Merge branch 'master' of git://github.com/voroniys/postfix into voroniys-master

2017-01-17 23:50:55 -08:00 · 2017-01-17 23:50:55 -08:00 · 3ea284d576
commit 3ea284d576
parent 4667cdfc1e ed2db2f63d
12 changed files with 574 additions and 150 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,6 @@
 # postfix Cookbook
-[![Build Status](https://travis-ci.org/chef-cookbooks/postfix.svg?branch=master)](https://travis-ci.org/chef-cookbooks/postfix)
+[![Build Status](https://travis-ci.org/chef-cookbooks/postfix.svg?branch=master)](https://travis-ci.org/chef-cookbooks/postfix) [![Cookbook Version](https://img.shields.io/cookbook/v/postfix.svg)](https://supermarket.chef.io/cookbooks/postfix)
 [![Cookbook Version](https://img.shields.io/cookbook/v/postfix.svg)](https://supermarket.chef.io/cookbooks/postfix)
 Installs and configures postfix for client or outbound relayhost, or to do SASL authentication.
@ -26,59 +25,60 @@ May work on other platforms with or without modification.
 - none
 ## Attributes
 See `attributes/default.rb` for default values.
 ### Generic cookbook attributes
 * `node['postfix']['mail_type']` - Sets the kind of mail configuration. `master` will set up a server (relayhost).
 * `node['postfix']['relayhost_role']` - name of a role used for search in the client recipe.
 * `node['postfix']['multi_environment_relay']` - set to true if nodes should not constrain search for the relayhost in their own environment.
 * `node['postfix']['use_procmail']` - set to true if nodes should use procmail as the delivery agent.
 * `node['postfix']['use_alias_maps']` - set to true if you want the cookbook to use/configure alias maps
 * `node['postfix']['use_transport_maps']` - set to true if you want the cookbook to use/configure transport maps
 * `node['postfix']['use_access_maps']` - set to true if you want the cookbook to use/configure access maps
 * `node['postfix']['use_virtual_aliases']` - set to true if you want the cookbook to use/configure virtual alias maps
 * `node['postfix']['use_relay_restrictions_maps']` - set to true if you want the cookbook to use/configure a list of domains to which postfix will allow relay
 * `node['postfix']['aliases']` - hash of aliases to create with `recipe[postfix::aliases]`, see below under __Recipes__ for more information.
 * `node['postfix']['transports']` - hash of transports to create with `recipe[postfix::transports]`, see below under __Recipes__ for more information.
 * `node['postfix']['access']` - hash of access to create with `recipe[postfix::access]`, see below under __Recipes__ for more information.
 * `node['postfix']['virtual_aliases']` - hash of virtual_aliases to create with `recipe[postfix::virtual_aliases]`, see below under __Recipes__ for more information.
 * `node['postfix']['main_template_source']` - Cookbook source for main.cf template. Default 'postfix'
 * `node['postfix']['master_template_source']` - Cookbook source for master.cf template. Default 'postfix'
-### main.cf and sasl\_passwd template attributes
+- `node['postfix']['mail_type']` - Sets the kind of mail configuration. `master` will set up a server (relayhost).
-The main.cf template has been simplified to include any attributes in the `node['postfix']['main']` data structure.  The following attributes are still included with this cookbook to maintain some semblance of backwards compatibility.
+- `node['postfix']['relayhost_role']` - name of a role used for search in the client recipe.
 - `node['postfix']['multi_environment_relay']` - set to true if nodes should not constrain search for the relayhost in their own environment.
 - `node['postfix']['use_procmail']` - set to true if nodes should use procmail as the delivery agent.
 - `node['postfix']['use_alias_maps']` - set to true if you want the cookbook to use/configure alias maps
 - `node['postfix']['use_transport_maps']` - set to true if you want the cookbook to use/configure transport maps
 - `node['postfix']['use_access_maps']` - set to true if you want the cookbook to use/configure access maps
 - `node['postfix']['use_virtual_aliases']` - set to true if you want the cookbook to use/configure virtual alias maps
 - `node['postfix']['use_relay_restrictions_maps']` - set to true if you want the cookbook to use/configure a list of domains to which postfix will allow relay
 - `node['postfix']['aliases']` - hash of aliases to create with `recipe[postfix::aliases]`, see below under **Recipes** for more information.
