
maps.each do |file, content|
execute "update-postmap-#{file}" do
command "postmap #{file}"
environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
action :nothing
end if %w(btree cdb dbm hash sdbm).include?(type)
template "#{file}-#{type}" do
path file
source 'maps.erb'
only_if "postconf -m | grep -q #{type}"
variables(
map: content,
separator: separator
)
if %w(btree cdb dbm hash sdbm).include?(type)
notifies :run, "execute[update-postmap-#{file}]"
end
notifies :restart, 'service[postfix]'
end
end
end

4
cookbooks/postfix/recipes/relay_restrictions.rb
View File

@@ -1,5 +1,4 @@
# encoding: utf-8
# Copyright:: Copyright (c) 2012, Chef Software, Inc.
# Copyright:: 2012-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -26,4 +25,3 @@ template node['postfix']['relay_restrictions_db'] do
source 'relay_restrictions.erb'
notifies :run, 'execute[update-postfix-relay-restrictions]'
end

17
cookbooks/postfix/recipes/sasl_auth.rb
View File

@@ -1,10 +1,9 @@
# encoding: utf-8
#
# Author:: Joshua Timberman(<joshua@chef.io>)
# Cookbook Name:: postfix
# Cookbook:: postfix
# Recipe:: sasl_auth
#
# Copyright 2009-2014, Chef Software, Inc.
# Copyright:: 2009-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -29,11 +28,11 @@ case node['platform_family']
when 'debian'
sasl_pkgs = %w(libsasl2-2 libsasl2-modules ca-certificates)
when 'rhel'
if node['platform_version'].to_i < 6
sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain openssl)
else
sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain ca-certificates)
end
sasl_pkgs = if node['platform_version'].to_i < 6
%w(cyrus-sasl cyrus-sasl-plain openssl)
else
%w(cyrus-sasl cyrus-sasl-plain ca-certificates)
end
when 'fedora'
sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain ca-certificates)
end
@@ -53,7 +52,7 @@ template node['postfix']['sasl_password_file'] do
source 'sasl_passwd.erb'
owner 'root'
group node['root_group']
mode 0400
mode '400'
notifies :run, 'execute[postmap-sasl_passwd]', :immediately
notifies :restart, 'service[postfix]'
variables(settings: node['postfix']['sasl'])

5
cookbooks/postfix/recipes/server.rb
View File

@@ -1,10 +1,9 @@
# encoding: utf-8
#
# Author:: Joshua Timberman(<joshua@chef.io>)
# Cookbook Name:: postfix
# Cookbook:: postfix
# Recipe:: server
#
# Copyright 2009-2014, Chef Software, Inc.
# Copyright:: 2009-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

3
cookbooks/postfix/recipes/transports.rb
View File

@@ -1,5 +1,4 @@
# encoding: utf-8
# Copyright:: Copyright (c) 2012, Chef Software, Inc.
# Copyright:: 2012-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

3
cookbooks/postfix/recipes/virtual_aliases.rb
View File

@@ -1,5 +1,4 @@
# encoding: utf-8
# Copyright:: Copyright (c) 2012, Chef Software, Inc.
# Copyright:: 2012-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

3
cookbooks/postfix/recipes/virtual_aliases_domains.rb
View File

@@ -1,5 +1,4 @@
# encoding: utf-8
# Copyright:: Copyright (c) 2012, Chef Software, Inc.
# Copyright:: 2012-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

5
cookbooks/postfix/templates/default/access.erb
View File

@@ -1,7 +1,6 @@
#
# This file is generated by Chef for <%= node['fqdn'] %>
#
# Local changes will be overwritten
# Auto-generated by Chef. Do not hand edit!
# Local modifications will be overwritten.
#
# See man 5 access for format

7
cookbooks/postfix/templates/default/aliases.erb
View File

@@ -1,11 +1,10 @@
#
# This file is generated by Chef for <%= node['fqdn'] %>
#
# Local changes will be overwritten
# Auto-generated by Chef.
# Local modifications will be overwritten.
#
# See man 5 aliases for format
postmaster: root
<% node['postfix']['aliases'].each do |name, value| %>
<%= name %>: <%= [value].flatten.map{|x| %Q("#{x}")}.join(', ') %>
<%= name %>: <%= [value].flatten.map{|x| if (x.include?("@")) then x else %Q("#{x}") end}.join(', ') %>
<% end unless node['postfix']['aliases'].nil? %>

3
cookbooks/postfix/templates/default/main.cf.erb
View File

@@ -1,5 +1,6 @@
###
# Generated by Chef for <%= node['fqdn'] %>
# Auto-generated by Chef.
# Local modifications will be overwritten.
# Configured as <%= node['postfix']['mail_type'] %>
###

