kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Initial Chef repository

Browse Source
This commit is contained in:
Greg Karékinian
2015-07-21 19:45:23 +02:00
parent 7e5401fc71
commit ee4079fa85
1151 changed files with 185163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

167
cookbooks/postfix/CHANGELOG.md Normal file
View File

@@ -0,0 +1,167 @@
postfix Cookbook CHANGELOG
==========================
This file is used to list changes made in each version of the postfix cookbook.
v3.6.2 (2014-10-31)
-------------------
- Fix FreeBSDisms
v3.6.1 (2014-10-28)
-------------------
- Fix documentation around node['postfix']['main']['relayhost'] attribute
- Fix logic around include_recipe 'postfix::virtual_aliases_domains'
v3.6.0 (2014-08-25)
-------------------
- restart postfix after updating virtual alias templates #86
- fixing typo for alias_db location in omnios
- moving conditional attributes to a recipe so they can be modified
via other cookbook attributes
v3.5.0 (2014-08-25)
-------------------
Adding virtual_domains functionality
v3.4.1 (2014-08-20)
-------------------
Removing unused parameters from main.cf
v3.4.0 (2014-07-25)
-------------------
Refactoring to fix some logic issues
v3.3.1 (2014-06-11)
-------------------
Reverting #37 - [COOK-3418] Virtual Domain Support PR - duplicate of #55
v3.3.0 (2014-06-11)
-------------------
- #37 - [COOK-3418] - Virtual Domain Support
- #44 - Fix minor formatting issue in attributes
- #55 - Add support for virtual aliases
- #57 - Fixing attributes bug in README
- #64 - add smtp_generic maps configuration option
- #66 - [COOK-3652] Add support for transport mappings
- #67 - [COOK-4662] Added support for access control
- #68 - Properly handle binding to loopback on mixed IPV4/IPV6 systems
v3.2.0 (2014-05-09)
-------------------
- [COOK-4619] - no way to unset recipient_delimiter
v3.1.8 (2014-03-27)
-------------------
- [COOK-4410] - Fix sender_canonical configuration by adding template
and postmap execution
v3.1.6 (2014-03-19)
-------------------
- [COOK-4423] - use platform_family, find cert.pem on rhel
v3.1.4 (2014-02-27)
-------------------
[COOK-4329] Migrate minitest PITs to latest test-kitchen + serverspec
v3.1.2 (2014-02-19)
-------------------
### Bug
- **[COOK-4357](https://tickets.opscode.com/browse/COOK-4357)** - postfix::sasl_auth recipe fails to converge
v3.1.0 (2014-02-19)
-------------------
### Bug
- **[COOK-4322](https://tickets.opscode.com/browse/COOK-4322)** - Postfix cookbook has incorrect default path for sasl_passwd
### New Feature
- **[COOK-4086](https://tickets.opscode.com/browse/COOK-4086)** - use conf_dir attribute for sasl recipe, and add omnios support
- **[COOK-2551](https://tickets.opscode.com/browse/COOK-2551)** - Support creating the sender_canonical map file
v3.0.4
------
### Bug
- **[COOK-3824](https://tickets.opscode.com/browse/COOK-3824)** - main.cf.erb mishandles lists
### Improvement
- **[COOK-3822](https://tickets.opscode.com/browse/COOK-3822)** - postfix cookbook readme has an incorrect example
- Got rubocop errors down to 32
### New Feature
- **[COOK-2551](https://tickets.opscode.com/browse/COOK-2551)** - Support creating the sender_canonical map file
v3.0.2
------
### Bug
- **[COOK-3617](https://tickets.opscode.com/browse/COOK-3617)** - Fix error when no there is no FQDN
- **[COOK-3530](https://tickets.opscode.com/browse/COOK-3530)** - Update `client.rb` after 3.0.0 refactor
- **[COOK-2499](https://tickets.opscode.com/browse/COOK-2499)** - Do not use resource cloning
### Improvement
- **[COOK-3116](https://tickets.opscode.com/browse/COOK-3116)** - Add SmartOS support
v3.0.0
------
### Improvement
- **[COOK-3328](https://tickets.opscode.com/browse/COOK-3328)** - Postfix main/master and attributes refactor
**Breaking changes**:
- Attributes are namespaced as `node['postfix']`, `node['postfix']['main']`, and `node['postfix']['master']`.
v2.1.6
------
### Bug
- [COOK-2501]: Reference to `['postfix']['domain']` should be `['postfix']['mydomain']`
- [COOK-2715]: master.cf uses old name for `smtp_fallback_relay` (`fallback_relay`) parameter in master.cf
v2.1.4
------
- [COOK-2281] - postfix aliases uses require_recipe statement
v2.1.2
------
- [COOK-2010] - postfix sasl_auth does not include the sasl plain package
v2.1.0
------
- [COOK-1233] - optional configuration for canonical maps
- [COOK-1660] - allow comma separated arrays in aliases
- [COOK-1662] - allow inet_interfaces configuration via attribute
v2.0.0
------
This version uses platform_family attribute, making the cookbook incompatible with older versions of Chef/Ohai, hence the major version bump.
- [COOK-1535] - `smtpd_cache` should be in `data_directory`, not `queue_directory`
- [COOK-1790] - /etc/aliases template is only in ubuntu directory
- [COOK-1792] - add minitest-chef tests to postfix cookbook
v1.2.2
------
- [COOK-1442] - Missing ['postfix']['domain'] Attribute causes initial installation failure
- [COOK-1520] - Add support for procmail delivery
- [COOK-1528] - Make aliasses template less specific
- [COOK-1538] - Add iptables_rule template
- [COOK-1540] - Add smtpd_milters and non_smtpd_milters parameters to main.cf
v1.2.0
------
- [COOK-880] - add client/server roles for search-based discovery of relayhost
v1.0.0
------
- [COOK-668] - RHEL/CentOS/Scientific/Amazon platform support
- [COOK-733] - postfix::aliases recipe to manage /etc/aliases
- [COOK-821] - add README.md :)
v0.8.4
------
- Current public release.