 - `node['postfix']['transports']` - hash of transports to create with `recipe[postfix::transports]`, see below under **Recipes** for more information.
 - `node['postfix']['access']` - hash of access to create with `recipe[postfix::access]`, see below under **Recipes** for more information.
 - `node['postfix']['virtual_aliases']` - hash of virtual_aliases to create with `recipe[postfix::virtual_aliases]`, see below under __Recipes__ for more information.
 - `node['postfix']['main_template_source']` - Cookbook source for main.cf template. Default 'postfix'
 - `node['postfix']['master_template_source']` - Cookbook source for master.cf template. Default 'postfix'
-This change in namespace to `node['postfix']['main']` should allow for greater flexibility, given the large number of configuration variables for the postfix daemon.  All of these cookbook attributes correspond to the option of the same name in `/etc/postfix/main.cf`.
+### main.cf and sasl_passwd template attributes
-* `node['postfix']['main']['biff']` - (yes/no); default no
+The main.cf template has been simplified to include any attributes in the `node['postfix']['main']` data structure. The following attributes are still included with this cookbook to maintain some semblance of backwards compatibility.
-* `node['postfix']['main']['append_dot_mydomain']` - (yes/no); default no
+
-* `node['postfix']['main']['myhostname']` - defaults to fqdn from Ohai
+This change in namespace to `node['postfix']['main']` should allow for greater flexibility, given the large number of configuration variables for the postfix daemon. All of these cookbook attributes correspond to the option of the same name in `/etc/postfix/main.cf`.
-* `node['postfix']['main']['mydomain']` - defaults to domain from Ohai
+
-* `node['postfix']['main']['myorigin']` - defaults to $myhostname
+- `node['postfix']['main']['biff']` - (yes/no); default no
-* `node['postfix']['main']['mynetworks']` - default is nil, which forces Postfix to default to loopback addresses.
+- `node['postfix']['main']['append_dot_mydomain']` - (yes/no); default no
-* `node['postfix']['main']['inet_interfaces']` - set to `loopback-only`, or `all` for server recipe
+- `node['postfix']['main']['myhostname']` - defaults to fqdn from Ohai
-* `node['postfix']['main']['alias_maps']` - set to `hash:/etc/aliases`
+- `node['postfix']['main']['mydomain']` - defaults to domain from Ohai
-* `node['postfix']['main']['mailbox_size_limit']` - set to `0` (disabled)
+- `node['postfix']['main']['myorigin']` - defaults to $myhostname
-* `node['postfix']['main']['mydestination']` - default fqdn, hostname, localhost.localdomain, localhost
+- `node['postfix']['main']['mynetworks']` - default is nil, which forces Postfix to default to loopback addresses.
-* `node['postfix']['main']['smtpd_use_tls']` - (yes/no); default yes. See conditional cert/key attributes.
+- `node['postfix']['main']['inet_interfaces']` - set to `loopback-only`, or `all` for server recipe
-  - `node['postfix']['main']['smtpd_tls_cert_file']` - conditional attribute, set to full path of server's x509 certificate.
+- `node['postfix']['main']['alias_maps']` - set to `hash:/etc/aliases`
-  - `node['postfix']['main']['smtpd_tls_key_file']` - conditional attribute, set to full path of server's private key
+- `node['postfix']['main']['mailbox_size_limit']` - set to `0` (disabled)
-  - `node['postfix']['main']['smtpd_tls_CAfile']` - set to platform specific CA bundle
+- `node['postfix']['main']['mydestination']` - default fqdn, hostname, localhost.localdomain, localhost
-  - `node['postfix']['main']['smtpd_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
+- `node['postfix']['main']['smtpd_use_tls']` - (yes/no); default yes. See conditional cert/key attributes.
-* `node['postfix']['main']['smtp_use_tls']` - (yes/no); default yes.  See following conditional attributes.
+- `node['postfix']['main']['smtpd_tls_cert_file']` - conditional attribute, set to full path of server's x509 certificate.
-  - `node['postfix']['main']['smtp_tls_CAfile']` - set to platform specific CA bundle
+- `node['postfix']['main']['smtpd_tls_key_file']` - conditional attribute, set to full path of server's private key
-  - `node['postfix']['main']['smtp_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
+- `node['postfix']['main']['smtpd_tls_CAfile']` - set to platform specific CA bundle
-* `node['postfix']['main']['smtp_sasl_auth_enable']` - (yes/no); default no.  If enabled, see following conditional attributes.
