diff --git a/CHANGELOG.md b/CHANGELOG.md index 39c6208..9564049 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## v3.?.?: + +- [COOK-3328]: Refactor main.cf template and attributes for greater flexibility. + +**Breaking changes**: + +- Attributes are namespaced as `node['postfix']`, `node['postfix']['main']`, + and `node['postfix']['master']`. + ## v2.1.6: ### Bug diff --git a/README.md b/README.md index fdb2ab9..d09fbb8 100644 --- a/README.md +++ b/README.md @@ -23,79 +23,63 @@ Attributes See `attributes/default.rb` for default values. + +## Generic cookbook attributes + * `node['postfix']['mail_type']` - Sets the kind of mail configuration. `master` will set up a server (relayhost). -* `node['postfix']['myhostname']` - corresponds to the myhostname - option in `/etc/postfix/main.cf`. -* `node['postfix']['mydomain']` - corresponds to the mydomain option - in `/etc/postfix/main.cf`. -* `node['postfix']['myorigin']` - corresponds to the myorigin option - in `/etc/postfix/main.cf`. -* `node['postfix']['relayhost']` - corresponds to the relayhost option - in `/etc/postfix/main.cf`. * `node['postfix']['relayhost_role']` - name of a role used for search in the client recipe. * `node['postfix']['multi_environment_relay']` - set to true if nodes should not constrain search for the relayhost in their own environment. -* `node['postfix']['inet_interfaces']` - if set, corresponds to the - inet_interfaces option in `/etc/postfix/main.cf`. nil by default, - which will result in 'all' for master `mail_type` and - 'loopback-only' for non-master (anything else) `mail_type`. -* `node['postfix']['mail_relay_networks']` - corresponds to the - mynetworks option in `/etc/postfix/main.cf`. -* `node['postfix']['smtpd_use_tls']` - set to "yes" to use TLS for - SMTPD, which will use the snakeoil certs. -* `node['postfix']['smtp_sasl_auth_enable']` - set to "yes" to enable - SASL authentication for SMTP. -* `node['postfix']['smtp_sasl_password_maps']` - corresponds to the - `smtp_sasl_password_maps` option in `/etc/postfix/main.cf`. -* `node['postfix']['smtp_sasl_security_options']` - corresponds to the - `smtp_sasl_security_options` option in `/etc/postfix/main.cf`. -* `node['postfix']['smtp_tls_cafile']` - corresponds to the - `smtp_tls_CAfile` option in `/etc/postfix/main.cf`. -* `node['postfix']['smtp_use_tls']` - corresponds to the - `smtp_use_tls` option in `/etc/postfix/main.cf`. -* `node['postfix']['smtp_sasl_user_name']` - mapped in the - `sasl_passwd` file as the user to authenticate as. -* `node['postfix']['smtp_sasl_passwd']` - mapped in the `sasl_passwd` - file as the password to use. +* `node['postfix']['use_procmail']` - set to true if nodes should use + procmail as the delivery agent. * `node['postfix']['aliases']` - hash of aliases to create with `recipe[postfix::aliases]`, see below under __Recipes__ for more information. -* `node['postfix']['use_procmail']` - set to true if nodes should use - procmail as the delivery agent (mailbox_command). -* `node['postfix']['milter_default_action']` - corresponds to the - `milter_default_action` option in `/etc/postfix/main.cf`. -* `node['postfix']['milter_protocol']` - corresponds to the - `milter_protocol` option in `/etc/postfix/main.cf`. -* `node['postfix']['smtpd_milters']` - corresponds to the - `smtpd_milters` option in `/etc/postfix/main.cf`. -* `node['postfix']['non_smtpd_milters']` - corresponds to the - `non_smtpd_milters` option in `/etc/postfix/main.cf`. -* `node['postfix']['inet_interfaces']` - interfaces to listen to, all - or loopback-only -* `node['postfix']['sender_canonical_classes']` - controls what - addresses are subject to `sender_canonical_maps` address mapping, - specify one or more of: `envelope_sender`, `header_sender` - defaults to - nil -* `node['postfix']['recipient_canonical_classes']` - controls what - addresses are subject to `recipient_canonical_maps` address mapping, - specify one or more of: `envelope_recipient`, `header_recipient` - - defaults to nil -* `node['postfix']['canonical_classes']` - controls what addresses are - subject to `canonical_maps` address mapping, specify one or more of: - `envelope_sender`, `envelope_recipient`, `header_sender`, - `header_recipient` - defaults to nil -* `node['postfix']['sender_canonical_maps']` - optional address - mapping lookup tables for envelope and header sender addresses, eg. - `hash:/etc/postfix/sender_canonical` - defaults to nil -* `node['postfix']['recipient_canonical_maps']` - optional address - mapping lookup tables for envelope and header recipient addresses, - eg. `hash:/etc/postfix/recipient_canonical` - defaults to nil -* `node['postfix']['canonical_maps']` - optional address mapping - lookup tables for message headers and envelopes, eg. - `hash:/etc/postfix/canonical` - defaults to nil +* `node['postfix']['main_template_source']` - Cookbook source for main.cf template. Default 'postfix' +* `node['postfix']['master_template_source']` - Cookbook source for master.cf template. Default 'postfix' + +## main.cf and sasl\_passwd template attributes + +The main.cf template has been simplified to include any attributes in the `node['postfix']['main']` +data structure. The following attributes are still included with this cookbook +to maintain some semblance of backwards compatibility. + +This change in namespace to `node['postfix']['main']` should allow for greater flexibility, +given the large number of configuration variables for the postfix daemon. All of these cookbook +attributes correspond to the option of the same name in `/etc/postfix/main.cf`. + +* `node['postfix']['main']['biff']` - (yes/no); default no +* `node['postfix']['main']['append_dot_mydomain']` - (yes/no); default no +* `node['postfix']['main']['myhostname']` - defaults to fqdn from Ohai +* `node['postfix']['main']['mydomain']` - defaults to domain from Ohai +* `node['postfix']['main']['myorigin']` - defaults to $myhostname +* `node['postfix']['main']['mynetworks']` - default is `127.0.0.0/8` +* `node['postfix']['main']['inet_interfaces']` - set to `loopback-only`, or `all` for server recipe +* `node['postfix']['main']['alias_maps']` - set to `hash:/etc/aliases` +* `node['postfix']['main']['mailbox_size_limit']` - set to `0` (disabled) +* `node['postfix']['main']['recipient_delimiter']` - set to `+` +* `node['postfix']['main']['mydestination']` - default fqdn, hostname, localhost.localdomain, localhost +* `node['postfix']['main']['smtpd_use_tls']` - (yes/no); default yes. See conditional cert/key attributes. + - `node['postfix']['main']['smtpd_tls_cert_file']` - conditional attribute, set to full path of server's x509 certificate. + - `node['postfix']['main']['smtpd_tls_key_file']` - conditional attribute, set to full path of server's private key + - `node['postfix']['main']['smtpd_tls_CAfile']` - set to platform specific CA bundle + - `node['postfix']['main']['smtpd_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache` +* `node['postfix']['main']['smtp_use_tls']` - (yes/no); default yes. See following conditional attributes. + - `node['postfix']['main']['smtp_tls_CAfile']` - set to platform specific CA bundle + - `node['postfix']['main']['smtp_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache` +* `node['postfix']['main']['smtp_sasl_auth_enable']` - (yes/no); default no. If enabled, see following conditional attributes. + - `node['postfix']['main']['smtp_sasl_password_maps']` - Set to `hash:/etc/postfix/sasl_passwd` template file + - `node['postfix']['main']['smtp_sasl_security_options']` - Set to noanonymous + - `node['postfix']['main']['relayhost']` - Set to empty string + - `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as. Default empty + - `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use. Default empty. + +## master.cf template attributes + +* `node['postfix']['master']['submission'] - Whether to use submission (TCP 587) daemon. (true/false); default false Recipes ======= @@ -115,7 +99,7 @@ client ------ Use this recipe to have nodes automatically search for the mail relay -based which node has the `node['postfix']['relayhost']` role. Sets the +based which node has the `node['postfix']['relayhost_role']` role. Sets the `node['postfix']['relayhost']` attribute to the first result from the search. @@ -168,7 +152,7 @@ is `master`. See __Examples__ for information on how to use `recipe[postfix::server]` to do this automatically. If you need to use SASL authentication to send mail through your ISP -(such as on a home network), use `recipe[postfix::sasl_auth]` and set +(such as on a home network), use `postfix::sasl_auth` and set the appropriate attributes. For each of these implementations, see __Examples__ for role usage. @@ -185,12 +169,14 @@ The `base` role is applied to all nodes in the environment. name "base" run_list("recipe[postfix]") override_attributes( + "mail_type" => "client", "postfix" => { - "mail_type" => "client", - "mydomain" => "example.com", - "myorigin" => "example.com", - "relayhost" => "[smtp.example.com]", - "smtp_use_tls" => "no" + "main" => { + "mydomain" => "example.com", + "myorigin" => "example.com", + "relayhost" => "[smtp.example.com]", + "smtp_use_tls" => "no" + } } ) @@ -198,13 +184,15 @@ The `relayhost` role is applied to the nodes that are relayhosts. Often this is 2 systems using a CNAME of `smtp.example.com`. name "relayhost" - run_list("recipe[postfix]") + run_list("recipe[postfix::server]") override_attributes( "postfix" => { - "mail_relay_networks" => "10.3.3.0/24", "mail_type" => "master", - "mydomain" => "example.com", - "myorigin" => "example.com" + "main" => { + "mynetworks" => [ "10.3.3.0/24", "127.0.0.0/8" ], + "inet-interfaces" => "all", + "mydomain" => "example.com", + "myorigin" => "example.com" } ) @@ -217,14 +205,17 @@ access to SMTP. run_list("recipe[postfix], recipe[postfix::sasl_auth]") override_attributes( "postfix" => { - "mail_relay_networks" => "10.3.3.0/24", "mail_type" => "master", - "mydomain" => "example.com", - "myorigin" => "example.com", - "relayhost" => "[smtp.comcast.net]:587", - "smtp_sasl_auth_enable" => "yes", - "smtp_sasl_passwd" => "your_password", - "smtp_sasl_user_name" => "your_username" + "main" => { + "mynetworks" => "10.3.3.0/24", + "mail_type" => "master", + "mydomain" => "example.com", + "myorigin" => "example.com", + "relayhost" => "[smtp.comcast.net]:587", + "smtp_sasl_auth_enable" => "yes", + "smtp_sasl_passwd" => "your_password", + "smtp_sasl_user_name" => "your_username" + } } ) @@ -241,9 +232,11 @@ If you'd like to use the more dynamic search based approach for discovery, use t run_list("recipe[postfix::server]") override_attributes( "postfix" => { - "mail_relay_networks" => "10.3.3.0/24", - "mydomain" => "example.com", - "myorigin" => "example.com" + "main" => { + "mynetworks" => "10.3.3.0/24", + "mydomain" => "example.com", + "myorigin" => "example.com" + } } ) @@ -254,8 +247,10 @@ Then, add the `postfix::client` recipe to the run list of your `base` role or eq override_attributes( "postfix" => { "mail_type" => "client", - "mydomain" => "example.com", - "myorigin" => "example.com" + "main" => { + "mydomain" => "example.com", + "myorigin" => "example.com" + } } ) @@ -266,9 +261,11 @@ If you wish to use a different role name for the relayhost, then also set the at