289
cookbooks/postfix/README.md Normal file
View File

@@ -0,0 +1,289 @@
postfix Cookbook
================
Installs and configures postfix for client or outbound relayhost, or to do SASL authentication.
On RHEL-family systems, sendmail will be replaced with postfix.
Requirements
------------
### Platforms
- Ubuntu 10.04+
- Debian 6.0+
- RHEL/CentOS/Scientific 5.7+, 6.2+
- Amazon Linux (as of AMIs created after 4/9/2012)
May work on other platforms with or without modification.
Attributes
----------
See `attributes/default.rb` for default values.
### Generic cookbook attributes
* `node['postfix']['mail_type']` - Sets the kind of mail configuration. `master` will set up a server (relayhost).
* `node['postfix']['relayhost_role']` - name of a role used for search in the client recipe.
* `node['postfix']['multi_environment_relay']` - set to true if nodes should not constrain search for the relayhost in their own environment.
* `node['postfix']['use_procmail']` - set to true if nodes should use procmail as the delivery agent.
* `node['postfix']['use_alias_maps']` - set to true if you want the cookbook to use/configure alias maps
* `node['postfix']['use_transport_maps']` - set to true if you want the cookbook to use/configure transport maps
* `node['postfix']['use_access_maps']` - set to true if you want the cookbook to use/configure access maps
* `node['postfix']['use_virtual_aliases']` - set to true if you want the cookbook to use/configure virtual alias maps
* `node['postfix']['aliases']` - hash of aliases to create with `recipe[postfix::aliases]`, see below under __Recipes__ for more information.
* `node['postfix']['transports']` - hash of transports to create with `recipe[postfix::transports]`, see below under __Recipes__ for more information.
* `node['postfix']['access']` - hash of access to create with `recipe[postfix::access]`, see below under __Recipes__ for more information.
* `node['postfix']['virtual_aliases']` - hash of virtual_aliases to create with `recipe[postfix::virtual_aliases]`, see below under __Recipes__ for more information.
* `node['postfix']['main_template_source']` - Cookbook source for main.cf template. Default 'postfix'
* `node['postfix']['master_template_source']` - Cookbook source for master.cf template. Default 'postfix'
### main.cf and sasl\_passwd template attributes
The main.cf template has been simplified to include any attributes in the `node['postfix']['main']` data structure. The following attributes are still included with this cookbook to maintain some semblance of backwards compatibility.
This change in namespace to `node['postfix']['main']` should allow for greater flexibility, given the large number of configuration variables for the postfix daemon. All of these cookbook attributes correspond to the option of the same name in `/etc/postfix/main.cf`.
* `node['postfix']['main']['biff']` - (yes/no); default no
* `node['postfix']['main']['append_dot_mydomain']` - (yes/no); default no
* `node['postfix']['main']['myhostname']` - defaults to fqdn from Ohai
* `node['postfix']['main']['mydomain']` - defaults to domain from Ohai
* `node['postfix']['main']['myorigin']` - defaults to $myhostname
* `node['postfix']['main']['mynetworks']` - default is nil, which forces Postfix to default to loopback addresses.
* `node['postfix']['main']['inet_interfaces']` - set to `loopback-only`, or `all` for server recipe
* `node['postfix']['main']['alias_maps']` - set to `hash:/etc/aliases`
* `node['postfix']['main']['mailbox_size_limit']` - set to `0` (disabled)
* `node['postfix']['main']['mydestination']` - default fqdn, hostname, localhost.localdomain, localhost
* `node['postfix']['main']['smtpd_use_tls']` - (yes/no); default yes. See conditional cert/key attributes.
- `node['postfix']['main']['smtpd_tls_cert_file']` - conditional attribute, set to full path of server's x509 certificate.
- `node['postfix']['main']['smtpd_tls_key_file']` - conditional attribute, set to full path of server's private key
- `node['postfix']['main']['smtpd_tls_CAfile']` - set to platform specific CA bundle
- `node['postfix']['main']['smtpd_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
* `node['postfix']['main']['smtp_use_tls']` - (yes/no); default yes. See following conditional attributes.
- `node['postfix']['main']['smtp_tls_CAfile']` - set to platform specific CA bundle
- `node['postfix']['main']['smtp_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
* `node['postfix']['main']['smtp_sasl_auth_enable']` - (yes/no); default no. If enabled, see following conditional attributes.
- `node['postfix']['main']['smtp_sasl_password_maps']` - Set to `hash:/etc/postfix/sasl_passwd` template file
- `node['postfix']['main']['smtp_sasl_security_options']` - Set to noanonymous
- `node['postfix']['main']['relayhost']` - Set to empty string
- `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as. Default empty
- `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use. Default empty.
* `node['postfix']['sender_canonical_map_entries']` - (hash with key value pairs); default not configured. Setup generic canonical maps. See `man 5 canonical`. If has at least one value, then will be enabled in config.
* `node['postfix']['smtp_generic_map_entries']` - (hash with key value pairs); default not configured. Setup generic postfix maps. See `man 5 generic`. If has at least one value, then will be enabled in config.
Example of json role config, for setup *_map_entries:
`postfix : {`
`...`
`"smtp_generic_map_entries" : { "root@youinternaldomain.local" : "admin@example.com", "admin@youinternaldomain.local" : "admin@example.com" }`
`}`
### master.cf template attributes
* `node['postfix']['master']['submission'] - Whether to use submission (TCP 587) daemon. (true/false); default false
Recipes
-------