+- `node['postfix']['main']['smtpd_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
-  - `node['postfix']['main']['smtp_sasl_password_maps']` - Set to `hash:/etc/postfix/sasl_passwd` template file
+- `node['postfix']['main']['smtp_use_tls']` - (yes/no); default yes. See following conditional attributes.
-  - `node['postfix']['main']['smtp_sasl_security_options']` - Set to noanonymous
+- `node['postfix']['main']['smtp_tls_CAfile']` - set to platform specific CA bundle
-  - `node['postfix']['main']['relayhost']` - Set to empty string
+- `node['postfix']['main']['smtp_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
-  - `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as.  Default empty
+- `node['postfix']['main']['smtp_sasl_auth_enable']` - (yes/no); default no. If enabled, see following conditional attributes.
-  - `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use.  Default empty.
+- `node['postfix']['main']['smtp_sasl_password_maps']` - Set to `hash:/etc/postfix/sasl_passwd` template file
-* `node['postfix']['sender_canonical_map_entries']` - (hash with key value pairs); default not configured.  Setup generic canonical maps. See `man 5 canonical`. If has at least one value, then will be enabled in config.
+- `node['postfix']['main']['smtp_sasl_security_options']` - Set to noanonymous
-* `node['postfix']['smtp_generic_map_entries']` - (hash with key value pairs); default not configured.  Setup generic postfix maps. See `man 5 generic`. If has at least one value, then will be enabled in config.
+- `node['postfix']['main']['relayhost']` - Set to empty string
 - `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as. Default empty
 - `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use. Default empty.
 - `node['postfix']['sender_canonical_map_entries']` - (hash with key value pairs); default not configured. Setup generic canonical maps. See `man 5 canonical`. If has at least one value, then will be enabled in config.
 - `node['postfix']['smtp_generic_map_entries']` - (hash with key value pairs); default not configured. Setup generic postfix maps. See `man 5 generic`. If has at least one value, then will be enabled in config.
 Example of json role config, for setup *_map_entries:
@ -91,14 +91,78 @@ Example of json role config, for setup *_map_entries:
 `}`
 ### master.cf template attributes
 * `node['postfix']['master']['submission'] - Whether to use submission (TCP 587) daemon. (true/false); default false
 The master.cf template has been changed to allow full customization of the file content. For purpose of backwards compatibility default attributes generate the same master.cf. But via `node['postfix']['master']` data structure in your role for instance it can be completelly rewritten.
 Examples of json role config, for customize master.cf:
 `postfix : {`
 `...`
 turn some services off or on:
 ```json
  "master" : {
    "smtps": {
      "active": true
    },
    "old-cyrus": {
      "active": false
    },
    "cyrus": {
      "active": false
    },
    "uucp": {
      "active": false
    },
    "ifmail": {
      "active": false
    },
 ```
 `...` define you own service:
 ```json
    "spamfilter": {
      "comment": "My own spamfilter",
      "active": true,
      "order": 590,
      "type": "unix",
      "unpriv": false,
      "chroot": false,
      "command": "pipe",
      "args": ["flags=Rq user=spamd argv=/usr/bin/spamfilter.sh -oi -f ${sender} ${recipient}"]
    }
 ```
 `...`
 `}` `}`
 The possible service hash fields and their meanings: hash key - have to be unique, unless you wish to override default definition.
 Field   | Mandatory | Description
 ------- | --------- | --------------------------------------------------------------------
 active  | Yes       | Boolean. Defines whether or not the service needs to be in master.cf
 comment | No        | If you would like to add a comment line before service line
 order   | Yes       | Number to define the order of lines in the file
 type    | Yes       | Type of the service (inet, unix, fifo)
 private | No        | Boolean. If present replaced by `y` or `n`, otherwise by `-`
 unpriv  | No        | Boolean. If present replaced by `y` or `n`, otherwise by `-`
 chroot  | No        | Boolean. If present replaced by `y` or `n`, otherwise by `-`
 wakeup  | No        | String. If present value placed in file, otherwise replaced by `-`
 maxproc | No        | String. If present value placed in file, otherwise replaced by `-`
 command | Yes       | String. The command to be executed.
 args    | Yes       | String. Arguments passed to command.