run_list("recipe[postfix::server]") override_attributes( "postfix" => { - "mail_relay_networks" => "10.3.3.0/24", - "mydomain" => "example.com", - "myorigin" => "example.com" + "main" => { + "mynetworks" => "10.3.3.0/24", + "mydomain" => "example.com", + "myorigin" => "example.com" + } } ) @@ -280,8 +277,10 @@ The base role would look something like this: "postfix" => { "relayhost_role" => "postfix_master", "mail_type" => "client", - "mydomain" => "example.com", - "myorigin" => "example.com" + "main" => { + "mydomain" => "example.com", + "myorigin" => "example.com" + } } ) diff --git a/attributes/default.rb b/attributes/default.rb index ea53cf2..fbdb284 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -15,37 +15,75 @@ # See the License for the specific language governing permissions and # limitations under the License. +# Generic cookbook attributes default['postfix']['mail_type'] = "client" -default['postfix']['myhostname'] = node['fqdn'] -default['postfix']['mydomain'] = node['domain'] -default['postfix']['myorigin'] = "$myhostname" -default['postfix']['relayhost'] = "" -default['postfix']['mail_relay_networks'] = "127.0.0.0/8" -default['postfix']['relayhost_role'] = "relayhost" +default['postfix']['relayhost_role'] = "relayhost" default['postfix']['multi_environment_relay'] = false -default['postfix']['inet_interfaces'] = nil - -default['postfix']['smtpd_use_tls'] = "yes" -default['postfix']['smtp_sasl_auth_enable'] = "no" -default['postfix']['smtp_sasl_password_maps'] = "hash:/etc/postfix/sasl_passwd" -default['postfix']['smtp_sasl_security_options'] = "noanonymous" -default['postfix']['smtp_tls_cafile'] = "/etc/postfix/cacert.pem" -default['postfix']['smtp_use_tls'] = "yes" -default['postfix']['smtp_sasl_user_name'] = "" -default['postfix']['smtp_sasl_passwd'] = "" - default['postfix']['use_procmail'] = false - -default['postfix']['milter_default_action'] = "tempfail" -default['postfix']['milter_protocol'] = "6" -default['postfix']['smtpd_milters'] = "" -default['postfix']['non_smtpd_milters'] = "" - default['postfix']['aliases'] = {} +default['postfix']['main_template_source'] = "postfix" +default['postfix']['master_template_source'] = "postfix" -default['postfix']['sender_canonical_classes'] = nil -default['postfix']['recipient_canonical_classes'] = nil -default['postfix']['canonical_classes'] = nil -default['postfix']['sender_canonical_maps'] = nil -default['postfix']['recipient_canonical_maps'] = nil -default['postfix']['canonical_maps'] = nil +# Non-default main.cf attributes +default['postfix']['main']['biff'] = "no" +default['postfix']['main']['append_dot_mydomain'] = "no" +default['postfix']['main']['myhostname'] = node['fqdn'] +default['postfix']['main']['mydomain'] = node['domain'] +default['postfix']['main']['myorigin'] = "$myhostname" +default['postfix']['main']['mydestination'] = [ node['postfix']['main']['myhostname'], node['hostname'], "localhost.localdomain", "localhost" ] +default['postfix']['main']['smtpd_use_tls'] = "yes" +default['postfix']['main']['smtp_use_tls'] = "yes" +default['postfix']['main']['alias_maps'] = [ "hash:/etc/aliases" ] +default['postfix']['main']['mailbox_size_limit'] = 0 +default['postfix']['main']['recipient_delimiter'] = "+" +default['postfix']['main']['smtp_sasl_auth_enable'] = "no" +default['postfix']['main']['mynetworks'] = "127.0.0.0/8" +default['postfix']['main']['inet_interfaces'] = "loopback-only" + +# Conditional attributes +case node['platform_family'] +when "rhel" + cafile = "/etc/pki/tls/cert.pem" +else + cafile = "/etc/postfix/cacert.pem" +end + +if node['postfix']['use_procmail'] + default['postfix']['main']['mailbox_command'] = '/usr/bin/procmail -a "$EXTENSION"' +end + +if