[COOK-3328] Refactor main.cf template and attributes

Signed-off-by: Seth Vargo <sethvargo@gmail.com>
2013-08-24 14:04:22 -04:00 · 2013-08-24 14:04:22 -04:00 · 0108248ac4
commit 0108248ac4
parent 3d18ce0e39
10 changed files with 193 additions and 262 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,12 @@
 ## v3.?.?:
 - [COOK-3328]: Refactor main.cf template and attributes for greater flexibility.
 **Breaking changes**:
 - Attributes are namespaced as `node['postfix']`, `node['postfix']['main']`, 
  and `node['postfix']['master']`.
 ## v2.1.6:
 ### Bug
--- a/README.md
+++ b/README.md
@ -23,79 +23,63 @@ Attributes
 See `attributes/default.rb` for default values.
 ## Generic cookbook attributes
 * `node['postfix']['mail_type']` - Sets the kind of mail
  configuration. `master` will set up a server (relayhost).
 * `node['postfix']['myhostname']` - corresponds to the myhostname
  option in `/etc/postfix/main.cf`.
 * `node['postfix']['mydomain']` - corresponds to the mydomain option
  in `/etc/postfix/main.cf`.
 * `node['postfix']['myorigin']` - corresponds to the myorigin option
  in `/etc/postfix/main.cf`.
 * `node['postfix']['relayhost']` - corresponds to the relayhost option
  in `/etc/postfix/main.cf`.
 * `node['postfix']['relayhost_role']` - name of a role used for search
  in the client recipe.
 * `node['postfix']['multi_environment_relay']` - set to true if nodes
  should not constrain search for the relayhost in their own
  environment.
-* `node['postfix']['inet_interfaces']` - if set, corresponds to the
+* `node['postfix']['use_procmail']` - set to true if nodes should use
-  inet_interfaces option in `/etc/postfix/main.cf`. nil by default,
+  procmail as the delivery agent.
  which will result in 'all' for master `mail_type` and
  'loopback-only' for non-master (anything else) `mail_type`.
 * `node['postfix']['mail_relay_networks']` - corresponds to the
  mynetworks option in `/etc/postfix/main.cf`.
 * `node['postfix']['smtpd_use_tls']` - set to "yes" to use TLS for
  SMTPD, which will use the snakeoil certs.
 * `node['postfix']['smtp_sasl_auth_enable']` - set to "yes" to enable
  SASL authentication for SMTP.
 * `node['postfix']['smtp_sasl_password_maps']` - corresponds to the
  `smtp_sasl_password_maps` option in `/etc/postfix/main.cf`.
 * `node['postfix']['smtp_sasl_security_options']` - corresponds to the
  `smtp_sasl_security_options` option in `/etc/postfix/main.cf`.
 * `node['postfix']['smtp_tls_cafile']` - corresponds to the
  `smtp_tls_CAfile` option in `/etc/postfix/main.cf`.
 * `node['postfix']['smtp_use_tls']` - corresponds to the
  `smtp_use_tls` option in `/etc/postfix/main.cf`.
 * `node['postfix']['smtp_sasl_user_name']` - mapped in the
  `sasl_passwd` file as the user to authenticate as.
 * `node['postfix']['smtp_sasl_passwd']` - mapped in the `sasl_passwd`
  file as the password to use.
 * `node['postfix']['aliases']` - hash of aliases to create with
  `recipe[postfix::aliases]`, see below under __Recipes__ for more
  information.
-* `node['postfix']['use_procmail']` - set to true if nodes should use
+* `node['postfix']['main_template_source']` - Cookbook source for main.cf template. Default 'postfix'
-  procmail as the delivery agent (mailbox_command).
+* `node['postfix']['master_template_source']` - Cookbook source for master.cf template. Default 'postfix'
-* `node['postfix']['milter_default_action']` - corresponds to the
+
-  `milter_default_action` option in `/etc/postfix/main.cf`.
+## main.cf and sasl\_passwd template attributes
-* `node['postfix']['milter_protocol']` - corresponds to the
+
-  `milter_protocol` option in `/etc/postfix/main.cf`.
+The main.cf template has been simplified to include any attributes in the `node['postfix']['main']`
-* `node['postfix']['smtpd_milters']` - corresponds to the
+data structure.  The following attributes are still included with this cookbook
-  `smtpd_milters` option in `/etc/postfix/main.cf`.