### default
Installs the postfix package and manages the service and the main configuration files (`/etc/postfix/main.cf` and `/etc/postfix/master.cf`). See __Usage__ and __Examples__ to see how to affect behavior of this recipe through configuration. Depending on the `node['postfix']['use_alias_maps']`, `node['postfix']['use_transport_maps']`, `node['postfix']['use_access_maps']` and `node['postfix']['use_virtual_aliases']` attributes the default recipe can call additional recipes to manage additional postfix configuration files
For a more dynamic approach to discovery for the relayhost, see the `client` and `server` recipes below.
### client
Use this recipe to have nodes automatically search for the mail relay based which node has the `node['postfix']['relayhost_role']` role. Sets the `node['postfix']['main']['relayhost']` attribute to the first result from the search.
Includes the default recipe to install, configure and start postfix.
Does not work with `chef-solo`.
### sasl\_auth
Sets up the system to authenticate with a remote mail relay using SASL authentication.
### server
To use Chef Server search to automatically detect a node that is the relayhost, use this recipe in a role that will be relayhost. By default, the role should be "relayhost" but you can change the attribute `node['postfix']['relayhost_role']` to modify this.
**Note** This recipe will set the `node['postfix']['mail_type']` to "master" with an override attribute.
### aliases
Manage `/etc/aliases` with this recipe. Currently only Ubuntu 10.04 platform has a template for the aliases file. Add your aliases template to the `templates/default` or to the appropriate platform+version directory per the File Specificity rules for templates. Then specify a hash of aliases for the `node['postfix']['aliases']` attribute.
Arrays are supported as alias values, since postfix supports comma separated values per alias, simply specify your alias as an array to use this handy feature.
### aliases
Manage `/etc/aliases` with this recipe.
### transports
Manage `/etc/postfix/transport` with this recipe.
### access
Manage `/etc/postfix/access` with this recipe.
### virtual_aliases
Manage `/etc/postfix/virtual` with this recipe.
http://wiki.opscode.com/display/chef/Templates#Templates-TemplateLocationSpecificity
Usage
-----
On systems that should simply send mail directly to a relay, or out to the internet, use `recipe[postfix]` and modify the `node['postfix']['main']['relayhost']` attribute via a role.
On systems that should be the MX for a domain, set the attributes accordingly and make sure the `node['postfix']['mail_type']` attribute is `master`. See __Examples__ for information on how to use `recipe[postfix::server]` to do this automatically.
If you need to use SASL authentication to send mail through your ISP (such as on a home network), use `postfix::sasl_auth` and set the appropriate attributes.
For each of these implementations, see __Examples__ for role usage.
### Examples
The example roles below only have the relevant postfix usage. You may have other contents depending on what you're configuring on your systems.
The `base` role is applied to all nodes in the environment.
```ruby
name "base"
run_list("recipe[postfix]")
override_attributes(
"postfix" => {
"mail_type" => "client",
"main" => {
"mydomain" => "example.com",
"myorigin" => "example.com",
"relayhost" => "[smtp.example.com]",
"smtp_use_tls" => "no"
}
}
)
```
The `relayhost` role is applied to the nodes that are relayhosts. Often this is 2 systems using a CNAME of `smtp.example.com`.
```ruby
name "relayhost"
run_list("recipe[postfix::server]")
override_attributes(
"postfix" => {
"mail_type" => "master",
"main" => {
"mynetworks" => [ "10.3.3.0/24", "127.0.0.0/8" ],
"inet-interfaces" => "all",
"mydomain" => "example.com",
"myorigin" => "example.com"
}
)
```
The `sasl_relayhost` role is applied to the nodes that are relayhosts and require authenticating with SASL. For example this might be on a household network with an ISP that otherwise blocks direct internet access to SMTP.
```ruby
name "sasl_relayhost"
run_list("recipe[postfix], recipe[postfix::sasl_auth]")
override_attributes(
"postfix" => {
"mail_type" => "master",
"main" => {
"mynetworks" => "10.3.3.0/24",
"mydomain" => "example.com",
"myorigin" => "example.com",
"relayhost" => "[smtp.comcast.net]:587",
"smtp_sasl_auth_enable" => "yes"
},
"sasl" => {
"smtp_sasl_passwd" => "your_password",
"smtp_sasl_user_name" => "your_username"
}
}
)
```
For an example of using encrypted data bags to encrypt the SASL password, see the following blog post:
* http://jtimberman.github.com/blog/2011/08/06/encrypted-data-bag-for-postfix-sasl-authentication/
#### Examples using the client & server recipes
If you'd like to use the more dynamic search based approach for discovery, use the server and client recipes. First, create a relayhost role.
```ruby
name "relayhost"
run_list("recipe[postfix::server]")
override_attributes(
"postfix" => {
"main" => {
"mynetworks" => "10.3.3.0/24",
"mydomain" => "example.com",
"myorigin" => "example.com"
}
}
)
```
Then, add the `postfix::client` recipe to the run list of your `base` role or equivalent role for postfix clients.
```ruby
name "base"
run_list("recipe[postfix::client]")
override_attributes(
"postfix" => {
"mail_type" => "client",
"main" => {
"mydomain" => "example.com",
"myorigin" => "example.com"
}
}
)
```
If you wish to use a different role name for the relayhost, then also set the attribute in the `base` role. For example, `postfix_master` as the role name:
```ruby
name "postfix_master"
description "a role for postfix master that isn't relayhost"
run_list("recipe[postfix::server]")
override_attributes(
"postfix" => {
"main" => {
"mynetworks" => "10.3.3.0/24",
"mydomain" => "example.com",
"myorigin" => "example.com"
}
}
)
```
The base role would look something like this:
```ruby
name "base"
run_list("recipe[postfix::client]")
override_attributes(
"postfix" => {
"relayhost_role" => "postfix_master",
"mail_type" => "client",
"main" => {
"mydomain" => "example.com",
"myorigin" => "example.com"
}
}
)
```
License & Authors
-----------------
- Author:: Joshua Timberman <joshua@getchef.com>
```text
Copyright:: 2009-2014, Chef Software, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
```

