[COOK-3328] Refactor main.cf template and attributes

Signed-off-by: Seth Vargo <sethvargo@gmail.com>

CHANGELOG.md

@@ -1,3 +1,12 @@
+## v3.?.?:
+
+- [COOK-3328]: Refactor main.cf template and attributes for greater flexibility.
+
+**Breaking changes**:
+
+- Attributes are namespaced as `node['postfix']`, `node['postfix']['main']`, 
+  and `node['postfix']['master']`.
+
 ## v2.1.6:
 
 ### Bug

README.md

@@ -23,79 +23,63 @@ Attributes
 
 See `attributes/default.rb` for default values.
 
+
+## Generic cookbook attributes
+
 * `node['postfix']['mail_type']` - Sets the kind of mail
   configuration. `master` will set up a server (relayhost).
-* `node['postfix']['myhostname']` - corresponds to the myhostname
-  option in `/etc/postfix/main.cf`.
-* `node['postfix']['mydomain']` - corresponds to the mydomain option
-  in `/etc/postfix/main.cf`.
-* `node['postfix']['myorigin']` - corresponds to the myorigin option
-  in `/etc/postfix/main.cf`.
-* `node['postfix']['relayhost']` - corresponds to the relayhost option
-  in `/etc/postfix/main.cf`.
 * `node['postfix']['relayhost_role']` - name of a role used for search
   in the client recipe.
 * `node['postfix']['multi_environment_relay']` - set to true if nodes
   should not constrain search for the relayhost in their own
   environment.
-* `node['postfix']['inet_interfaces']` - if set, corresponds to the
+* `node['postfix']['use_procmail']` - set to true if nodes should use
-  inet_interfaces option in `/etc/postfix/main.cf`. nil by default,
+  procmail as the delivery agent.
-  which will result in 'all' for master `mail_type` and
-  'loopback-only' for non-master (anything else) `mail_type`.
-* `node['postfix']['mail_relay_networks']` - corresponds to the
-  mynetworks option in `/etc/postfix/main.cf`.
-* `node['postfix']['smtpd_use_tls']` - set to "yes" to use TLS for
-  SMTPD, which will use the snakeoil certs.
-* `node['postfix']['smtp_sasl_auth_enable']` - set to "yes" to enable
-  SASL authentication for SMTP.
-* `node['postfix']['smtp_sasl_password_maps']` - corresponds to the
-  `smtp_sasl_password_maps` option in `/etc/postfix/main.cf`.
-* `node['postfix']['smtp_sasl_security_options']` - corresponds to the
-  `smtp_sasl_security_options` option in `/etc/postfix/main.cf`.
-* `node['postfix']['smtp_tls_cafile']` - corresponds to the
-  `smtp_tls_CAfile` option in `/etc/postfix/main.cf`.
-* `node['postfix']['smtp_use_tls']` - corresponds to the
-  `smtp_use_tls` option in `/etc/postfix/main.cf`.
-* `node['postfix']['smtp_sasl_user_name']` - mapped in the
-  `sasl_passwd` file as the user to authenticate as.
-* `node['postfix']['smtp_sasl_passwd']` - mapped in the `sasl_passwd`
-  file as the password to use.
 * `node['postfix']['aliases']` - hash of aliases to create with
   `recipe[postfix::aliases]`, see below under __Recipes__ for more
   information.
-* `node['postfix']['use_procmail']` - set to true if nodes should use
+* `node['postfix']['main_template_source']` - Cookbook source for main.cf template. Default 'postfix'
-  procmail as the delivery agent (mailbox_command).
+* `node['postfix']['master_template_source']` - Cookbook source for master.cf template. Default 'postfix'
-* `node['postfix']['milter_default_action']` - corresponds to the
+
-  `milter_default_action` option in `/etc/postfix/main.cf`.
+## main.cf and sasl\_passwd template attributes
-* `node['postfix']['milter_protocol']` - corresponds to the
+
-  `milter_protocol` option in `/etc/postfix/main.cf`.
+The main.cf template has been simplified to include any attributes in the `node['postfix']['main']`
-* `node['postfix']['smtpd_milters']` - corresponds to the
+data structure.  The following attributes are still included with this cookbook
-  `smtpd_milters` option in `/etc/postfix/main.cf`.
+to maintain some semblance of backwards compatibility.
-* `node['postfix']['non_smtpd_milters']` - corresponds to the
+
-  `non_smtpd_milters` option in `/etc/postfix/main.cf`.