+to maintain some semblance of backwards compatibility.
-* `node['postfix']['non_smtpd_milters']` - corresponds to the
+
-  `non_smtpd_milters` option in `/etc/postfix/main.cf`.
+This change in namespace to `node['postfix']['main']` should allow for greater flexibility,
-* `node['postfix']['inet_interfaces']` - interfaces to listen to, all
+given the large number of configuration variables for the postfix daemon.  All of these cookbook
-  or loopback-only
+attributes correspond to the option of the same name in `/etc/postfix/main.cf`.
-* `node['postfix']['sender_canonical_classes']` - controls what
+
-  addresses are subject to `sender_canonical_maps` address mapping,
+* `node['postfix']['main']['biff']` - (yes/no); default no 
-  specify one or more of: `envelope_sender`, `header_sender` - defaults to
+* `node['postfix']['main']['append_dot_mydomain']` - (yes/no); default no
-  nil
+* `node['postfix']['main']['myhostname']` - defaults to fqdn from Ohai
-* `node['postfix']['recipient_canonical_classes']` - controls what
+* `node['postfix']['main']['mydomain']` - defaults to domain from Ohai
-  addresses are subject to `recipient_canonical_maps` address mapping,
+* `node['postfix']['main']['myorigin']` - defaults to $myhostname
-  specify one or more of: `envelope_recipient`, `header_recipient` -
+* `node['postfix']['main']['mynetworks']` - default is `127.0.0.0/8`
-  defaults to nil
+* `node['postfix']['main']['inet_interfaces']` - set to `loopback-only`, or `all` for server recipe
-* `node['postfix']['canonical_classes']` - controls what addresses are
+* `node['postfix']['main']['alias_maps']` - set to `hash:/etc/aliases`
-  subject to `canonical_maps` address mapping, specify one or more of:
+* `node['postfix']['main']['mailbox_size_limit']` - set to `0` (disabled)
-  `envelope_sender`, `envelope_recipient`, `header_sender`,
+* `node['postfix']['main']['recipient_delimiter']` - set to `+`
-  `header_recipient` - defaults to nil
+* `node['postfix']['main']['mydestination']` - default fqdn, hostname, localhost.localdomain, localhost
-* `node['postfix']['sender_canonical_maps']` - optional address
+* `node['postfix']['main']['smtpd_use_tls']` - (yes/no); default yes. See conditional cert/key attributes.
-  mapping lookup tables for envelope and header sender addresses, eg.
+  - `node['postfix']['main']['smtpd_tls_cert_file']` - conditional attribute, set to full path of server's x509 certificate.
-  `hash:/etc/postfix/sender_canonical` - defaults to nil
+  - `node['postfix']['main']['smtpd_tls_key_file']` - conditional attribute, set to full path of server's private key
-* `node['postfix']['recipient_canonical_maps']` - optional address
+  - `node['postfix']['main']['smtpd_tls_CAfile']` - set to platform specific CA bundle
-  mapping lookup tables for envelope and header recipient addresses,
+  - `node['postfix']['main']['smtpd_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
-  eg. `hash:/etc/postfix/recipient_canonical` - defaults to nil
+* `node['postfix']['main']['smtp_use_tls']` - (yes/no); default yes.  See following conditional attributes.
-* `node['postfix']['canonical_maps']` - optional address mapping
+  - `node['postfix']['main']['smtp_tls_CAfile']` - set to platform specific CA bundle
-  lookup tables for message headers and envelopes, eg.
+  - `node['postfix']['main']['smtp_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
-  `hash:/etc/postfix/canonical` - defaults to nil
+* `node['postfix']['main']['smtp_sasl_auth_enable']` - (yes/no); default no.  If enabled, see following conditional attributes.
  - `node['postfix']['main']['smtp_sasl_password_maps']` - Set to `hash:/etc/postfix/sasl_passwd` template file 
  - `node['postfix']['main']['smtp_sasl_security_options']` - Set to noanonymous
  - `node['postfix']['main']['relayhost']` - Set to empty string 
  - `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as.  Default empty 
  - `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use.  Default empty. 