137
cookbooks/postfix/attributes/default.rb Normal file
View File

@@ -0,0 +1,137 @@
# encoding: utf-8
# Author:: Joshua Timberman <joshua@getchef.com>
# Copyright:: Copyright 2009-2014, Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Generic cookbook attributes
default['postfix']['mail_type'] = 'client'
default['postfix']['relayhost_role'] = 'relayhost'
default['postfix']['multi_environment_relay'] = false
default['postfix']['use_procmail'] = false
default['postfix']['use_alias_maps'] = (node['platform'] == 'freebsd')
default['postfix']['use_transport_maps'] = false
default['postfix']['use_access_maps'] = false
default['postfix']['use_virtual_aliases'] = false
default['postfix']['use_virtual_aliases_domains'] = false
default['postfix']['transports'] = {}
default['postfix']['access'] = {}
default['postfix']['virtual_aliases'] = {}
default['postfix']['virtual_aliases_domains'] = {}
default['postfix']['main_template_source'] = 'postfix'
default['postfix']['master_template_source'] = 'postfix'
default['postfix']['sender_canonical_map_entries'] = {}
default['postfix']['smtp_generic_map_entries'] = {}
default['postfix']['access_db_type'] = 'hash'
default['postfix']['aliases_db_type'] = 'hash'
default['postfix']['transport_db_type'] = 'hash'
default['postfix']['virtual_alias_db_type'] = 'hash'
default['postfix']['virtual_alias_domains_db_type'] = 'hash'
case node['platform']
when 'smartos'
default['postfix']['conf_dir'] = '/opt/local/etc/postfix'
default['postfix']['aliases_db'] = '/opt/local/etc/postfix/aliases'
default['postfix']['transport_db'] = '/opt/local/etc/postfix/transport'
default['postfix']['access_db'] = '/opt/local/etc/postfix/access'
default['postfix']['virtual_alias_db'] = '/opt/local/etc/postfix/virtual'
default['postfix']['virtual_alias_domains_db'] = '/opt/local/etc/postfix/virtual_domains'
when 'freebsd'
default['postfix']['conf_dir'] = '/usr/local/etc/postfix'
default['postfix']['aliases_db'] = '/etc/aliases'
default['postfix']['transport_db'] = '/usr/local/etc/postfix/transport'
default['postfix']['access_db'] = '/usr/local/etc/postfix/access'
default['postfix']['virtual_alias_db'] = '/usr/local/etc/postfix/virtual'
default['postfix']['virtual_alias_domains_db'] = '/usr/local/etc/postfix/virtual_domains'
when 'omnios'
default['postfix']['conf_dir'] = '/opt/omni/etc/postfix'
default['postfix']['aliases_db'] = '/opt/omni/etc/postfix/aliases'
default['postfix']['transport_db'] = '/opt/omni/etc/postfix/transport'
default['postfix']['access_db'] = '/opt/omni/etc/postfix/access'
default['postfix']['virtual_alias_db'] = '/etc/omni/etc/postfix/virtual'
default['postfix']['virtual_alias_domains_db'] = '/etc/omni/etc/postfix/virtual_domains'
default['postfix']['uid'] = 11
else
default['postfix']['conf_dir'] = '/etc/postfix'
default['postfix']['aliases_db'] = '/etc/aliases'
default['postfix']['transport_db'] = '/etc/postfix/transport'
default['postfix']['access_db'] = '/etc/postfix/access'
default['postfix']['virtual_alias_db'] = '/etc/postfix/virtual'
default['postfix']['virtual_alias_domains_db'] = '/etc/postfix/virtual_domains'
end
# Non-default main.cf attributes
default['postfix']['main']['biff'] = 'no'
default['postfix']['main']['append_dot_mydomain'] = 'no'
default['postfix']['main']['myhostname'] = (node['fqdn'] || node['hostname']).to_s.chomp('.')
default['postfix']['main']['mydomain'] = (node['domain'] || node['hostname']).to_s.chomp('.')
default['postfix']['main']['myorigin'] = '$myhostname'
default['postfix']['main']['mydestination'] = [node['postfix']['main']['myhostname'], node['hostname'], 'localhost.localdomain', 'localhost'].compact
default['postfix']['main']['smtpd_use_tls'] = 'yes'
default['postfix']['main']['smtp_use_tls'] = 'yes'
default['postfix']['main']['smtp_sasl_auth_enable'] = 'no'
default['postfix']['main']['mailbox_size_limit'] = 0
default['postfix']['main']['mynetworks'] = nil
default['postfix']['main']['inet_interfaces'] = 'loopback-only'
# Conditional attributes, also reference _attributes recipe
case node['platform_family']
when 'smartos'
default['postfix']['main']['smtpd_use_tls'] = 'no'
default['postfix']['main']['smtp_use_tls'] = 'no'
default['postfix']['cafile'] = '/opt/local/etc/postfix/cacert.pem'
when 'rhel'
default['postfix']['cafile'] = '/etc/pki/tls/cert.pem'
else
default['postfix']['cafile'] = "#{node['postfix']['conf_dir']}/cacert.pem"
end
# # Default main.cf attributes according to `postconf -d`
# default['postfix']['main']['relayhost'] = ''
# default['postfix']['main']['milter_default_action'] = 'tempfail'
# default['postfix']['main']['milter_protocol'] = '6'
# default['postfix']['main']['smtpd_milters'] = ''
# default['postfix']['main']['non_smtpd_milters'] = ''
# default['postfix']['main']['sender_canonical_classes'] = nil
# default['postfix']['main']['recipient_canonical_classes'] = nil
# default['postfix']['main']['canonical_classes'] = nil
# default['postfix']['main']['sender_canonical_maps'] = nil
# default['postfix']['main']['recipient_canonical_maps'] = nil
# default['postfix']['main']['canonical_maps'] = nil
# Master.cf attributes
default['postfix']['master']['submission'] = false
# OS Aliases
case node['platform']
when 'freebsd'
default['postfix']['aliases'] = {
'MAILER-DAEMON' => 'postmaster',
'bin' => 'root',
'daemon' => 'root',
'named' => 'root',
'nobody' => 'root',
'uucp' => 'root',
'www' => 'root',
'ftp-bugs' => 'root',
'postfix' => 'root',
'manager' => 'root',
'dumper' => 'root',
'operator' => 'root',
'abuse' => 'postmaster'
}
else
default['postfix']['aliases'] = {}
end

25
cookbooks/postfix/files/default/tests/minitest/support/helpers.rb Normal file
View File

@@ -0,0 +1,25 @@
# encoding: utf-8
# Copyright 2012-2014, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# helpers
module Helpers
# postfix
module Postfix
include MiniTest::Chef::Assertions
include MiniTest::Chef::Context
include MiniTest::Chef::Resources
end
end

89
cookbooks/postfix/metadata.json Normal file
View File

@@ -0,0 +1,89 @@
{
"name": "postfix",
"version": "3.6.2",
"description": "Installs and configures postfix for client or outbound relayhost, or to do SASL auth",
"long_description": "",
"maintainer": "Chef Software, Inc.",
"maintainer_email": "cookbooks@getchef.com",
"license": "Apache 2.0",
"platforms": {
"ubuntu": ">= 0.0.0",
"debian": ">= 0.0.0",
"redhat": ">= 0.0.0",
"centos": ">= 0.0.0",
"amazon": ">= 0.0.0",
"scientific": ">= 0.0.0",
"smartos": ">= 0.0.0"
},
"dependencies": {
},
"recommendations": {
},
"suggestions": {
},
"conflicting": {
},
"providing": {
},
"replacing": {
},
"attributes": {
"postfix/main": {
"display_name": "postfix/main",
"description": "Hash of Postfix main.cf attributes",
"type": "hash"
},
"postfix/aliases": {
"display_name": "Postfix Aliases",
"description": "Hash of Postfix aliases mapping a name to a value. Example 'root' => 'operator@example.com'. See aliases man page for details.",
"type": "hash"
},
"postfix/transports": {
"display_name": "Postfix Transports",
"description": "Hash of Postfix transports mapping a destination to a smtp server. Example 'my.domain' => 'smtp:outbound-relay.my.domain'. See transport man page for details.",
"type": "hash"
},
"postfix/access": {
"display_name": "Postfix Access Table",
"description": "Hash of Postfix accesses mapping a pattern to a action. Example 'domain.tld' => 'OK'. See access man page for details.",
"type": "hash"
},
"postfix/mail_type": {
"display_name": "Postfix Mail Type",
"description": "Is this node a client or server?",
"default": "client"
},
"postfix/smtp_sasl_user_name": {
"display_name": "Postfix SMTP SASL Username",
"description": "User to auth SMTP via SASL",
"default": ""
},
"postfix/smtp_sasl_passwd": {
"display_name": "Postfix SMTP SASL Password",
"description": "Password for smtp_sasl_user_name",
"default": ""
},
"postfix/relayhost_role": {
"display_name": "Postfix Relayhost's role",
"description": "String containing the role name",
"default": "relayhost"
},
"postfix/use_procmail": {
"display_name": "Postfix Use procmail?",
"description": "Whether procmail should be used as the local delivery agent for a server",
"default": "no"
}
},
"groupings": {
},
"recipes": {
"postfix": "Installs and configures postfix",
"postfix::sasl_auth": "Set up postfix to auth to a server with sasl",
"postfix::aliases": "Manages /etc/aliases",
"postfix::transports": "Manages /etc/postfix/transport",
"postfix::access": "Manages /etc/postfix/access",
"postfix::virtual_aliases": "Manages /etc/postfix/virtual",
"postfix::client": "Searches for the relayhost based on an attribute",
"postfix::server": "Sets the mail_type attribute to master"
}
}

64
cookbooks/postfix/metadata.rb Normal file
View File

@@ -0,0 +1,64 @@
# encoding: utf-8
name 'postfix'
description 'Installs and configures postfix for client or outbound relayhost, or to do SASL auth'
maintainer 'Chef Software, Inc.'
maintainer_email 'cookbooks@getchef.com'
license 'Apache 2.0'
version '3.6.2'
recipe 'postfix', 'Installs and configures postfix'
recipe 'postfix::sasl_auth', 'Set up postfix to auth to a server with sasl'
recipe 'postfix::aliases', 'Manages /etc/aliases'
recipe 'postfix::transports', 'Manages /etc/postfix/transport'
recipe 'postfix::access', 'Manages /etc/postfix/access'
recipe 'postfix::virtual_aliases', 'Manages /etc/postfix/virtual'
recipe 'postfix::client', 'Searches for the relayhost based on an attribute'
recipe 'postfix::server', 'Sets the mail_type attribute to master'
%w(ubuntu debian redhat centos amazon scientific smartos).each do |os|
supports os
end
attribute 'postfix/main',
display_name: 'postfix/main',
description: 'Hash of Postfix main.cf attributes',
type: 'hash'
attribute 'postfix/aliases',
display_name: 'Postfix Aliases',
description: "Hash of Postfix aliases mapping a name to a value. Example 'root' => 'operator@example.com'. See aliases man page for details.",
type: 'hash'
attribute 'postfix/transports',
display_name: 'Postfix Transports',
description: "Hash of Postfix transports mapping a destination to a smtp server. Example 'my.domain' => 'smtp:outbound-relay.my.domain'. See transport man page for details.",
type: 'hash'
attribute 'postfix/access',
display_name: 'Postfix Access Table',
description: "Hash of Postfix accesses mapping a pattern to a action. Example 'domain.tld' => 'OK'. See access man page for details.",
type: 'hash'
attribute 'postfix/mail_type',
display_name: 'Postfix Mail Type',
description: 'Is this node a client or server?',
default: 'client'
attribute 'postfix/smtp_sasl_user_name',
display_name: 'Postfix SMTP SASL Username',
description: 'User to auth SMTP via SASL',
default: ''
attribute 'postfix/smtp_sasl_passwd',
display_name: 'Postfix SMTP SASL Password',
description: 'Password for smtp_sasl_user_name',
default: ''
attribute 'postfix/relayhost_role',
display_name: "Postfix Relayhost's role",
description: 'String containing the role name',
default: 'relayhost'
attribute 'postfix/use_procmail',
display_name: 'Postfix Use procmail?',
description: 'Whether procmail should be used as the local delivery agent for a server',
default: 'no'