+This change in namespace to `node['postfix']['main']` should allow for greater flexibility,
-* `node['postfix']['inet_interfaces']` - interfaces to listen to, all
+given the large number of configuration variables for the postfix daemon.  All of these cookbook
-  or loopback-only
+attributes correspond to the option of the same name in `/etc/postfix/main.cf`.
-* `node['postfix']['sender_canonical_classes']` - controls what
+
-  addresses are subject to `sender_canonical_maps` address mapping,
+* `node['postfix']['main']['biff']` - (yes/no); default no 
-  specify one or more of: `envelope_sender`, `header_sender` - defaults to
+* `node['postfix']['main']['append_dot_mydomain']` - (yes/no); default no
-  nil
+* `node['postfix']['main']['myhostname']` - defaults to fqdn from Ohai
-* `node['postfix']['recipient_canonical_classes']` - controls what
+* `node['postfix']['main']['mydomain']` - defaults to domain from Ohai
-  addresses are subject to `recipient_canonical_maps` address mapping,
+* `node['postfix']['main']['myorigin']` - defaults to $myhostname
-  specify one or more of: `envelope_recipient`, `header_recipient` -
+* `node['postfix']['main']['mynetworks']` - default is `127.0.0.0/8`
-  defaults to nil
+* `node['postfix']['main']['inet_interfaces']` - set to `loopback-only`, or `all` for server recipe
-* `node['postfix']['canonical_classes']` - controls what addresses are
+* `node['postfix']['main']['alias_maps']` - set to `hash:/etc/aliases`
-  subject to `canonical_maps` address mapping, specify one or more of:
+* `node['postfix']['main']['mailbox_size_limit']` - set to `0` (disabled)
-  `envelope_sender`, `envelope_recipient`, `header_sender`,
+* `node['postfix']['main']['recipient_delimiter']` - set to `+`
-  `header_recipient` - defaults to nil
+* `node['postfix']['main']['mydestination']` - default fqdn, hostname, localhost.localdomain, localhost
-* `node['postfix']['sender_canonical_maps']` - optional address
+* `node['postfix']['main']['smtpd_use_tls']` - (yes/no); default yes. See conditional cert/key attributes.
-  mapping lookup tables for envelope and header sender addresses, eg.
+  - `node['postfix']['main']['smtpd_tls_cert_file']` - conditional attribute, set to full path of server's x509 certificate.
-  `hash:/etc/postfix/sender_canonical` - defaults to nil
+  - `node['postfix']['main']['smtpd_tls_key_file']` - conditional attribute, set to full path of server's private key
-* `node['postfix']['recipient_canonical_maps']` - optional address
+  - `node['postfix']['main']['smtpd_tls_CAfile']` - set to platform specific CA bundle
-  mapping lookup tables for envelope and header recipient addresses,
+  - `node['postfix']['main']['smtpd_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
-  eg. `hash:/etc/postfix/recipient_canonical` - defaults to nil
+* `node['postfix']['main']['smtp_use_tls']` - (yes/no); default yes.  See following conditional attributes.
-* `node['postfix']['canonical_maps']` - optional address mapping
+  - `node['postfix']['main']['smtp_tls_CAfile']` - set to platform specific CA bundle
-  lookup tables for message headers and envelopes, eg.
+  - `node['postfix']['main']['smtp_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
-  `hash:/etc/postfix/canonical` - defaults to nil
+* `node['postfix']['main']['smtp_sasl_auth_enable']` - (yes/no); default no.  If enabled, see following conditional attributes.
+  - `node['postfix']['main']['smtp_sasl_password_maps']` - Set to `hash:/etc/postfix/sasl_passwd` template file 
+  - `node['postfix']['main']['smtp_sasl_security_options']` - Set to noanonymous
+  - `node['postfix']['main']['relayhost']` - Set to empty string 
+  - `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as.  Default empty 
+  - `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use.  Default empty. 
+
+## master.cf template attributes
+
+* `node['postfix']['master']['submission'] - Whether to use submission (TCP 587) daemon. (true/false); default false
 
