diff --git a/README.md b/README.md index ec530ee..9d49063 100644 --- a/README.md +++ b/README.md @@ -84,9 +84,74 @@ Example of json role config, for setup *_map_entries: `}` ### master.cf template attributes -* `node['postfix']['master']['submission'] - Whether to use submission (TCP 587) daemon. (true/false); default false +The master.cf template has been changed to allow full customization of the file content. For purpose of backwards compatibility default attributes generate the same master.cf. But via `node['postfix']['master']` data structure in your role for instance it can be completelly rewritten. +Examples of json role config, for customize master.cf: + +`postfix : {` + +`...` + +turn some services off or on: +```json + "master" : { + "smtps": { + "active": true + }, + "old-cyrus": { + "active": false + }, + "cyrus": { + "active": false + }, + "uucp": { + "active": false + }, + "ifmail": { + "active": false + }, +``` + +`...` +define you own service: +```json + "spamfilter": { + "comment": "My own spamfilter", + "active": true, + "order": 590, + "type": "unix", + "unpriv": false, + "chroot": false, + "command": "pipe", + "args": ["flags=Rq user=spamd argv=/usr/bin/spamfilter.sh -oi -f ${sender} ${recipient}"] + } +``` + +`...` + +` }` +`}` + +The possible service hash fields and their meanings: +hash key - have to be unique, unless you wish to override default definition. + +| Field | Mandatory | Description | +| ----------- | --------- |-------------------------------------------------------------------------| +|active | Yes | Boolean. Defines whether or not the service needs to be in master.cf | +|comment | No | If you would like to add a comment line before service line | +|order | Yes | Number to define the order of lines in the file | +|type | Yes | Type of the service (inet, unix, fifo) | +|private | No | Boolean. If present replaced by `y` or `n`, otherwise by `-` | +|unpriv | No | Boolean. If present replaced by `y` or `n`, otherwise by `-` | +|chroot | No | Boolean. If present replaced by `y` or `n`, otherwise by `-` | +|wakeup | No | String. If present value placed in file, otherwise replaced by `-` | +|maxproc | No | String. If present value placed in file, otherwise replaced by `-` | +|command | Yes | String. The command to be executed. | +|args | Yes | String. Arguments passed to command. | + +For more information about meaning of the fields consult `master (5)` manual: +http://www.postfix.org/master.5.html Recipes ------- ### default diff --git a/attributes/default.rb b/attributes/default.rb index d3b857b..b527d6c 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -118,7 +118,261 @@ end # default['postfix']['main']['canonical_maps'] = nil # Master.cf attributes -default['postfix']['master']['submission'] = false +default['postfix']['master']['smtp']['active'] = true +default['postfix']['master']['smtp']['order'] = 10 +default['postfix']['master']['smtp']['type'] = 'inet' +default['postfix']['master']['smtp']['private'] = false +default['postfix']['master']['smtp']['chroot'] = false +default['postfix']['master']['smtp']['command'] = 'smtpd' +default['postfix']['master']['smtp']['args'] = [] + +default['postfix']['master']['submission']['active'] = false +default['postfix']['master']['submission']['order'] = 20 +default['postfix']['master']['submission']['type'] = 'inet' +default['postfix']['master']['submission']['private'] = false +default['postfix']['master']['submission']['chroot'] = false +default['postfix']['master']['submission']['command'] = 'smtpd' +default['postfix']['master']['submission']['args'] = ['-o smtpd_enforce_tls=yes', ' -o smtpd_sasl_auth_enable=yes', '-o smtpd_client_restrictions=permit_sasl_authenticated,reject'] + +default['postfix']['master']['smtps']['active'] = false +default['postfix']['master']['smtps']['order'] = 30 +default['postfix']['master']['smtps']['type'] = 'inet' +default['postfix']['master']['smtps']['private'] = false +default['postfix']['master']['smtps']['chroot'] = false +default['postfix']['master']['smtps']['command'] = 'smtpd' +default['postfix']['master']['smtps']['args'] = ['-o smtpd_tls_wrappermode=yes', '-o smtpd_sasl_auth_enable=yes', '-o smtpd_client_restrictions=permit_sasl_authenticated,reject'] + +default['postfix']['master']['628']['active'] = false +default['postfix']['master']['628']['order'] = 40 +default['postfix']['master']['628']['type'] = 