60
cookbooks/postfix/recipes/_attributes.rb Normal file
View File

@@ -0,0 +1,60 @@
# encoding: utf-8
# Copyright:: Copyright 2012-2014, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if node['postfix']['use_procmail']
node.default['postfix']['main']['mailbox_command'] = '/usr/bin/procmail -a "$EXTENSION"'
end
if node['postfix']['main']['smtpd_use_tls'] == 'yes'
node.default['postfix']['main']['smtpd_tls_cert_file'] = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
node.default['postfix']['main']['smtpd_tls_key_file'] = '/etc/ssl/private/ssl-cert-snakeoil.key'
node.default['postfix']['main']['smtpd_tls_CAfile'] = node['postfix']['cafile']
node.default['postfix']['main']['smtpd_tls_session_cache_database'] = 'btree:${data_directory}/smtpd_scache'
end
if node['postfix']['main']['smtp_use_tls'] == 'yes'
node.default['postfix']['main']['smtp_tls_CAfile'] = node['postfix']['cafile']
node.default['postfix']['main']['smtp_tls_session_cache_database'] = 'btree:${data_directory}/smtp_scache'
end
if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
node.default['postfix']['sasl_password_file'] = "#{node['postfix']['conf_dir']}/sasl_passwd"
node.default['postfix']['main']['smtp_sasl_password_maps'] = "hash:#{node['postfix']['sasl_password_file']}"
node.default['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous'
node.default['postfix']['sasl']['smtp_sasl_user_name'] = ''
node.default['postfix']['sasl']['smtp_sasl_passwd'] = ''
node.default['postfix']['main']['relayhost'] = ''
end
if node['postfix']['use_alias_maps']
node.default['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"]
end
if node['postfix']['use_transport_maps']
node.default['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"]
end
if node['postfix']['use_access_maps']
node.default['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"]
end
if node['postfix']['use_virtual_aliases']
node.default['postfix']['main']['virtual_alias_maps'] = ["#{node['postfix']['virtual_alias_db_type']}:#{node['postfix']['virtual_alias_db']}"]
end
if node['postfix']['use_virtual_aliases_domains']
node.default['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"]
end

128
cookbooks/postfix/recipes/_common.rb Normal file
View File

@@ -0,0 +1,128 @@
# encoding: utf-8
# Author:: Joshua Timberman(<joshua@getchef.com>)
# Cookbook Name:: common
# Recipe:: default
#
# Copyright 2009-2014, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'postfix::_attributes'
package 'postfix'
package 'procmail' if node['postfix']['use_procmail']
case node['platform_family']
when 'rhel', 'fedora'
service 'sendmail' do
action :nothing
end
execute 'switch_mailer_to_postfix' do
command '/usr/sbin/alternatives --set mta /usr/sbin/sendmail.postfix'
notifies :stop, 'service[sendmail]'
notifies :start, 'service[postfix]'
not_if '/usr/bin/test /etc/alternatives/mta -ef /usr/sbin/sendmail.postfix'
end
when 'omnios'
manifest_path = ::File.join(Chef::Config[:file_cache_path], 'manifest-postfix.xml')
# we need to manage the postfix group and user
# and then subscribe to the package install because it creates a
# postdrop group and adds postfix user to it.
group 'postfix' do
append true
end
user 'postfix' do
uid node['postfix']['uid']
gid 'postfix'
home '/var/spool/postfix'
subscribes :manage, 'package[postfix]'
notifies :run, 'execute[/opt/omni/sbin/postfix set-permissions]', :immediately
end
# we don't guard this because if the user creation was successful (or happened out of band), then this won't get executed when the action is :nothing.
execute '/opt/omni/sbin/postfix set-permissions'
template manifest_path do
source 'manifest-postfix.xml.erb'
owner 'root'
group node['root_group']
mode '0644'
notifies :run, 'execute[load postfix manifest]', :immediately
end
execute 'load postfix manifest' do
action :nothing
command "svccfg import #{manifest_path}"
notifies :restart, 'service[postfix]'
end
end
execute 'update-postfix-sender_canonical' do
command "postmap #{node['postfix']['conf_dir']}/sender_canonical"
action :nothing
end
unless node['postfix']['sender_canonical_map_entries'].empty?
template "#{node['postfix']['conf_dir']}/sender_canonical" do
owner 'root'
group node['root_group']
mode '0644'
notifies :run, 'execute[update-postfix-sender_canonical]'
notifies :reload, 'service[postfix]'
end
unless node['postfix']['main'].key?('sender_canonical_maps')
node.set['postfix']['main']['sender_canonical_maps'] = "hash:#{node['postfix']['conf_dir']}/sender_canonical"
end
end
execute 'update-postfix-smtp_generic' do
command "postmap #{node['postfix']['conf_dir']}/smtp_generic"
action :nothing
end
unless node['postfix']['smtp_generic_map_entries'].empty?
template "#{node['postfix']['conf_dir']}/smtp_generic" do
owner 'root'
group node['root_group']
mode '0644'
notifies :run, 'execute[update-postfix-smtp_generic]'
notifies :reload, 'service[postfix]'
end
unless node['postfix']['main'].key?('smtp_generic_maps')
node.set['postfix']['main']['smtp_generic_maps'] = "hash:#{node['postfix']['conf_dir']}/smtp_generic"
end
end
%w{main master}.each do |cfg|
template "#{node['postfix']['conf_dir']}/#{cfg}.cf" do
source "#{cfg}.cf.erb"
owner 'root'
group node['root_group']
mode '0644'
notifies :restart, 'service[postfix]'
variables(settings: node['postfix'][cfg])
cookbook node['postfix']["#{cfg}_template_source"]
end
end
service 'postfix' do
supports status: true, restart: true, reload: true
action :enable
end

28
cookbooks/postfix/recipes/access.rb Normal file
View File

@@ -0,0 +1,28 @@
# encoding: utf-8
# Copyright:: Copyright (c) 2012, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'postfix::_common'
execute 'update-postfix-access' do
command "postmap #{node['postfix']['access_db']}"
environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
action :nothing
end
template node['postfix']['access_db'] do
source 'access.erb'
notifies :run, 'execute[update-postfix-access]'
end