 ## master.cf template attributes
 * `node['postfix']['master']['submission'] - Whether to use submission (TCP 587) daemon. (true/false); default false
 Recipes
 =======
@ -115,7 +99,7 @@ client
 ------
 Use this recipe to have nodes automatically search for the mail relay
-based which node has the `node['postfix']['relayhost']` role. Sets the
+based which node has the `node['postfix']['relayhost_role']` role. Sets the
 `node['postfix']['relayhost']` attribute to the first result from the
 search.
@ -168,7 +152,7 @@ is `master`. See __Examples__ for information on how to use
 `recipe[postfix::server]` to do this automatically.
 If you need to use SASL authentication to send mail through your ISP
-(such as on a home network), use `recipe[postfix::sasl_auth]` and set
+(such as on a home network), use `postfix::sasl_auth` and set
 the appropriate attributes.
 For each of these implementations, see __Examples__ for role usage.
@ -185,12 +169,14 @@ The `base` role is applied to all nodes in the environment.
    name "base"
    run_list("recipe[postfix]")
    override_attributes(
      "mail_type" => "client",
      "postfix" => {
-        "mail_type" => "client",
+        "main" => {
-        "mydomain" => "example.com",
+          "mydomain" => "example.com",
-        "myorigin" => "example.com",
+          "myorigin" => "example.com",
-        "relayhost" => "[smtp.example.com]",
+          "relayhost" => "[smtp.example.com]",
-        "smtp_use_tls" => "no"
+          "smtp_use_tls" => "no"
        }
      }
    )
@ -198,13 +184,15 @@ The `relayhost` role is applied to the nodes that are relayhosts.
 Often this is 2 systems using a CNAME of `smtp.example.com`.
    name "relayhost"
-    run_list("recipe[postfix]")
+    run_list("recipe[postfix::server]")
    override_attributes(
      "postfix" => {
        "mail_relay_networks" => "10.3.3.0/24",
        "mail_type" => "master",
-        "mydomain" => "example.com",
+        "main" => {
-        "myorigin" => "example.com"
+          "mynetworks" => [ "10.3.3.0/24", "127.0.0.0/8" ],
          "inet-interfaces" => "all",
          "mydomain" => "example.com",
          "myorigin" => "example.com"
      }
    )
@ -217,14 +205,17 @@ access to SMTP.
    run_list("recipe[postfix], recipe[postfix::sasl_auth]")
    override_attributes(
      "postfix" => {
        "mail_relay_networks" => "10.3.3.0/24",
        "mail_type" => "master",
-        "mydomain" => "example.com",
+        "main" => {
-        "myorigin" => "example.com",
+          "mynetworks" => "10.3.3.0/24",
-        "relayhost" => "[smtp.comcast.net]:587",
+          "mail_type" => "master",
-        "smtp_sasl_auth_enable" => "yes",
+          "mydomain" => "example.com",
-        "smtp_sasl_passwd" => "your_password",
+          "myorigin" => "example.com",
-        "smtp_sasl_user_name" => "your_username"
+          "relayhost" => "[smtp.comcast.net]:587",
          "smtp_sasl_auth_enable" => "yes",
          "smtp_sasl_passwd" => "your_password",
          "smtp_sasl_user_name" => "your_username"
        }
      }
    )
@ -241,9 +232,11 @@ If you'd like to use the more dynamic search based approach for discovery, use t
    run_list("recipe[postfix::server]")
    override_attributes(
      "postfix" => {
-        "mail_relay_networks" => "10.3.3.0/24",
+        "main" => {
-        "mydomain" => "example.com",
+          "mynetworks" => "10.3.3.0/24",
-        "myorigin" => "example.com"
+          "mydomain" => "example.com",
          "myorigin" => "example.com"
        }
      }
    )
@ -254,8 +247,10 @@ Then, add the `postfix::client` recipe to the run list of your `base` role or eq
    override_attributes(
      "postfix" => {
        "mail_type" => "client",
-        "mydomain" => "example.com",
+        "main" => {
-        "myorigin" => "example.com"