'inet' +default['postfix']['master']['628']['private'] = false +default['postfix']['master']['628']['chroot'] = false +default['postfix']['master']['628']['command'] = 'qmqpdd' +default['postfix']['master']['628']['args'] = [] + +default['postfix']['master']['pickup']['active'] = true +default['postfix']['master']['pickup']['order'] = 50 +default['postfix']['master']['pickup']['type'] = 'fifo' +default['postfix']['master']['pickup']['private'] = false +default['postfix']['master']['pickup']['chroot'] = false +default['postfix']['master']['pickup']['wakeup'] = '60' +default['postfix']['master']['pickup']['maxproc'] = '1' +default['postfix']['master']['pickup']['command'] = 'pickup' +default['postfix']['master']['pickup']['args'] = [] + +default['postfix']['master']['cleanup']['active'] = true +default['postfix']['master']['cleanup']['order'] = 60 +default['postfix']['master']['cleanup']['type'] = 'unix' +default['postfix']['master']['cleanup']['private'] = false +default['postfix']['master']['cleanup']['chroot'] = false +default['postfix']['master']['cleanup']['maxproc'] = '0' +default['postfix']['master']['cleanup']['command'] = 'cleanup' +default['postfix']['master']['cleanup']['args'] = [] + +default['postfix']['master']['qmgr']['active'] = true +default['postfix']['master']['qmgr']['order'] = 70 +default['postfix']['master']['qmgr']['type'] = 'fifo' +default['postfix']['master']['qmgr']['private'] = false +default['postfix']['master']['qmgr']['chroot'] = false +default['postfix']['master']['qmgr']['wakeup'] = '300' +default['postfix']['master']['qmgr']['maxproc'] = '1' +default['postfix']['master']['qmgr']['command'] = 'qmgr' +default['postfix']['master']['qmgr']['args'] = [] + +default['postfix']['master']['tlsmgr']['active'] = true +default['postfix']['master']['tlsmgr']['order'] = 80 +default['postfix']['master']['tlsmgr']['type'] = 'unix' +default['postfix']['master']['tlsmgr']['chroot'] = false +default['postfix']['master']['tlsmgr']['wakeup'] = '1000?' +default['postfix']['master']['tlsmgr']['maxproc'] = '1' +default['postfix']['master']['tlsmgr']['command'] = 'tlsmgr' +default['postfix']['master']['tlsmgr']['args'] = [] + +default['postfix']['master']['rewrite']['active'] = true +default['postfix']['master']['rewrite']['order'] = 90 +default['postfix']['master']['rewrite']['type'] = 'unix' +default['postfix']['master']['rewrite']['chroot'] = false +default['postfix']['master']['rewrite']['command'] = 'trivial-rewrite' +default['postfix']['master']['rewrite']['args'] = [] + +default['postfix']['master']['bounce']['active'] = true +default['postfix']['master']['bounce']['order'] = 100 +default['postfix']['master']['bounce']['type'] = 'unix' +default['postfix']['master']['bounce']['chroot'] = false +default['postfix']['master']['bounce']['maxproc'] = '0' +default['postfix']['master']['bounce']['command'] = 'bounce' +default['postfix']['master']['bounce']['args'] = [] + +default['postfix']['master']['defer']['active'] = true +default['postfix']['master']['defer']['order'] = 110 +default['postfix']['master']['defer']['type'] = 'unix' +default['postfix']['master']['defer']['chroot'] = false +default['postfix']['master']['defer']['maxproc'] = '0' +default['postfix']['master']['defer']['command'] = 'bounce' +default['postfix']['master']['defer']['args'] = [] + +default['postfix']['master']['trace']['active'] = true +default['postfix']['master']['trace']['order'] = 120 +default['postfix']['master']['trace']['type'] = 'unix' +default['postfix']['master']['trace']['chroot'] = false +default['postfix']['master']['trace']['maxproc'] = '0' +default['postfix']['master']['trace']['command'] = 'bounce' +default['postfix']['master']['trace']['args'] = [] + +default['postfix']['master']['verify']['active'] = true +default['postfix']['master']['verify']['order'] = 130 +default['postfix']['master']['verify']['type'] = 'unix' +default['postfix']['master']['verify']['chroot'] = false +default['postfix']['master']['verify']['maxproc'] = '1' +default['postfix']['master']['verify']['command'] = 'verify' +default['postfix']['master']['verify']['args'] = [] + +default['postfix']['master']['flush']['active'] = true +default['postfix']['master']['flush']['order'] = 140 +default['postfix']['master']['flush']['type'] = 'unix' +default['postfix']['master']['flush']['private'] = false +default['postfix']['master']['flush']['chroot'] = false +default['postfix']['master']['flush']['wakeup'] = '1000?' +default['postfix']['master']['flush']['maxproc'] = '0' +default['postfix']['master']['flush']['command'] = 'flush' +default['postfix']['master']['flush']['args'] = [] + +default['postfix']['master']['proxymap']['active'] = true +default['postfix']['master']['proxymap']['order'] = 150 +default['postfix']['master']['proxymap']['type'] = 'unix' +default['postfix']['master']['proxymap']['chroot'] = false +default['postfix']['master']['proxymap']['command'] = 'proxymap' +default['postfix']['master']['proxymap']['args'] = [] + +default['postfix']['master']['smtpunix']['service'] = 'smtp' +default['postfix']['master']['smtpunix']['active'] = true +default['postfix']['master']['smtpunix']['order'] = 160 +default['postfix']['master']['smtpunix']['type'] = 'unix' +default['postfix']['master']['smtpunix']['chroot'] = false +default['postfix']['master']['smtpunix']['maxproc'] = '500' +default['postfix']['master']['smtpunix']['command'] = 'smtp' +default['postfix']['master']['smtpunix']['args'] = [] + +default['postfix']['master']['relay']['active'] = true +default['postfix']['master']['relay']['comment'] = 'When relaying mail as backup MX, disable fallback_relay to avoid MX loops' +default['postfix']['master']['relay']['order'] = 170 +default['postfix']['master']['relay']['type'] = 'unix' +default['postfix']['master']['relay']['chroot'] = false +default['postfix']['master']['relay']['command'] = 'smtp' +default['postfix']['master']['relay']['args'] = ['-o smtp_fallback_relay='] + +default['postfix']['master']['showq']['active'] = true +default['postfix']['master']['showq']['order'] = 180 +default['postfix']['master']['showq']['type'] = 'unix' +default['postfix']['master']['showq']['private'] = false +default['postfix']['master']['showq']['chroot'] = false +default['postfix']['master']['showq']['command'] = 'showq' +default['postfix']['master']['showq']['args'] = [] + +default['postfix']['master']['error']['active'] = true +default['postfix']['master']['error']['order'] = 190 +default['postfix']['master']['error']['type'] = 'unix' +default['postfix']['master']['error']['chroot'] = false +default['postfix']['master']['error']['command'] = 'error' +default['postfix']['master']['error']['args'] = [] + +default['postfix']['master']['discard']['active'] = true +default['postfix']['master']['discard']['order'] = 200 +default['postfix']['master']['discard']['type'] = 'unix' +default['postfix']['master']['discard']['chroot'] = false +default['postfix']['master']['discard']['command'] = 'discard' +default['postfix']['master']['discard']['args'] = [] + +default['postfix']['master']['local']['active'] = true +default['postfix']['master']['local']['order'] = 210 +default['postfix']['master']['local']['type'] = 'unix' +default['postfix']['master']['local']['unpriv'] = false +default['postfix']['master']['local']['chroot'] = false +default['postfix']['master']['local']['command'] = 'local' +default['postfix']['master']['local']['args'] = [] + +default['postfix']['master']['virtual']['active'] = true +default['postfix']['master']['virtual']['order'] = 220 +default['postfix']['master']['virtual']['type'] = 'unix' +default['postfix']['master']['virtual']['unpriv'] = false +default['postfix']['master']['virtual']['chroot'] = false +default['postfix']['master']['virtual']['command'] = 'virtual' +default['postfix']['master']['virtual']['args'] = [] + +default['postfix']['master']['lmtp']['active'] = true +default['postfix']['master']['lmtp']['order'] = 230 +default['postfix']['master']['lmtp']['type'] = 'unix' +default['postfix']['master']['lmtp']['chroot'] = false +default['postfix']['master']['lmtp']['command'] = 'lmtp' +default['postfix']['master']['lmtp']['args'] = [] + +default['postfix']['master']['anvil']['active'] = true +default['postfix']['master']['anvil']['order'] = 240 +default['postfix']['master']['anvil']['type'] = 'unix' +default['postfix']['master']['anvil']['chroot'] = false +default['postfix']['master']['anvil']['maxproc'] = '1' +default['postfix']['master']['anvil']['command'] = 'anvil' +default['postfix']['master']['anvil']['args'] = [] + +default['postfix']['master']['scache']['active'] = true +default['postfix']['master']['scache']['order'] = 250 +default['postfix']['master']['scache']['type'] = 'unix' +default['postfix']['master']['scache']['chroot'] = false +default['postfix']['master']['scache']['maxproc'] = '1' +default['postfix']['master']['scache']['command'] = 'scache' +default['postfix']['master']['scache']['args'] = [] + +default['postfix']['master']['maildrop']['active'] = true +default['postfix']['master']['maildrop']['comment'] = 'See the Postfix MAILDROP_README file for details. To main.cf will be added: maildrop_destination_recipient_limit=1' +default['postfix']['master']['maildrop']['order'] = 510 +default['postfix']['master']['maildrop']['type'] = 'unix' +default['postfix']['master']['maildrop']['unpriv'] = false +default['postfix']['master']['maildrop']['chroot'] = false +default['postfix']['master']['maildrop']['command'] = 'pipe' +default['postfix']['master']['maildrop']['args'] = ['flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}'] + +default['postfix']['master']['old-cyrus']['active'] = false +default['postfix']['master']['old-cyrus']['comment'] = 'The Cyrus deliver program has changed incompatibly, multiple times.' +default['postfix']['master']['old-cyrus']['order'] = 520 +default['postfix']['master']['old-cyrus']['type'] = 'unix' +default['postfix']['master']['old-cyrus']['unpriv'] = false +default['postfix']['master']['old-cyrus']['chroot'] = false +default['postfix']['master']['old-cyrus']['command'] = 'pipe' +default['postfix']['master']['old-cyrus']['args'] = ['flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}'] + +default['postfix']['master']['cyrus']['active'] = true +default['postfix']['master']['cyrus']['comment'] = 'Cyrus 2.1.5 (Amos Gouaux). To main.cf will be added: cyrus_destination_recipient_limit=1' +default['postfix']['master']['cyrus']['order'] = 530 +default['postfix']['master']['cyrus']['type'] = 'unix' +default['postfix']['master']['cyrus']['unpriv'] = false +default['postfix']['master']['cyrus']['chroot'] = false +default['postfix']['master']['cyrus']['command'] = 'pipe' +default['postfix']['master']['cyrus']['args'] = ['user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}'] + +default['postfix']['master']['uucp']['active'] = true +default['postfix']['master']['uucp']['comment'] = 'See the Postfix UUCP_README file for configuration details.' +default['postfix']['master']['uucp']['order'] = 540 +default['postfix']['master']['uucp']['type'] = 'unix' +default['postfix']['master']['uucp']['unpriv'] = false +default['postfix']['master']['uucp']['chroot'] = false +default['postfix']['master']['uucp']['command'] = 'pipe' +default['postfix']['master']['uucp']['args'] = ['flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)'] + +default['postfix']['master']['ifmail']['active'] = false +default['postfix']['master']['ifmail']['order'] = 550 +default['postfix']['master']['ifmail']['type'] = 'unix' +default['postfix']['master']['ifmail']['unpriv'] = false +default['postfix']['master']['ifmail']['chroot'] = false +default['postfix']['master']['ifmail']['command'] = 'pipe' +default['postfix']['master']['ifmail']['args'] = ['flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)'] + +default['postfix']['master']['bsmtp']['active'] = true +default['postfix']['master']['bsmtp']['order'] = 560 +default['postfix']['master']['bsmtp']['type'] = 'unix' +default['postfix']['master']['bsmtp']['unpriv'] = false +default['postfix']['master']['bsmtp']['chroot'] = false +default['postfix']['master']['bsmtp']['command'] = 'pipe' +default['postfix']['master']['bsmtp']['args'] = ['flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient'] # OS Aliases case node['platform'] @@ -141,7 +395,3 @@ when 'freebsd' else default['postfix']['aliases'] = {} end - -if node['postfix']['use_relay_restirictions_maps'] - default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" -end diff --git a/recipes/_attributes.rb b/recipes/_attributes.rb index 7340b1e..aaaf8c1 100644 --- a/recipes/_attributes.rb +++ b/recipes/_attributes.rb @@ -58,3 +58,15 @@ end if node['postfix']['use_virtual_aliases_domains'] node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"] end + +if node['postfix']['use_relay_restirictions_maps'] + default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" +end + +if node['postfix']['master']['maildrop']['active'] + node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1 +end + +if node['postfix']['master']['cyrus']['active'] + node.default_unless['postfix']['main']['cyrus_destination_recipient_limit'] = 1 +end diff --git