30
cookbooks/postfix/recipes/aliases.rb Normal file
View File

@@ -0,0 +1,30 @@
# encoding: utf-8
# Copyright:: Copyright 2012-2014, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'postfix::_common'
execute 'update-postfix-aliases' do
command 'newaliases'
environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
# On FreeBSD, /usr/sbin/newaliases is the sendmail command, and it's in the path before postfix's /usr/local/bin/newaliases
environment ({ 'PATH' => "/usr/local/bin:#{ENV['PATH']}" }) if platform_family?('freebsd')
action :nothing
end
template node['postfix']['aliases_db'] do
source 'aliases.erb'
notifies :run, 'execute[update-postfix-aliases]'
end

42
cookbooks/postfix/recipes/client.rb Normal file
View File

@@ -0,0 +1,42 @@
# encoding: utf-8
# Author:: Joshua Timberman(<joshua@getchef.com>)
# Cookbook Name:: postfix
# Recipe:: client
#
# Copyright 2009-2014, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if Chef::Config[:solo]
Chef::Log.info("#{cookbook_name}::#{recipe_name} is intended for use with Chef Server, use #{cookbook_name}::default with Chef Solo.")
return
end
query = "role:#{node['postfix']['relayhost_role']}"
relayhost = ''
# results = []
if node.run_list.roles.include?(node['postfix']['relayhost_role'])
relayhost << node['ipaddress']
elsif node['postfix']['multi_environment_relay']
results = search(:node, query)
relayhost = results.map { |n| n['ipaddress'] }.first
else
results = search(:node, "#{query} AND chef_environment:#{node.chef_environment}")
relayhost = results.map { |n| n['ipaddress'] }.first
end
node.set['postfix']['main']['relayhost'] = "[#{relayhost}]"
include_recipe 'postfix'

45
cookbooks/postfix/recipes/default.rb Normal file
View File

@@ -0,0 +1,45 @@
# encoding: utf-8
# Author:: Joshua Timberman(<joshua@getchef.com>)
# Cookbook Name:: postfix
# Recipe:: default
#
# Copyright 2009-2014, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'postfix::_common'
if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
include_recipe 'postfix::sasl_auth'
end
if node['postfix']['use_alias_maps']
include_recipe 'postfix::aliases'
end
if node['postfix']['use_transport_maps']
include_recipe 'postfix::transports'
end
if node['postfix']['use_access_maps']
include_recipe 'postfix::access'
end
if node['postfix']['use_virtual_aliases']
include_recipe 'postfix::virtual_aliases'
end
if node['postfix']['use_virtual_aliases_domains']
include_recipe 'postfix::virtual_aliases_domains'
end

59
cookbooks/postfix/recipes/sasl_auth.rb Normal file
View File

@@ -0,0 +1,59 @@
# encoding: utf-8
#
# Author:: Joshua Timberman(<joshua@getchef.com>)
# Cookbook Name:: postfix
# Recipe:: sasl_auth
#
# Copyright 2009-2014, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'postfix::_common'
sasl_pkgs = []
# We use case instead of value_for_platform_family because we need
# version specifics for RHEL.
case node['platform_family']
when 'debian'
sasl_pkgs = %w(libsasl2-2 libsasl2-modules ca-certificates)
when 'rhel'
if node['platform_version'].to_i < 6
sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain openssl)
else
sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain ca-certificates)
end
when 'fedora'
sasl_pkgs = %w(cyrus-sasl cyrus-sasl-plain ca-certificates)
end
sasl_pkgs.each do |pkg|
package pkg
end
execute 'postmap-sasl_passwd' do
command "postmap #{node['postfix']['sasl_password_file']}"
environment 'PATH' => "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
action :nothing
end
template node['postfix']['sasl_password_file'] do
source 'sasl_passwd.erb'
owner 'root'
group node['root_group']
mode 0400
notifies :run, 'execute[postmap-sasl_passwd]', :immediately
notifies :restart, 'service[postfix]'
variables(settings: node['postfix']['sasl'])
end

25
cookbooks/postfix/recipes/server.rb Normal file
View File

@@ -0,0 +1,25 @@
# encoding: utf-8
#
# Author:: Joshua Timberman(<joshua@getchef.com>)
# Cookbook Name:: postfix
# Recipe:: server
#
# Copyright 2009-2014, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node.override['postfix']['mail_type'] = 'master'
node.override['postfix']['main']['inet_interfaces'] = 'all'
include_recipe 'postfix'

28
cookbooks/postfix/recipes/transports.rb Normal file
View File

@@ -0,0 +1,28 @@
# encoding: utf-8
# Copyright:: Copyright (c) 2012, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'postfix::_common'
execute 'update-postfix-transport' do
command "postmap #{node['postfix']['transport_db']}"
environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
action :nothing
end
template node['postfix']['transport_db'] do
source 'transport.erb'
notifies :run, 'execute[update-postfix-transport]'
end

29
cookbooks/postfix/recipes/virtual_aliases.rb Normal file
View File

@@ -0,0 +1,29 @@
# encoding: utf-8
# Copyright:: Copyright (c) 2012, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'postfix::_common'
execute 'update-postfix-virtual-alias' do
command "postmap #{node['postfix']['virtual_alias_db']}"
environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
action :nothing
end
template node['postfix']['virtual_alias_db'] do
source 'virtual_aliases.erb'
notifies :run, 'execute[update-postfix-virtual-alias]'
notifies :restart, 'service[postfix]'
end

29
cookbooks/postfix/recipes/virtual_aliases_domains.rb Normal file
View File

@@ -0,0 +1,29 @@
# encoding: utf-8
# Copyright:: Copyright (c) 2012, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'postfix::_common'
execute 'update-postfix-virtual-alias-domains' do
command "postmap #{node['postfix']['virtual_alias_domains_db']}"
environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
action :nothing
end
template node['postfix']['virtual_alias_domains_db'] do
source 'virtual_aliases_domains.erb'
notifies :run, 'execute[update-postfix-virtual-alias-domains]'
notifies :restart, 'service[postfix]'
end

10
cookbooks/postfix/templates/default/access.erb Normal file
View File

@@ -0,0 +1,10 @@
#
# This file is generated by Chef for <%= node['fqdn'] %>
#
# Local changes will be overwritten
#
# See man 5 access for format
<% node['postfix']['access'].each do |name, value| %>
<%= name %> <%= value %>
<% end unless node['postfix']['access'].nil? %>