 Recipes
 =======
@@ -115,7 +99,7 @@ client
 ------
 
 Use this recipe to have nodes automatically search for the mail relay
-based which node has the `node['postfix']['relayhost']` role. Sets the
+based which node has the `node['postfix']['relayhost_role']` role. Sets the
 `node['postfix']['relayhost']` attribute to the first result from the
 search.
 
@@ -168,7 +152,7 @@ is `master`. See __Examples__ for information on how to use
 `recipe[postfix::server]` to do this automatically.
 
 If you need to use SASL authentication to send mail through your ISP
-(such as on a home network), use `recipe[postfix::sasl_auth]` and set
+(such as on a home network), use `postfix::sasl_auth` and set
 the appropriate attributes.
 
 For each of these implementations, see __Examples__ for role usage.
@@ -185,24 +169,28 @@ The `base` role is applied to all nodes in the environment.
     name "base"
     run_list("recipe[postfix]")
     override_attributes(
-      "postfix" => {
       "mail_type" => "client",
+      "postfix" => {
+        "main" => {
           "mydomain" => "example.com",
           "myorigin" => "example.com",
           "relayhost" => "[smtp.example.com]",
           "smtp_use_tls" => "no"
         }
+      }
     )
 
 The `relayhost` role is applied to the nodes that are relayhosts.
 Often this is 2 systems using a CNAME of `smtp.example.com`.
 
     name "relayhost"
-    run_list("recipe[postfix]")
+    run_list("recipe[postfix::server]")
     override_attributes(
       "postfix" => {
-        "mail_relay_networks" => "10.3.3.0/24",
         "mail_type" => "master",
+        "main" => {
+          "mynetworks" => [ "10.3.3.0/24", "127.0.0.0/8" ],
+          "inet-interfaces" => "all",
           "mydomain" => "example.com",
           "myorigin" => "example.com"
       }
@@ -217,7 +205,9 @@ access to SMTP.
     run_list("recipe[postfix], recipe[postfix::sasl_auth]")
     override_attributes(
       "postfix" => {
-        "mail_relay_networks" => "10.3.3.0/24",
+        "mail_type" => "master",
+        "main" => {
+          "mynetworks" => "10.3.3.0/24",
           "mail_type" => "master",
           "mydomain" => "example.com",
           "myorigin" => "example.com",
@@ -226,6 +216,7 @@ access to SMTP.
           "smtp_sasl_passwd" => "your_password",
           "smtp_sasl_user_name" => "your_username"
         }
+      }
     )
 
 For an example of using encrypted data bags to encrypt the SASL
@@ -241,10 +232,12 @@ If you'd like to use the more dynamic search based approach for discovery, use t
     run_list("recipe[postfix::server]")
     override_attributes(
       "postfix" => {
-        "mail_relay_networks" => "10.3.3.0/24",
+        "main" => {
+          "mynetworks" => "10.3.3.0/24",
           "mydomain" => "example.com",
           "myorigin" => "example.com"
         }
+      }
     )
 
 Then, add the `postfix::client` recipe to the run list of your `base` role or equivalent role for postfix clients.
@@ -254,9 +247,11 @@ Then, add the `postfix::client` recipe to the run list of your `base` role or eq
     override_attributes(
       "postfix" => {
         "mail_type" => "client",
+        "main" => {
           "mydomain" => "example.com",
           "myorigin" => "example.com"
         }
+      }
     )
 
 If you wish to use a different role name for the relayhost, then also set the attribute in the `base` role. For example, `postfix_master` as the role name:
@@ -266,10 +261,12 @@ If you wish to use a different role name for the relayhost, then also set the at
     run_list("recipe[postfix::server]")
     override_attributes(
       "postfix" => {
-        "mail_relay_networks" => "10.3.3.0/24",
+        "main" => {
+          "mynetworks" => "10.3.3.0/24",
           "mydomain" => "example.com",
           "myorigin" => "example.com"
         }
+      }
     )
 