a/templates/default/master.cf.erb b/templates/default/master.cf.erb index ffa2aa5..52b6a1a 100644 --- a/templates/default/master.cf.erb +++ b/templates/default/master.cf.erb @@ -1,3 +1,6 @@ +# This file is generated by Chef for <%= node['fqdn'] %> +# +# Local changes will be overwritten # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). @@ -6,76 +9,60 @@ # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== -smtp inet n - n - - smtpd -<% if @settings['submission'] -%> -submission inet n - n - - smtpd - -o smtpd_enforce_tls=yes - -o smtpd_sasl_auth_enable=yes - -o smtpd_client_restrictions=permit_sasl_authenticated,reject +<% @settings.sort_by{|k,v| v['order']}.map do |service, properties| -%> +<% next if !properties['active'] -%> +<% if properties.has_key?('comment') -%> +# +#<%= properties['comment'] %> +<% end -%> +<% if properties.has_key?('service') -%> +<%= properties['service'].ljust(10) -%> +<% else -%> +<%= service.ljust(10) -%> +<% end -%> + <%= properties['type'].ljust(6) -%> +<% if properties.has_key?('private') -%> +<% if properties['private'] -%> +<% priv='y' -%> +<% else -%> +<% priv='n' -%> +<% end -%> +<% else -%> +<% priv='-' -%> +<% end -%> +<%= priv.ljust(8) -%> +<% if properties.has_key?('unpriv') -%> +<% if properties['unpriv'] -%> +<% unpriv='y' -%> +<% else -%> +<% unpriv='n' -%> +<% end -%> +<% else -%> +<% unpriv='-' -%> +<% end -%> +<%= unpriv.ljust(8) -%> +<% if properties.has_key?('chroot') -%> +<% if properties['chroot'] -%> +<% chroot='y' -%> +<% else -%> +<% chroot='n' -%> +<% end -%> +<% else -%> +<% chroot='-' -%> +<% end -%> +<%= chroot.ljust(7) -%> +<% if properties.has_key?('wakeup') -%> + <%= properties['wakeup'].ljust(7) -%> +<% else -%> + <%= '-'.ljust(7) -%> +<% end -%> +<% if properties.has_key?('maxproc') -%> + <%= properties['maxproc'].ljust(7) -%> +<% else -%> + <%= '-'.ljust(7) -%> +<% end -%> + <%= properties['command'] %> +<% properties['args'].each do |arg| -%> + <%= arg %> +<% end -%> <% end -%> -#smtps inet n - n - - smtpd -# -o smtpd_tls_wrappermode=yes -# -o smtpd_sasl_auth_enable=yes -# -o smtpd_client_restrictions=permit_sasl_authenticated,reject -#628 inet n - n - - qmqpd -pickup fifo n - n 60 1 pickup -cleanup unix n - n - 0 cleanup -qmgr fifo n - n 300 1 qmgr -#qmgr fifo n - n 300 1 oqmgr -tlsmgr unix - - n 1000? 1 tlsmgr -rewrite unix - - n - - trivial-rewrite -bounce unix - - n - 0 bounce -defer unix - - n - 0 bounce -trace unix - - n - 0 bounce -verify unix - - n - 1 verify -flush unix n - n 1000? 0 flush -proxymap unix - - n - - proxymap -smtp unix - - n - 500 smtp -# When relaying mail as backup MX, disable fallback_relay to avoid MX loops -relay unix - - n - - smtp - -o smtp_fallback_relay= -# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -showq unix n - n - - showq -error unix - - n - - error -discard unix - - n - - discard -local unix - n n - - local -virtual unix - n n - - virtual -lmtp unix - - n - - lmtp -anvil unix - - n - 1 anvil -scache unix - - n - 1 scache -# -# ==================================================================== -# Interfaces to non-Postfix software. Be sure to examine the manual -# pages of the non-Postfix software to find out what options it wants. -# -# Many of the following services use the Postfix pipe(8) delivery -# agent. See the pipe(8) man page for information about ${recipient} -# and other message envelope options. -# ==================================================================== -# -# maildrop. See the Postfix MAILDROP_README file for details. -# Also specify in main.cf: maildrop_destination_recipient_limit=1 -# -maildrop unix - n n - - pipe - flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} -# -# The Cyrus deliver program has changed incompatibly, multiple times. -# -old-cyrus unix - n n - - pipe - flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} -# Cyrus 2.1.5 (Amos Gouaux) -# Also specify in main.cf: cyrus_destination_recipient_limit=1 -cyrus unix - n n - - pipe - user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} -# -# See the Postfix UUCP_README file for configuration details. -# -uucp unix - n n - - pipe - flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) -# -# Other external delivery methods. -# -ifmail unix - n n - - pipe - flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) -bsmtp unix - n n - - pipe - flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient