kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 26 Pull Requests 2 Projects 2 Activity
chef/site-cookbooks/kosmos_email/recipes/postfix.rb

198 lines
6.4 KiB
Ruby
Raw Blame History

#
# Cookbook:: kosmos_email
# Recipe:: postfix
#
%w[
postfix
postfix-ldap
].each do |pkg|
apt_package pkg
end
domain = node["email"]["domain"]
hostname = node["email"]["hostname"]
root_dir = node["email"]["root_directory"]
ip_addr = node["knife_zero"]["host"]
ldap_host = node["email"]["ldap_host"]
ldap_search_base = node["email"]["ldap_search_base"]
credentials = Chef::EncryptedDataBagItem.load('credentials', 'email')
node.normal["postfix"]["mail_type"] = "master"
node.normal["postfix"]["use_relay_restrictions_maps"] = true
node.normal["postfix"]["relay_restrictions"] = { domain => "OK", hostname => "OK" }
node.normal['postfix']['main']['myhostname'] = hostname
node.normal['postfix']['main']['mydomain'] = "$myhostname"
node.normal['postfix']['main']['myorigin'] = "$myhostname"
node.normal['postfix']['main']['mynetworks'] = ["10.1.1.0/24", "127.0.0.0/8"]
node.normal['postfix']['main']['smtp_use_tls'] = "yes"
node.normal['postfix']['main']['smtp_tls_security_level'] = "may"
node.normal['postfix']['main']['smtpd_use_tls'] = "yes"
node.normal['postfix']['main']['smtpd_tls_cert_file'] = "/etc/letsencrypt/live/#{hostname}/fullchain.pem"
node.normal['postfix']['main']['smtpd_tls_key_file'] = "/etc/letsencrypt/live/#{hostname}/privkey.pem"
node.normal['postfix']['main']['smtpd_peername_lookup'] = "no"
node.normal['postfix']['main']['mailbox_transport'] = "lmtp:unix:private/dovecot-lmtp"
node.normal['postfix']['main']['virtual_transport'] = "lmtp:unix:private/dovecot-lmtp"
node.normal['postfix']['main']['smtputf8_enable'] = "no"
node.normal['postfix']['main']['recipient_delimiter'] = "+"
node.normal['postfix']['main']['virtual_alias_maps'] = "hash:#{root_dir}/aliases, ldap:/etc/postfix/ldap-virtual_alias_maps.cf"
node.normal['postfix']['main']['virtual_mailbox_domains'] = "ldap:/etc/postfix/ldap-virtual_mailbox_domains.cf"
node.normal['postfix']['main']['virtual_mailbox_maps'] = "ldap:/etc/postfix/ldap-virtual_mailbox_maps.cf"
node.normal['postfix']['main']['smtpd_sender_login_maps'] = "ldap:/etc/postfix/ldap-smtpd_sender_login_maps.cf"
node.normal['postfix']['main']['milter_protocol'] = "6"
node.normal['postfix']['main']['milter_default_action'] = "accept"
node.normal['postfix']['main']['smtpd_milters'] = "inet:localhost:12301 local:spamass/spamass.sock"
node.normal['postfix']['main']['non_smtpd_milters'] = "inet:localhost:12301"
node.normal['postfix']['master'] = {
"#{ip_addr}:2525": {
"active": true,
"order": 1,
"type": "inet",
"private": false,
"maxproc": "1",
"command": "postscreen",
"args": [
"-o postscreen_upstream_proxy_protocol=haproxy",
"-o postscreen_cache_map=btree:$data_directory/postscreen_2525_cache",
"-o syslog_name=postfix/2525"
]
},
"#{ip_addr}:10587": {
"active": true,
"order": 2,
"type": "inet",
"private": false,
"chroot": true,
"command": "smtpd",
"args": [
"-o syslog_name=postfix/10587",
"-o smtpd_tls_security_level=encrypt",
"-o smtpd_tls_wrappermode=no",
"-o smtpd_sasl_auth_enable=yes",
"-o smtpd_sender_restrictions=reject_sender_login_mismatch",
"-o smtpd_relay_restrictions=permit_sasl_authenticated,reject",
"-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject",
"-o smtpd_sasl_type=dovecot",
"-o smtpd_sasl_path=private/auth",
"-o smtpd_upstream_proxy_protocol=haproxy",
]
},
"#{ip_addr}:10465": {
"active": true,
"order": 3,
"type": "inet",
"private": false,
"chroot": true,
"command": "smtpd",
"args": [
"-o syslog_name=postfix/10465",
"-o smtpd_tls_wrappermode=yes",
"-o smtpd_sasl_auth_enable=yes",
"-o smtpd_relay_restrictions=permit_sasl_authenticated,reject",
"-o smtpd_sender_restrictions=reject_sender_login_mismatch",
"-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject",
"-o smtpd_sasl_type=dovecot",
"-o smtpd_sasl_path=private/auth",
"-o smtpd_upstream_proxy_protocol=haproxy",
]
},
"smtpd": {
"active": true,
"order": 100,
"type": "pass",
"chroot": true,
"command": "smtpd",
"args": []
},
"dnsblog": {
"active": true,
"order": 101,
"type": "unix",
"chroot": true,
"maxproc": "0",
"command": "dnsblog",
"args": []
},
"tlsproxy": {
"active": true,
"order": 102,
"type": "unix",
"chroot": true,
"maxproc": "0",
"command": "tlsproxy",
"args": []
}
}
bash "compile_postfix_aliases" do
cwd root_dir
code "postmap #{root_dir}/aliases"
action :nothing
notifies :restart, "service[postfix]", :delayed
end
template "#{root_dir}/aliases" do
source "virtual-aliases.erb"
mode 0755
variables aliases: node["email"]["virtual_aliases"]
notifies :run, "bash[compile_postfix_aliases]", :immediately
end
ldap_default_variables = {
server_host: ldap_host,
bind_dn: credentials['ldap_dn'],
bind_pw: credentials['ldap_dnpass'],
search_base: ldap_search_base
}
template "/etc/postfix/ldap-virtual_mailbox_domains.cf" do
source "postfix_ldap-map.cf.erb"
mode 0600
variables ldap_default_variables.merge({
query_filter: "mailRoutingAddress=*@%s",
result_attribute: "mailRoutingAddress",
result_format: "%d"
})
notifies :restart, "service[postfix]", :delayed
end
template "/etc/postfix/ldap-virtual_alias_maps.cf" do
source "postfix_ldap-map.cf.erb"
mode 0600
variables ldap_default_variables.merge({
query_filter: "(&(mailRoutingAddress=%s)(mailForwardingAddress=*))",
result_attribute: "mailForwardingAddress"
})
notifies :restart, "service[postfix]", :delayed
end
template "/etc/postfix/ldap-virtual_mailbox_maps.cf" do
source "postfix_ldap-map.cf.erb"
mode 0600
variables ldap_default_variables.merge({
query_filter: "mailRoutingAddress=%s",
result_attribute: "mailRoutingAddress"
})
notifies :restart, "service[postfix]", :delayed
end
template "/etc/postfix/ldap-smtpd_sender_login_maps.cf" do
source "postfix_ldap-map.cf.erb"
mode 0600
variables ldap_default_variables.merge({
query_filter: "mailRoutingAddress=%s",
result_attribute: "mailRoutingAddress, mailForwardingAddress"
})
notifies :restart, "service[postfix]", :delayed
end
include_recipe 'postfix::server'
service "postfix" do
action [:enable, :start]
end
Reference in New Issue View Git Blame Copy Permalink