+          "mydomain" => "example.com",
          "myorigin" => "example.com"
        }
      }
    )
@ -266,9 +261,11 @@ If you wish to use a different role name for the relayhost, then also set the at
    run_list("recipe[postfix::server]")
    override_attributes(
      "postfix" => {
-        "mail_relay_networks" => "10.3.3.0/24",
+        "main" => {
-        "mydomain" => "example.com",
+          "mynetworks" => "10.3.3.0/24",
-        "myorigin" => "example.com"
+          "mydomain" => "example.com",
          "myorigin" => "example.com"
        }
      }
    )
@ -280,8 +277,10 @@ The base role would look something like this:
      "postfix" => {
        "relayhost_role" => "postfix_master",
        "mail_type" => "client",
-        "mydomain" => "example.com",
+        "main" => {
-        "myorigin" => "example.com"
+          "mydomain" => "example.com",
          "myorigin" => "example.com"
        }
      }
    )
--- a/attributes/default.rb
+++ b/attributes/default.rb
@ -15,37 +15,75 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # Generic cookbook attributes
 default['postfix']['mail_type']  = "client"
-default['postfix']['myhostname'] = node['fqdn']
+default['postfix']['relayhost_role'] = "relayhost"
 default['postfix']['mydomain']   = node['domain']
 default['postfix']['myorigin']   = "$myhostname"
 default['postfix']['relayhost']  = ""
 default['postfix']['mail_relay_networks']        = "127.0.0.0/8"
 default['postfix']['relayhost_role']             = "relayhost"
 default['postfix']['multi_environment_relay'] = false
 default['postfix']['inet_interfaces'] = nil
 default['postfix']['smtpd_use_tls'] = "yes"
 default['postfix']['smtp_sasl_auth_enable'] = "no"
 default['postfix']['smtp_sasl_password_maps']    = "hash:/etc/postfix/sasl_passwd"
 default['postfix']['smtp_sasl_security_options'] = "noanonymous"
 default['postfix']['smtp_tls_cafile'] = "/etc/postfix/cacert.pem"
 default['postfix']['smtp_use_tls']    = "yes"
 default['postfix']['smtp_sasl_user_name'] = ""
 default['postfix']['smtp_sasl_passwd']    = ""
 default['postfix']['use_procmail'] = false
 default['postfix']['milter_default_action']  = "tempfail"
 default['postfix']['milter_protocol']  = "6"
 default['postfix']['smtpd_milters']  = ""
 default['postfix']['non_smtpd_milters']  = ""
 default['postfix']['aliases'] = {}
 default['postfix']['main_template_source'] = "postfix"
 default['postfix']['master_template_source'] = "postfix"
-default['postfix']['sender_canonical_classes'] = nil
+# Non-default main.cf attributes
-default['postfix']['recipient_canonical_classes'] = nil
+default['postfix']['main']['biff'] = "no"
-default['postfix']['canonical_classes'] = nil
+default['postfix']['main']['append_dot_mydomain'] = "no"
-default['postfix']['sender_canonical_maps'] = nil
+default['postfix']['main']['myhostname'] = node['fqdn']
-default['postfix']['recipient_canonical_maps'] = nil
+default['postfix']['main']['mydomain'] = node['domain']
-default['postfix']['canonical_maps'] = nil
+default['postfix']['main']['myorigin'] = "$myhostname"
 default['postfix']['main']['mydestination'] = [ node['postfix']['main']['myhostname'], node['hostname'], "localhost.localdomain", "localhost" ]
 default['postfix']['main']['smtpd_use_tls'] = "yes"
 default['postfix']['main']['smtp_use_tls'] = "yes"
 default['postfix']['main']['alias_maps'] = [ "hash:/etc/aliases" ]
 default['postfix']['main']['mailbox_size_limit'] = 0
 default['postfix']['main']['recipient_delimiter'] = "+"
 default['postfix']['main']['smtp_sasl_auth_enable'] = "no"
 default['postfix']['main']['mynetworks'] = "127.0.0.0/8"
 default['postfix']['main']['inet_interfaces'] = "loopback-only"
 # Conditional attributes
 case node['platform_family']
 when "rhel"
  cafile = "/etc/pki/tls/cert.pem"
 else
  cafile = "/etc/postfix/cacert.pem"
 end
 if node['postfix']['use_procmail']