node['postfix']['main']['smtpd_use_tls'] == "yes" + default['postfix']['main']['smtpd_tls_cert_file'] = "/etc/ssl/certs/ssl-cert-snakeoil.pem" + default['postfix']['main']['smtpd_tls_key_file'] = "/etc/ssl/private/ssl-cert-snakeoil.key" + default['postfix']['main']['smtpd_tls_CAfile'] = cafile + default['postfix']['main']['smtpd_tls_session_cache_database'] = "btree:${data_directory}/smtpd_scache" +end + +if node['postfix']['main']['smtp_use_tls'] == "yes" + default['postfix']['main']['smtp_tls_CAfile'] = cafile + default['postfix']['main']['smtp_tls_session_cache_database'] = "btree:${data_directory}/smtp_scache" +end + +if node['postfix']['main']['smtp_sasl_auth_enable'] == "yes" + default['postfix']['main']['smtp_sasl_password_maps'] = "hash:/etc/postfix/sasl_passwd" + default['postfix']['main']['smtp_sasl_security_options'] = "noanonymous" + default['postfix']['sasl']['smtp_sasl_user_name'] = "" + default['postfix']['sasl']['smtp_sasl_passwd'] = "" + default['postfix']['main']['relayhost'] = "" +end + +# Default main.cf attributes according to `postconf -d` +#default['postfix']['main']['relayhost'] = "" +#default['postfix']['main']['milter_default_action'] = "tempfail" +#default['postfix']['main']['milter_protocol'] = "6" +#default['postfix']['main']['smtpd_milters'] = "" +#default['postfix']['main']['non_smtpd_milters'] = "" +#default['postfix']['main']['sender_canonical_classes'] = nil +#default['postfix']['main']['recipient_canonical_classes'] = nil +#default['postfix']['main']['canonical_classes'] = nil +#default['postfix']['main']['sender_canonical_maps'] = nil +#default['postfix']['main']['recipient_canonical_maps'] = nil +#default['postfix']['main']['canonical_maps'] = nil + +# Master.cf attributes +default['postfix']['master']['submission'] = false diff --git a/metadata.rb b/metadata.rb index 5063521..c749b6e 100644 --- a/metadata.rb +++ b/metadata.rb @@ -14,9 +14,9 @@ recipe "postfix::server", "Sets the mail_type attribute to master" supports os end -attribute "postfix", - :display_name => "Postfix", - :description => "Hash of Postfix attributes", +attribute "postfix/main", + :display_name => "postfix/main", + :description => "Hash of Postfix main.cf attributes", :type => "hash" attribute "postfix/aliases", @@ -29,61 +29,6 @@ attribute "postfix/mail_type", :description => "Is this node a client or server?", :default => "client" -attribute "postfix/myhostname", - :display_name => "Postfix Myhostname", - :description => "Sets the myhostname value in main.cf", - :default => "fqdn" - -attribute "postfix/mydomain", - :display_name => "Postfix Mydomain", - :description => "Sets the mydomain value in main.cf", - :default => "domain" - -attribute "postfix/myorigin", - :display_name => "Postfix Myorigin", - :description => "Sets the myorigin value in main.cf", - :default => "$myhostname" - -attribute "postfix/relayhost", - :display_name => "Postfix Relayhost", - :description => "Sets the relayhost value in main.cf", - :default => "" - -attribute "postfix/mail_relay_networks", - :display_name => "Postfix Mail Relay Networks", - :description => "Sets the mynetworks value in main.cf", - :default => "127.0.0.0/8" - -attribute "postfix/smtp_sasl_auth_enable", - :display_name => "Postfix SMTP SASL Auth Enable", - :description => "Enable SMTP SASL Authentication", - :default => "no" - -attribute "postfix/smtp_sasl_password_maps", - :display_name => "Postfix SMTP SASL Password Maps", - :description => "hashmap of SASL passwords", - :default => "hash:/etc/postfix/sasl_passwd" - -attribute "postfix/smtp_sasl_security_options", - :display_name => "Postfix SMTP SASL Security Options", - :description => "Sets the value of smtp_sasl_security_options in main.cf", - :default => "noanonymous" - -attribute "postfix/inet_interfaces", - :display_name => "Postfix listening interfaces", - :description => "Interfaces to listen to, all or