11
cookbooks/postfix/templates/default/aliases.erb Normal file
View File

@@ -0,0 +1,11 @@
#
# This file is generated by Chef for <%= node['fqdn'] %>
#
# Local changes will be overwritten
#
# See man 5 aliases for format
postmaster: root
<% node['postfix']['aliases'].each do |name, value| %>
<%= name %>: <%= [value].flatten.map{|x| %Q("#{x}")}.join(', ') %>
<% end unless node['postfix']['aliases'].nil? %>

13
cookbooks/postfix/templates/default/main.cf.erb Normal file
View File

@@ -0,0 +1,13 @@
###
# Generated by Chef for <%= node['fqdn'] %>
# Configured as <%= node['postfix']['mail_type'] %>
###
<% @settings.sort.map do |key, value| -%>
<% next if value.nil? -%>
<% if value.kind_of? Array -%>
<%= "#{key} = #{value.join(', ')}"%>
<% else -%>
<%= "#{key} = #{value}"%>
<% end -%>
<% end -%>

84
cookbooks/postfix/templates/default/manifest-postfix.xml.erb Normal file
View File

@@ -0,0 +1,84 @@
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
-->
<service_bundle type="manifest" name="SFEpostfix:postfix">
<service name="network/smtp/postfix" type="service" version="1">
<create_default_instance enabled="false" />
<single_instance />
<dependency name="network" grouping="require_all" restart_on="error" type="service">
<service_fmri value="svc:/milestone/network:default" />
</dependency>
<dependency name="filesystem-local" grouping="require_all" restart_on="error" type="service">
<service_fmri value="svc:/system/filesystem/local" />
</dependency>
<dependency name="name-services" grouping="require_all" restart_on="refresh" type="service">
<service_fmri value="svc:/milestone/name-services" />
</dependency>
<dependency name="system-log" grouping="optional_all" restart_on="error" type="service">
<service_fmri value="svc:/system/system-log" />
</dependency>
<!--
If autofs is enabled, wait for it to get users" home
directories.
-->
<dependency name="autofs" grouping="optional_all" restart_on="error" type="service">
<service_fmri value="svc:/system/filesystem/autofs" />
</dependency>
<dependent name="postfix_multi-user" grouping="optional_all" restart_on="none">
<service_fmri value="svc:/milestone/multi-user" />
</dependent>
<exec_method type="method" name="start"
exec="/opt/omni/sbin/postfix start"
timeout_seconds="180" />
<exec_method type="method" name="stop"
exec="/opt/omni/sbin/postfix stop"
timeout_seconds="60" />
<exec_method type="method" name="restart"
exec="/opt/omni/sbin/postfix reload"
timeout_seconds="60" />
<stability value="Unstable" />
<template>
<common_name>
<loctext xml:lang="C">
Postfix Mailserver
</loctext>
</common_name>
<documentation>
<manpage title="postfix" section="1" manpath="/usr/local/man" />
</documentation>
</template>
</service>
</service_bundle>

81
cookbooks/postfix/templates/default/master.cf.erb Normal file
View File

@@ -0,0 +1,81 @@
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
<% if @settings['submission'] -%>
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
<% end -%>
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - 500 smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

2
cookbooks/postfix/templates/default/port_smtp.erb Normal file
View File

@@ -0,0 +1,2 @@
# SMTP
-A FWR -p tcp -m tcp --dport 25 -j ACCEPT

2
cookbooks/postfix/templates/default/sasl_passwd.erb Normal file
View File

@@ -0,0 +1,2 @@
# This file is generated by Chef for <%= node['fqdn'] %>
<%= node['postfix']['main']['relayhost'] %> <%= @settings['smtp_sasl_user_name'] %>:<%= @settings['smtp_sasl_passwd'] %>

10
cookbooks/postfix/templates/default/sender_canonical.erb Normal file
View File

@@ -0,0 +1,10 @@
#
# This file is generated by Chef for <%= node['fqdn'] %>
#
# Local changes will be overwritten
#
# See man 5 canonical for format
<% node['postfix']['sender_canonical_map_entries'].each do |name, value| %>
<%= name %> <%= value %>
<% end unless node['postfix']['sender_canonical_map_entries'].nil? %>

10
cookbooks/postfix/templates/default/smtp_generic.erb Normal file
View File

@@ -0,0 +1,10 @@
#
# This file is generated by Chef for <%= node['fqdn'] %>
#
# Local changes will be overwritten
#
# See man 5 generic for format
<% node['postfix']['smtp_generic_map_entries'].each do |name, value| %>
<%= name %> <%= value %>
<% end unless node['postfix']['smtp_generic_map_entries'].nil? %>

10
cookbooks/postfix/templates/default/transport.erb Normal file
View File

@@ -0,0 +1,10 @@
#
# This file is generated by Chef for <%= node['fqdn'] %>
#
# Local changes will be overwritten
#
# See man 5 transport for format
<% node['postfix']['transports'].each do |name, value| %>
<%= name %> <%= value %>
<% end unless node['postfix']['transports'].nil? %>

10
cookbooks/postfix/templates/default/virtual_aliases.erb Normal file
View File

@@ -0,0 +1,10 @@
#
# This file is generated by Chef for <%= node['fqdn'] %>
#
# Local changes will be overwritten
#
# See man 5 virtual for format
<% node['postfix']['virtual_aliases'].each do |key, value| %>
<%= key %> <%= value %>
<% end unless node['postfix']['virtual_aliases'].nil? %>

10
cookbooks/postfix/templates/default/virtual_aliases_domains.erb Normal file
View File

@@ -0,0 +1,10 @@
#
# This file is generated by Chef for <%= node['fqdn'] %>
#
# Local changes will be overwritten
#
# See man 5 virtual for format
<% node['postfix']['virtual_aliases_domains'].each do |key, value| %>
<%= key %> <%= value %>
<% end unless node['postfix']['virtual_aliases_domains'].nil? %>