 The base role would look something like this:
@@ -280,9 +277,11 @@ The base role would look something like this:
       "postfix" => {
         "relayhost_role" => "postfix_master",
         "mail_type" => "client",
+        "main" => {
           "mydomain" => "example.com",
           "myorigin" => "example.com"
         }
+      }
     )
 
 License and Author

attributes/default.rb

@@ -15,37 +15,75 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# Generic cookbook attributes
 default['postfix']['mail_type']  = "client"
-default['postfix']['myhostname'] = node['fqdn']
-default['postfix']['mydomain']   = node['domain']
-default['postfix']['myorigin']   = "$myhostname"
-default['postfix']['relayhost']  = ""
-default['postfix']['mail_relay_networks']        = "127.0.0.0/8"
 default['postfix']['relayhost_role'] = "relayhost"
 default['postfix']['multi_environment_relay'] = false
-default['postfix']['inet_interfaces'] = nil
-
-default['postfix']['smtpd_use_tls'] = "yes"
-default['postfix']['smtp_sasl_auth_enable'] = "no"
-default['postfix']['smtp_sasl_password_maps']    = "hash:/etc/postfix/sasl_passwd"
-default['postfix']['smtp_sasl_security_options'] = "noanonymous"
-default['postfix']['smtp_tls_cafile'] = "/etc/postfix/cacert.pem"
-default['postfix']['smtp_use_tls']    = "yes"
-default['postfix']['smtp_sasl_user_name'] = ""
-default['postfix']['smtp_sasl_passwd']    = ""
-
 default['postfix']['use_procmail'] = false
-
-default['postfix']['milter_default_action']  = "tempfail"
-default['postfix']['milter_protocol']  = "6"
-default['postfix']['smtpd_milters']  = ""
-default['postfix']['non_smtpd_milters']  = ""
-
 default['postfix']['aliases'] = {}
+default['postfix']['main_template_source'] = "postfix"
+default['postfix']['master_template_source'] = "postfix"
 
-default['postfix']['sender_canonical_classes'] = nil
+# Non-default main.cf attributes
-default['postfix']['recipient_canonical_classes'] = nil
+default['postfix']['main']['biff'] = "no"
-default['postfix']['canonical_classes'] = nil
+default['postfix']['main']['append_dot_mydomain'] = "no"
-default['postfix']['sender_canonical_maps'] = nil
+default['postfix']['main']['myhostname'] = node['fqdn']
-default['postfix']['recipient_canonical_maps'] = nil
+default['postfix']['main']['mydomain'] = node['domain']
-default['postfix']['canonical_maps'] = nil
+default['postfix']['main']['myorigin'] = "$myhostname"
+default['postfix']['main']['mydestination'] = [ node['postfix']['main']['myhostname'], node['hostname'], "localhost.localdomain", "localhost" ]
+default['postfix']['main']['smtpd_use_tls'] = "yes"
+default['postfix']['main']['smtp_use_tls'] = "yes"
+default['postfix']['main']['alias_maps'] = [ "hash:/etc/aliases" ]
+default['postfix']['main']['mailbox_size_limit'] = 0
+default['postfix']['main']['recipient_delimiter'] = "+"
+default['postfix']['main']['smtp_sasl_auth_enable'] = "no"
+default['postfix']['main']['mynetworks'] = "127.0.0.0/8"
+default['postfix']['main']['inet_interfaces'] = "loopback-only"
+
+# Conditional attributes
+case node['platform_family']
+when "rhel"
+  cafile = "/etc/pki/tls/cert.pem"
+else
+  cafile = "/etc/postfix/cacert.pem"
+end
+
+if node['postfix']['use_procmail']
+  default['postfix']['main']['mailbox_command'] = '/usr/bin/procmail -a "$EXTENSION"'
+end
+
+if node['postfix']['main']['smtpd_use_tls'] == "yes"
+  default['postfix']['main']['smtpd_tls_cert_file'] = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+  default['postfix']['main']['smtpd_tls_key_file'] = "/etc/ssl/private/ssl-cert-snakeoil.key"
+  default['postfix']['main']['smtpd_tls_CAfile'] = cafile
+  default['postfix']['main']['smtpd_tls_session_cache_database'] = "btree:${data_directory}/smtpd_scache"
+end
+
+if node['postfix']['main']['smtp_use_tls'] == "yes"
+  default['postfix']['main']['smtp_tls_CAfile'] = cafile
+  default['postfix']['main']['smtp_tls_session_cache_database'] = "btree:${data_directory}/smtp_scache"
+end
+
+if node['postfix']['main']['smtp_sasl_auth_enable'] == "yes"
+  default['postfix']['main']['smtp_sasl_password_maps'] = "hash:/etc/postfix/sasl_passwd"
+  default['postfix']['main']['smtp_sasl_security_options'] = "noanonymous"
+  default['postfix']['sasl']['smtp_sasl_user_name'] = ""
+  default['postfix']['sasl']['smtp_sasl_passwd']    = ""
+  default['postfix']['main']['relayhost'] = ""
+end
+
+# Default main.cf attributes according to `postconf -d`
+#default['postfix']['main']['relayhost'] = ""
+#default['postfix']['main']['milter_default_action']  = "tempfail"
+#default['postfix']['main']['milter_protocol']  = "6"
+#default['postfix']['main']['smtpd_milters']  = ""
+#default['postfix']['main']['non_smtpd_milters']  = ""
+#default['postfix']['main']['sender_canonical_classes'] = nil
+#default['postfix']['main']['recipient_canonical_classes'] = nil
+#default['postfix']['main']['canonical_classes'] = nil
+#default['postfix']['main']['sender_canonical_maps'] = nil
+#default['postfix']['main']['recipient_canonical_maps'] = nil
+#default['postfix']['main']['canonical_maps'] = nil
+
+# Master.cf attributes
+default['postfix']['master']['submission'] = false