loopback-only. default is all for master mail_type, and loopback-only otherwise", - :default => "" - -attribute "postfix/smtp_tls_cafile", - :display_name => "Postfix SMTP TLS CA File", - :description => "CA certificate file for SMTP over TLS", - :default => "/etc/postfix/cacert.pem" - -attribute "postfix/smtp_use_tls", - :display_name => "Postfix SMTP Use TLS?", - :description => "Whether SMTP SASL Auth should use TLS encryption", - :default => "yes" - attribute "postfix/smtp_sasl_user_name", :display_name => "Postfix SMTP SASL Username", :description => "User to auth SMTP via SASL", @@ -94,21 +39,11 @@ attribute "postfix/smtp_sasl_passwd", :description => "Password for smtp_sasl_user_name", :default => "" -attribute "postfix/aliases", - :display_name => "Postfix mail aliases", - :description => "Hash of mail aliases for /etc/aliases", - :default => "" - attribute "postfix/relayhost_role", :display_name => "Postfix Relayhost's role", :description => "String containing the role name", :default => "relayhost" -attribute "postfix/multi_environment_relay", - :display_name => "Postfix Search for relayhost in any environment", - :description => "If true, then the client recipe will search any environment instead of just the node's", - :default => "" - attribute "postfix/use_procmail", :display_name => "Postfix Use procmail?", :description => "Whether procmail should be used as the local delivery agent for a server", diff --git a/recipes/default.rb b/recipes/default.rb index 682f807..3aae475 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -21,12 +21,9 @@ package "postfix" if node['postfix']['use_procmail'] - package "procmail" - end - service "postfix" do supports :status => true, :restart => true, :reload => true action :enable @@ -34,7 +31,6 @@ end case node['platform_family'] when "rhel", "fedora" - service "sendmail" do action :nothing end @@ -45,18 +41,17 @@ when "rhel", "fedora" notifies :start, "service[postfix]" not_if "/usr/bin/test /etc/alternatives/mta -ef /usr/sbin/sendmail.postfix" end - end %w{main master}.each do |cfg| - template "/etc/postfix/#{cfg}.cf" do source "#{cfg}.cf.erb" owner "root" group 0 mode 00644 notifies :restart, "service[postfix]" - + variables(:settings => node['postfix'][cfg]) + cookbook node['postfix']["#{cfg}_template_source"] end end diff --git a/recipes/sasl_auth.rb b/recipes/sasl_auth.rb index 3621c0b..0aaef7e 100644 --- a/recipes/sasl_auth.rb +++ b/recipes/sasl_auth.rb @@ -55,4 +55,5 @@ template "/etc/postfix/sasl_passwd" do mode 0400 notifies :run, "execute[postmap-sasl_passwd]", :immediately notifies :restart, "service[postfix]" + variables(:settings => node['postfix']['sasl']) end diff --git a/recipes/server.rb b/recipes/server.rb index db408fe..164f325 100644 --- a/recipes/server.rb +++ b/recipes/server.rb @@ -19,5 +19,6 @@ # node.override['postfix']['mail_type'] = 'master' +node.override['postfix']['main']['inet_interfaces'] = 'all' include_recipe "postfix" diff --git a/templates/default/main.cf.erb b/templates/default/main.cf.erb index c6f73d0..151d558 100644 --- a/templates/default/main.cf.erb +++ b/templates/default/main.cf.erb @@ -3,66 +3,17 @@ # Configured as <%= node['postfix']['mail_type'] %> ### -biff = no -append_dot_mydomain = no -smtpd_use_tls = <%= node['postfix']['smtpd_use_tls'] %> -<% if node['postfix']['smtpd_use_tls'] == "yes" -%> -smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key -smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache -<% end -%> -smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache -smtp_sasl_auth_enable = <%= node['postfix']['smtp_sasl_auth_enable'] %> -<% if node['postfix']['smtp_sasl_auth_enable'] == "yes" -%> -smtp_sasl_password_maps = <%= node['postfix']['smtp_sasl_password_maps'] %> -smtp_sasl_security_options = <%= node['postfix']['smtp_sasl_security_options'] %> -smtp_tls_CAfile = <%= node['postfix']['smtp_tls_cafile'] %> -smtp_use_tls = <%= node['postfix']['smtp_use_tls'] %> -<% end -%> -myhostname = <%= node['postfix']['myhostname'] %> -<% if node['postfix']['mydomain'] %> -mydomain = <%= node['postfix']['mydomain'] %> -<% end -%> -myorigin = <%= node['postfix']['myorigin'] %> -smtpd_banner = $myhostname ESMTP $mail_name -alias_maps = hash:/etc/aliases -alias_database = hash:/etc/aliases -mydestination = <%= node['postfix']['myhostname'] %>, <%= node['hostname'] %>, localhost.localdomain, localhost -<% if node['postfix']['mail_type'] == "master" -%> -relayhost = -mynetworks = <%= node['postfix']['mail_relay_networks'] %> -inet_interfaces = <%= node['postfix']['inet_interfaces'] || 'all' %> -<% else -%> -relayhost = <%= node['postfix']['relayhost'] %> -mynetworks = <%= node['postfix']['mail_relay_networks'] %> -inet_interfaces = <%= node['postfix']['inet_interfaces'] || 'loopback-only' %> -<% end -%> -<% if node['postfix']['use_procmail'] -%> -mailbox_command = /usr/bin/procmail -a "$EXTENSION" -<% end -%> -mailbox_size_limit = 0 -recipient_delimiter = + - -milter_default_action = <%= node['postfix']['milter_default_action'] %> -milter_protocol = <%= node['postfix']['milter_protocol'] %> -smtpd_milters = <%= node['postfix']['smtpd_milters'] %> -non_smtpd_milters = <%= node['postfix']['non_smtpd_milters'] %> - -<% unless node['postfix']['sender_canonical_classes'].nil? -%> -sender_canonical_classes = <%= node['postfix']['sender_canonical_classes'] %> -<% end -%> -<% unless node['postfix']['recipient_canonical_classes'].nil? -%> -recipient_canonical_classes = <%= node['postfix']['recipient_canonical_classes'] %> -<% end -%> -<% unless node['postfix']['canonical_classes'].nil? -%> -canonical_classes = <%= node['postfix']['canonical_classes'] %> -<% end -%> -<% unless node['postfix']['sender_canonical_maps'].nil? -%> -sender_canonical_maps = <%= node['postfix']['sender_canonical_maps'] %> -<% end -%> -<% unless node['postfix']['recipient_canonical_maps'].nil? -%> -recipient_canonical_maps = <%= node['postfix']['recipient_canonical_maps'] %> -<% end -%> -<% unless node['postfix']['canonical_maps'].nil? -%> -canonical_maps = <%= node['postfix']['canonical_maps'] %> +<% @settings.sort.map do |key, value| -%> +<% if value.kind_of? Array -%> +<%= "#{key} = " -%> +<% value.each do |item| -%> +<% if value.last == item -%> +<%= item %> +<% else -%> +<%= "#{item}, " -%> +<% end -%> +<% end -%> +<% else -%> +<%= "#{key} = #{value}"%> +<% end -%> <% end -%> diff --git a/templates/default/master.cf.erb b/templates/default/master.cf.erb index c18f188..ffa2aa5 100644 --- a/templates/default/master.cf.erb +++ b/templates/default/master.cf.erb @@ -7,10 +7,12 @@ # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd -#submission inet n - n - - smtpd -# -o smtpd_enforce_tls=yes -# -o smtpd_sasl_auth_enable=yes -# -o smtpd_client_restrictions=permit_sasl_authenticated,reject +<% if @settings['submission'] -%> +submission inet n - n - - smtpd + -o smtpd_enforce_tls=yes + -o smtpd_sasl_auth_enable=yes + -o smtpd_client_restrictions=permit_sasl_authenticated,reject +<% end -%> #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes diff --git a/templates/default/sasl_passwd.erb b/templates/default/sasl_passwd.erb index f4fc56d..f8b1507 100644 --- a/templates/default/sasl_passwd.erb +++ b/templates/default/sasl_passwd.erb @@ -1,2 +1,2 @@ # This file is generated by Chef for <%= node['fqdn'] %> -<%= node['postfix']['relayhost'] %> <%= node['postfix']['smtp_sasl_user_name'] %>:<%= node['postfix']['smtp_sasl_passwd'] %> +<%= node['postfix']['main']['relayhost'] %> <%= @settings['smtp_sasl_user_name'] %>:<%= @settings['smtp_sasl_passwd'] %>