  default['postfix']['main']['mailbox_command'] = '/usr/bin/procmail -a "$EXTENSION"'
 end
 if node['postfix']['main']['smtpd_use_tls'] == "yes"
  default['postfix']['main']['smtpd_tls_cert_file'] = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
  default['postfix']['main']['smtpd_tls_key_file'] = "/etc/ssl/private/ssl-cert-snakeoil.key"
  default['postfix']['main']['smtpd_tls_CAfile'] = cafile
  default['postfix']['main']['smtpd_tls_session_cache_database'] = "btree:${data_directory}/smtpd_scache"
 end
 if node['postfix']['main']['smtp_use_tls'] == "yes"
  default['postfix']['main']['smtp_tls_CAfile'] = cafile
  default['postfix']['main']['smtp_tls_session_cache_database'] = "btree:${data_directory}/smtp_scache"
 end
 if node['postfix']['main']['smtp_sasl_auth_enable'] == "yes"
  default['postfix']['main']['smtp_sasl_password_maps'] = "hash:/etc/postfix/sasl_passwd"
  default['postfix']['main']['smtp_sasl_security_options'] = "noanonymous"
  default['postfix']['sasl']['smtp_sasl_user_name'] = ""
  default['postfix']['sasl']['smtp_sasl_passwd']    = ""
  default['postfix']['main']['relayhost'] = ""
 end
 # Default main.cf attributes according to `postconf -d`
 #default['postfix']['main']['relayhost'] = ""
 #default['postfix']['main']['milter_default_action']  = "tempfail"
 #default['postfix']['main']['milter_protocol']  = "6"
 #default['postfix']['main']['smtpd_milters']  = ""
 #default['postfix']['main']['non_smtpd_milters']  = ""
 #default['postfix']['main']['sender_canonical_classes'] = nil
 #default['postfix']['main']['recipient_canonical_classes'] = nil
 #default['postfix']['main']['canonical_classes'] = nil
 #default['postfix']['main']['sender_canonical_maps'] = nil
 #default['postfix']['main']['recipient_canonical_maps'] = nil
 #default['postfix']['main']['canonical_maps'] = nil
 # Master.cf attributes
 default['postfix']['master']['submission'] = false
--- a/metadata.rb
+++ b/metadata.rb
@ -14,9 +14,9 @@ recipe            "postfix::server", "Sets the mail_type attribute to master"
  supports os
 end
-attribute "postfix",
+attribute "postfix/main",
-  :display_name => "Postfix",
+  :display_name => "postfix/main",
-  :description => "Hash of Postfix attributes",
+  :description => "Hash of Postfix main.cf attributes",
  :type => "hash"
 attribute "postfix/aliases",
@ -29,61 +29,6 @@ attribute "postfix/mail_type",
  :description => "Is this node a client or server?",
  :default => "client"
 attribute "postfix/myhostname",
  :display_name => "Postfix Myhostname",
  :description => "Sets the myhostname value in main.cf",
  :default => "fqdn"
 attribute "postfix/mydomain",
  :display_name => "Postfix Mydomain",
  :description => "Sets the mydomain value in main.cf",
  :default => "domain"
 attribute "postfix/myorigin",
  :display_name => "Postfix Myorigin",
  :description => "Sets the myorigin value in main.cf",
  :default => "$myhostname"
 attribute "postfix/relayhost",
  :display_name => "Postfix Relayhost",
  :description => "Sets the relayhost value in main.cf",
  :default => ""
 attribute "postfix/mail_relay_networks",
  :display_name => "Postfix Mail Relay Networks",
  :description => "Sets the mynetworks value in main.cf",
  :default => "127.0.0.0/8"
 attribute "postfix/smtp_sasl_auth_enable",
  :display_name => "Postfix SMTP SASL Auth Enable",
  :description => "Enable SMTP SASL Authentication",
  :default => "no"
 attribute "postfix/smtp_sasl_password_maps",
  :display_name => "Postfix SMTP SASL Password Maps",
  :description => "hashmap of SASL passwords",
  :default => "hash:/etc/postfix/sasl_passwd"
 attribute "postfix/smtp_sasl_security_options",
  :display_name => "Postfix SMTP SASL Security Options",
  :description => "Sets the value of smtp_sasl_security_options in main.cf",
  :default => "noanonymous"
 attribute "postfix/inet_interfaces",