metadata.rb

@@ -14,9 +14,9 @@ recipe            "postfix::server", "Sets the mail_type attribute to master"
   supports os
 end
 
-attribute "postfix",
+attribute "postfix/main",
-  :display_name => "Postfix",
+  :display_name => "postfix/main",
-  :description => "Hash of Postfix attributes",
+  :description => "Hash of Postfix main.cf attributes",
   :type => "hash"
 
 attribute "postfix/aliases",
@@ -29,61 +29,6 @@ attribute "postfix/mail_type",
   :description => "Is this node a client or server?",
   :default => "client"
 
-attribute "postfix/myhostname",
-  :display_name => "Postfix Myhostname",
-  :description => "Sets the myhostname value in main.cf",
-  :default => "fqdn"
-
-attribute "postfix/mydomain",
-  :display_name => "Postfix Mydomain",
-  :description => "Sets the mydomain value in main.cf",
-  :default => "domain"
-
-attribute "postfix/myorigin",
-  :display_name => "Postfix Myorigin",
-  :description => "Sets the myorigin value in main.cf",
-  :default => "$myhostname"
-
-attribute "postfix/relayhost",
-  :display_name => "Postfix Relayhost",
-  :description => "Sets the relayhost value in main.cf",
-  :default => ""
-
-attribute "postfix/mail_relay_networks",
-  :display_name => "Postfix Mail Relay Networks",
-  :description => "Sets the mynetworks value in main.cf",
-  :default => "127.0.0.0/8"
-
-attribute "postfix/smtp_sasl_auth_enable",
-  :display_name => "Postfix SMTP SASL Auth Enable",
-  :description => "Enable SMTP SASL Authentication",
-  :default => "no"
-
-attribute "postfix/smtp_sasl_password_maps",
-  :display_name => "Postfix SMTP SASL Password Maps",
-  :description => "hashmap of SASL passwords",
-  :default => "hash:/etc/postfix/sasl_passwd"
-
-attribute "postfix/smtp_sasl_security_options",
-  :display_name => "Postfix SMTP SASL Security Options",
-  :description => "Sets the value of smtp_sasl_security_options in main.cf",
-  :default => "noanonymous"
-
-attribute "postfix/inet_interfaces",
-  :display_name => "Postfix listening interfaces",
-  :description => "Interfaces to listen to, all or loopback-only. default is all for master mail_type, and loopback-only otherwise",
-  :default => ""
-
-attribute "postfix/smtp_tls_cafile",
-  :display_name => "Postfix SMTP TLS CA File",
-  :description => "CA certificate file for SMTP over TLS",
-  :default => "/etc/postfix/cacert.pem"
-
-attribute "postfix/smtp_use_tls",
-  :display_name => "Postfix SMTP Use TLS?",
-  :description => "Whether SMTP SASL Auth should use TLS encryption",
-  :default => "yes"
-
 attribute "postfix/smtp_sasl_user_name",
   :display_name => "Postfix SMTP SASL Username",
   :description => "User to auth SMTP via SASL",
@@ -94,21 +39,11 @@ attribute "postfix/smtp_sasl_passwd",
   :description => "Password for smtp_sasl_user_name",
   :default => ""
 