8
cookbooks/postfix/templates/default/maps.erb Normal file
View File

@@ -0,0 +1,8 @@
#
# This file is generated by Chef.
# Local changes will be overwritten
#
<% @map.each do |key, value| -%>
<%= key %><%= @separator %><%= value %>
<% end unless @map.nil? -%>

130
cookbooks/postfix/templates/default/master.cf.erb
View File

@@ -1,3 +1,5 @@
# This file is generated by Chef.
# Local changes will be overwritten
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
@@ -6,76 +8,60 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
<% if @settings['submission'] -%>
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
<% @settings.sort_by{|k,v| v['order']}.map do |service, properties| -%>
<% next if !properties['active'] -%>
<% if properties.has_key?('comment') -%>
#
#<%= properties['comment'] %>
<% end -%>
<% if properties.has_key?('service') -%>
<%= properties['service'].ljust(10) -%>
<% else -%>
<%= service.ljust(10) -%>
<% end -%>
<%= properties['type'].ljust(6) -%>
<% if properties.has_key?('private') -%>
<% if properties['private'] -%>
<% priv='y' -%>
<% else -%>
<% priv='n' -%>
<% end -%>
<% else -%>
<% priv='-' -%>
<% end -%>
<%= priv.ljust(8) -%>
<% if properties.has_key?('unpriv') -%>
<% if properties['unpriv'] -%>
<% unpriv='y' -%>
<% else -%>
<% unpriv='n' -%>
<% end -%>
<% else -%>
<% unpriv='-' -%>
<% end -%>
<%= unpriv.ljust(8) -%>
<% if properties.has_key?('chroot') -%>
<% if properties['chroot'] -%>
<% chroot='y' -%>
<% else -%>
<% chroot='n' -%>
<% end -%>
<% else -%>
<% chroot='-' -%>
<% end -%>
<%= chroot.ljust(7) -%>
<% if properties.has_key?('wakeup') -%>
<%= properties['wakeup'].ljust(7) -%>
<% else -%>
<%= '-'.ljust(7) -%>
<% end -%>
<% if properties.has_key?('maxproc') -%>
<%= properties['maxproc'].ljust(7) -%>
<% else -%>
<%= '-'.ljust(7) -%>
<% end -%>
<%= properties['command'] %>
<% properties['args'].each do |arg| -%>
<%= arg %>
<% end -%>
<% end -%>
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - 500 smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

5
cookbooks/postfix/templates/default/relay_restrictions.erb
View File

@@ -1,7 +1,6 @@
#
# This file is generated by Chef for <%= node['fqdn'] %>
#
# Local changes will be overwritten
# Auto-generated by Chef.
# Local modifications will be overwritten.
#
# Attribute name is the domain name, Attribute value is either OK or REJECT

4
cookbooks/postfix/templates/default/sasl_passwd.erb
View File

@@ -1,2 +1,4 @@
# This file is generated by Chef for <%= node['fqdn'] %>
# Auto-generated by Chef.
# Local modifications will be overwritten.
#
<%= node['postfix']['main']['relayhost'] %> <%= @settings['smtp_sasl_user_name'] %>:<%= @settings['smtp_sasl_passwd'] %>

5
cookbooks/postfix/templates/default/sender_canonical.erb
View File

@@ -1,7 +1,6 @@
#
# This file is generated by Chef for <%= node['fqdn'] %>
#
# Local changes will be overwritten
# Auto-generated by Chef.
# Local modifications will be overwritten.
#
# See man 5 canonical for format

5
cookbooks/postfix/templates/default/smtp_generic.erb
View File

@@ -1,7 +1,6 @@
#
# This file is generated by Chef for <%= node['fqdn'] %>
#
# Local changes will be overwritten
# Auto-generated by Chef.
# Local modifications will be overwritten.
#
# See man 5 generic for format

5
cookbooks/postfix/templates/default/transport.erb
View File

@@ -1,7 +1,6 @@
#
# This file is generated by Chef for <%= node['fqdn'] %>
#
# Local changes will be overwritten
# Auto-generated by Chef.
# Local modifications will be overwritten.
#
# See man 5 transport for format

5
cookbooks/postfix/templates/default/virtual_aliases.erb
View File

@@ -1,7 +1,6 @@
#
# This file is generated by Chef for <%= node['fqdn'] %>
#
# Local changes will be overwritten
# Auto-generated by Chef.
# Local modifications will be overwritten.
#
# See man 5 virtual for format

5
cookbooks/postfix/templates/default/virtual_aliases_domains.erb
View File

@@ -1,7 +1,6 @@
#
# This file is generated by Chef for <%= node['fqdn'] %>
#
# Local changes will be overwritten
# Auto-generated by Chef.
# Local modifications will be overwritten.
#
# See man 5 virtual for format