  :display_name => "Postfix listening interfaces",
  :description => "Interfaces to listen to, all or loopback-only. default is all for master mail_type, and loopback-only otherwise",
  :default => ""
 attribute "postfix/smtp_tls_cafile",
  :display_name => "Postfix SMTP TLS CA File",
  :description => "CA certificate file for SMTP over TLS",
  :default => "/etc/postfix/cacert.pem"
 attribute "postfix/smtp_use_tls",
  :display_name => "Postfix SMTP Use TLS?",
  :description => "Whether SMTP SASL Auth should use TLS encryption",
  :default => "yes"
 attribute "postfix/smtp_sasl_user_name",
  :display_name => "Postfix SMTP SASL Username",
  :description => "User to auth SMTP via SASL",
@ -94,21 +39,11 @@ attribute "postfix/smtp_sasl_passwd",
  :description => "Password for smtp_sasl_user_name",
  :default => ""
 attribute "postfix/aliases",
  :display_name => "Postfix mail aliases",
  :description => "Hash of mail aliases for /etc/aliases",
  :default => ""
 attribute "postfix/relayhost_role",
  :display_name => "Postfix Relayhost's role",
  :description => "String containing the role name",
  :default => "relayhost"
 attribute "postfix/multi_environment_relay",
  :display_name => "Postfix Search for relayhost in any environment",
  :description => "If true, then the client recipe will search any environment instead of just the node's",
  :default => ""
 attribute "postfix/use_procmail",
  :display_name => "Postfix Use procmail?",
  :description => "Whether procmail should be used as the local delivery agent for a server",
--- a/recipes/default.rb
+++ b/recipes/default.rb
@ -21,12 +21,9 @@
 package "postfix"
 if node['postfix']['use_procmail']
  package "procmail"
 end
 service "postfix" do
  supports :status => true, :restart => true, :reload => true
  action :enable
@ -34,7 +31,6 @@ end
 case node['platform_family']
 when "rhel", "fedora"
  service "sendmail" do
    action :nothing
  end
@ -45,18 +41,17 @@ when "rhel", "fedora"
    notifies :start, "service[postfix]"
    not_if "/usr/bin/test /etc/alternatives/mta -ef /usr/sbin/sendmail.postfix"
  end
 end
 %w{main master}.each do |cfg|
  template "/etc/postfix/#{cfg}.cf" do
    source "#{cfg}.cf.erb"
    owner "root"
    group 0
    mode 00644
    notifies :restart, "service[postfix]"
-
+    variables(:settings => node['postfix'][cfg])
    cookbook node['postfix']["#{cfg}_template_source"]
  end
 end
--- a/recipes/sasl_auth.rb
+++ b/recipes/sasl_auth.rb
@ -55,4 +55,5 @@ template "/etc/postfix/sasl_passwd" do
  mode 0400
  notifies :run, "execute[postmap-sasl_passwd]", :immediately
  notifies :restart, "service[postfix]"
  variables(:settings => node['postfix']['sasl'])
 end
--- a/recipes/server.rb
+++ b/recipes/server.rb
@ -19,5 +19,6 @@
 #
 node.override['postfix']['mail_type'] = 'master'
 node.override['postfix']['main']['inet_interfaces'] = 'all'
 include_recipe "postfix"
--- a/templates/default/main.cf.erb
+++ b/templates/default/main.cf.erb
@ -3,66 +3,17 @@
 # Configured as <%= node['postfix']['mail_type'] %>
 ###
-biff = no
+<% @settings.sort.map do |key, value| -%>
-append_dot_mydomain = no
+<%  if value.kind_of? Array -%>
-smtpd_use_tls = <%= node['postfix']['smtpd_use_tls'] %>
+<%=   "#{key} = " -%>
-<% if node['postfix']['smtpd_use_tls'] == "yes" -%>
+<%    value.each do |item| -%>
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+<%      if value.last == item -%>
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+<%=       item %>
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+<%      else -%>
-<% end -%>
+<%=       "#{item}, " -%>
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+<%      end -%>
-smtp_sasl_auth_enable = <%= node['postfix']['smtp_sasl_auth_enable'] %>
+<%    end -%>
-<% if node['postfix']['smtp_sasl_auth_enable'] == "yes" -%>
+<%  else -%>
-smtp_sasl_password_maps = <%= node['postfix']['smtp_sasl_password_maps'] %>