-attribute "postfix/aliases",
-  :display_name => "Postfix mail aliases",
-  :description => "Hash of mail aliases for /etc/aliases",
-  :default => ""
-
 attribute "postfix/relayhost_role",
   :display_name => "Postfix Relayhost's role",
   :description => "String containing the role name",
   :default => "relayhost"
 
-attribute "postfix/multi_environment_relay",
-  :display_name => "Postfix Search for relayhost in any environment",
-  :description => "If true, then the client recipe will search any environment instead of just the node's",
-  :default => ""
-  
 attribute "postfix/use_procmail",
   :display_name => "Postfix Use procmail?",
   :description => "Whether procmail should be used as the local delivery agent for a server",

recipes/default.rb

@@ -21,12 +21,9 @@
 package "postfix"
 
 if node['postfix']['use_procmail']
-
   package "procmail"
-
 end
 
-
 service "postfix" do
   supports :status => true, :restart => true, :reload => true
   action :enable
@@ -34,7 +31,6 @@ end
 
 case node['platform_family']
 when "rhel", "fedora"
-
   service "sendmail" do
     action :nothing
   end
@@ -45,18 +41,17 @@ when "rhel", "fedora"
     notifies :start, "service[postfix]"
     not_if "/usr/bin/test /etc/alternatives/mta -ef /usr/sbin/sendmail.postfix"
   end
-
 end
 
 %w{main master}.each do |cfg|
-
   template "/etc/postfix/#{cfg}.cf" do
     source "#{cfg}.cf.erb"
     owner "root"
     group 0
     mode 00644
     notifies :restart, "service[postfix]"
-
+    variables(:settings => node['postfix'][cfg])
+    cookbook node['postfix']["#{cfg}_template_source"]
   end
 end
 

recipes/sasl_auth.rb

@@ -55,4 +55,5 @@ template "/etc/postfix/sasl_passwd" do
   mode 0400
   notifies :run, "execute[postmap-sasl_passwd]", :immediately
   notifies :restart, "service[postfix]"
+  variables(:settings => node['postfix']['sasl'])
 end

recipes/server.rb

@@ -19,5 +19,6 @@
 #
 
 node.override['postfix']['mail_type'] = 'master'
+node.override['postfix']['main']['inet_interfaces'] = 'all'
 
 include_recipe "postfix"