+<%=   "#{key} = #{value}"%>
-smtp_sasl_security_options = <%= node['postfix']['smtp_sasl_security_options'] %>
+<%  end -%>
 smtp_tls_CAfile = <%= node['postfix']['smtp_tls_cafile'] %>
 smtp_use_tls = <%= node['postfix']['smtp_use_tls'] %>
 <% end -%>
 myhostname = <%= node['postfix']['myhostname'] %>
 <% if node['postfix']['mydomain'] %>
 mydomain = <%= node['postfix']['mydomain'] %>
 <% end -%>
 myorigin = <%= node['postfix']['myorigin'] %>
 smtpd_banner = $myhostname ESMTP $mail_name
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 mydestination = <%= node['postfix']['myhostname'] %>, <%= node['hostname'] %>, localhost.localdomain, localhost
 <% if node['postfix']['mail_type'] == "master" -%>
 relayhost =
 mynetworks = <%= node['postfix']['mail_relay_networks'] %>
 inet_interfaces = <%= node['postfix']['inet_interfaces'] || 'all' %>
 <% else -%>
 relayhost = <%= node['postfix']['relayhost'] %>
 mynetworks = <%= node['postfix']['mail_relay_networks'] %>
 inet_interfaces = <%= node['postfix']['inet_interfaces'] || 'loopback-only' %>
 <% end -%>
 <% if node['postfix']['use_procmail'] -%>
 mailbox_command = /usr/bin/procmail -a "$EXTENSION"
 <% end -%>
 mailbox_size_limit = 0
 recipient_delimiter = +
 milter_default_action = <%= node['postfix']['milter_default_action'] %>
 milter_protocol = <%= node['postfix']['milter_protocol'] %>
 smtpd_milters = <%= node['postfix']['smtpd_milters'] %>
 non_smtpd_milters = <%= node['postfix']['non_smtpd_milters'] %>
 <% unless node['postfix']['sender_canonical_classes'].nil? -%>
 sender_canonical_classes = <%= node['postfix']['sender_canonical_classes'] %>
 <% end -%>
 <% unless node['postfix']['recipient_canonical_classes'].nil? -%>
 recipient_canonical_classes = <%= node['postfix']['recipient_canonical_classes'] %>
 <% end -%>
 <% unless node['postfix']['canonical_classes'].nil? -%>
 canonical_classes = <%= node['postfix']['canonical_classes'] %>
 <% end -%>
 <% unless node['postfix']['sender_canonical_maps'].nil? -%>
 sender_canonical_maps = <%= node['postfix']['sender_canonical_maps'] %>
 <% end -%>
 <% unless node['postfix']['recipient_canonical_maps'].nil? -%>
 recipient_canonical_maps = <%= node['postfix']['recipient_canonical_maps'] %>
 <% end -%>
 <% unless node['postfix']['canonical_maps'].nil? -%>
 canonical_maps = <%= node['postfix']['canonical_maps'] %>
 <% end -%>
--- a/templates/default/master.cf.erb
+++ b/templates/default/master.cf.erb
@ -7,10 +7,12 @@
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
 smtp      inet  n       -       n       -       -       smtpd
-#submission inet n       -       n       -       -       smtpd
+<% if @settings['submission'] -%>
-#  -o smtpd_enforce_tls=yes
+submission inet n       -       n       -       -       smtpd
-#  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_enforce_tls=yes
-#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 <% end -%>
 #smtps     inet  n       -       n       -       -       smtpd
 #  -o smtpd_tls_wrappermode=yes
 #  -o smtpd_sasl_auth_enable=yes
--- a/templates/default/sasl_passwd.erb
+++ b/templates/default/sasl_passwd.erb
@ -1,2 +1,2 @@
 # This file is generated by Chef for <%= node['fqdn'] %>
-<%= node['postfix']['relayhost'] %> <%= node['postfix']['smtp_sasl_user_name'] %>:<%= node['postfix']['smtp_sasl_passwd'] %>
+<%= node['postfix']['main']['relayhost'] %> <%= @settings['smtp_sasl_user_name'] %>:<%= @settings['smtp_sasl_passwd'] %>
`@ -1,2 +1,2 @@`
	`# This file is generated by Chef for <%= node['fqdn'] %>`	`# This file is generated by Chef for <%= node['fqdn'] %>`
	`<%= node['postfix']['relayhost'] %> <%= node['postfix']['smtp_sasl_user_name'] %>:<%= node['postfix']['smtp_sasl_passwd'] %>`	`<%= node['postfix']['main']['relayhost'] %> <%= @settings['smtp_sasl_user_name'] %>:<%= @settings['smtp_sasl_passwd'] %>`