templates/default/main.cf.erb

@@ -3,66 +3,17 @@
 # Configured as <%= node['postfix']['mail_type'] %>
 ###
 
-biff = no
+<% @settings.sort.map do |key, value| -%>
-append_dot_mydomain = no
+<%  if value.kind_of? Array -%>
-smtpd_use_tls = <%= node['postfix']['smtpd_use_tls'] %>
+<%=   "#{key} = " -%>
-<% if node['postfix']['smtpd_use_tls'] == "yes" -%>
+<%    value.each do |item| -%>
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+<%      if value.last == item -%>
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+<%=       item %>
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-<% end -%>
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-smtp_sasl_auth_enable = <%= node['postfix']['smtp_sasl_auth_enable'] %>
-<% if node['postfix']['smtp_sasl_auth_enable'] == "yes" -%>
-smtp_sasl_password_maps = <%= node['postfix']['smtp_sasl_password_maps'] %>
-smtp_sasl_security_options = <%= node['postfix']['smtp_sasl_security_options'] %>
-smtp_tls_CAfile = <%= node['postfix']['smtp_tls_cafile'] %>
-smtp_use_tls = <%= node['postfix']['smtp_use_tls'] %>
-<% end -%>
-myhostname = <%= node['postfix']['myhostname'] %>
-<% if node['postfix']['mydomain'] %>
-mydomain = <%= node['postfix']['mydomain'] %>
-<% end -%>
-myorigin = <%= node['postfix']['myorigin'] %>
-smtpd_banner = $myhostname ESMTP $mail_name
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-mydestination = <%= node['postfix']['myhostname'] %>, <%= node['hostname'] %>, localhost.localdomain, localhost
-<% if node['postfix']['mail_type'] == "master" -%>
-relayhost =
-mynetworks = <%= node['postfix']['mail_relay_networks'] %>
-inet_interfaces = <%= node['postfix']['inet_interfaces'] || 'all' %>
 <%      else -%>
-relayhost = <%= node['postfix']['relayhost'] %>
+<%=       "#{item}, " -%>
-mynetworks = <%= node['postfix']['mail_relay_networks'] %>
-inet_interfaces = <%= node['postfix']['inet_interfaces'] || 'loopback-only' %>
 <%      end -%>
-<% if node['postfix']['use_procmail'] -%>
-mailbox_command = /usr/bin/procmail -a "$EXTENSION"
 <%    end -%>
-mailbox_size_limit = 0
+<%  else -%>
-recipient_delimiter = +
+<%=   "#{key} = #{value}"%>
-
-milter_default_action = <%= node['postfix']['milter_default_action'] %>
-milter_protocol = <%= node['postfix']['milter_protocol'] %>
-smtpd_milters = <%= node['postfix']['smtpd_milters'] %>
-non_smtpd_milters = <%= node['postfix']['non_smtpd_milters'] %>
-
-<% unless node['postfix']['sender_canonical_classes'].nil? -%>
-sender_canonical_classes = <%= node['postfix']['sender_canonical_classes'] %>
 <%  end -%>
-<% unless node['postfix']['recipient_canonical_classes'].nil? -%>
-recipient_canonical_classes = <%= node['postfix']['recipient_canonical_classes'] %>
-<% end -%>
-<% unless node['postfix']['canonical_classes'].nil? -%>
-canonical_classes = <%= node['postfix']['canonical_classes'] %>
-<% end -%>
-<% unless node['postfix']['sender_canonical_maps'].nil? -%>
-sender_canonical_maps = <%= node['postfix']['sender_canonical_maps'] %>
-<% end -%>
-<% unless node['postfix']['recipient_canonical_maps'].nil? -%>
-recipient_canonical_maps = <%= node['postfix']['recipient_canonical_maps'] %>
-<% end -%>
-<% unless node['postfix']['canonical_maps'].nil? -%>
-canonical_maps = <%= node['postfix']['canonical_maps'] %>
 <% end -%>

templates/default/master.cf.erb

@@ -7,10 +7,12 @@
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
 smtp      inet  n       -       n       -       -       smtpd
-#submission inet n       -       n       -       -       smtpd
+<% if @settings['submission'] -%>
-#  -o smtpd_enforce_tls=yes
+submission inet n       -       n       -       -       smtpd
-#  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_enforce_tls=yes
-#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+<% end -%>
 #smtps     inet  n       -       n       -       -       smtpd
 #  -o smtpd_tls_wrappermode=yes
 #  -o smtpd_sasl_auth_enable=yes

templates/default/sasl_passwd.erb

@@ -1,2 +1,2 @@
 # This file is generated by Chef for <%= node['fqdn'] %>
-<%= node['postfix']['relayhost'] %> <%= node['postfix']['smtp_sasl_user_name'] %>:<%= node['postfix']['smtp_sasl_passwd'] %>
+<%= node['postfix']['main']['relayhost'] %> <%= @settings['smtp_sasl_user_name'] %>:<%= @settings['smtp_sasl_passwd'] %>