 For more information about meaning of the fields consult `master (5)` manual: <http://www.postfix.org/master.5.html>
 ## Recipes
 ### default
-Installs the postfix package and manages the service and the main configuration files (`/etc/postfix/main.cf` and `/etc/postfix/master.cf`). See __Usage__ and __Examples__ to see how to affect behavior of this recipe through configuration. Depending on the `node['postfix']['use_alias_maps']`, `node['postfix']['use_transport_maps']`, `node['postfix']['use_access_maps']` and `node['postfix']['use_virtual_aliases']` attributes the default recipe can call additional recipes to manage additional postfix configuration files
+Installs the postfix package and manages the service and the main configuration files (`/etc/postfix/main.cf` and `/etc/postfix/master.cf`). See **Usage** and **Examples** to see how to affect behavior of this recipe through configuration. Depending on the `node['postfix']['use_alias_maps']`, `node['postfix']['use_transport_maps']`, `node['postfix']['use_access_maps']` and `node['postfix']['use_virtual_aliases']` attributes the default recipe can call additional recipes to manage additional postfix configuration files
 For a more dynamic approach to discovery for the relayhost, see the `client` and `server` recipes below.
@ -110,7 +174,7 @@ Includes the default recipe to install, configure and start postfix.
 Does not work with `chef-solo`.
-### sasl\_auth
+### sasl_auth
 Sets up the system to authenticate with a remote mail relay using SASL authentication.
@ -120,12 +184,70 @@ To use Chef Server search to automatically detect a node that is the relayhost,
 **Note** This recipe will set the `node['postfix']['mail_type']` to "master" with an override attribute.
 ### maps
 General recipe to manage any number of any type postfix lookup tables. You can replace with it recipes like `transport` or `virtual_aliases`, but what is more important - you can create any kinds of maps, which has no own recipe, including database lookup maps configuration. `maps` is a hash keys of which is a lookup table type and value is another hash with filenames as the keys and hash with file content as the value. File content is an any number of key/value pairs which meaning depends on lookup table type. Examlle:
 ```json
  "override_attributes": {
    "postfix": {
      "maps": {
        "hash": {
          "/etc/postfix/vmailbox": {
            "john@example.com": "ok",
            "john@example.net": "ok",
          },
          "/etc/postfix/virtual": {
            "postmaster@example.com": "john@example.com",
            "postmaster@example.net": "john@example.net",
            "root@mail.example.net": "john@example.net"
          },
          "/etc/postfix/envelope_senders": {
            "@example.com": "john@example.com",
            "@example.net": "john@example.net"
          },
          "/etc/postfix/relay_recipients": {
            "john@example.net": "ok",
            "john@example.com": "ok",
            "admin@example.com": "ok",
          }
       },
       "pgsql": {
          "/etc/postfix/pgtest": {
            "hosts": "db.local:2345",
            "user": "postfix",
            "password": "test",
            "dbname": "postdb",
            "query": "SELECT replacement FROM aliases WHERE mailbox = '%s'"
          }
        }
     }
  }
 ```
 To use these files in your configuration reference them in `node['postfix']['main']`, for instance:
 ```json
    "postfix": {
      "main": {
        "smtpd_sender_login_maps": "hash:/etc/postfix/envelope_senders",
        "relay_recipient_maps": "hash:/etc/postfix/relay_recipients",
        "virtual_mailbox_maps": "hash:/etc/postfix/vmailbox",
        "virtual_alias_maps": "hash:/etc/postfix/virtual",
      }
    }
 ```
 ### aliases
 Manage `/etc/aliases` with this recipe. Currently only Ubuntu 10.04 platform has a template for the aliases file. Add your aliases template to the `templates/default` or to the appropriate platform+version directory per the File Specificity rules for templates. Then specify a hash of aliases for the `node['postfix']['aliases']` attribute.
 Arrays are supported as alias values, since postfix supports comma separated values per alias, simply specify your alias as an array to use this handy feature.
 ### aliases
 Manage `/etc/aliases` with this recipe.
 ### transports
 Manage `/etc/postfix/transport` with this recipe.
@ -140,23 +262,19 @@ Manage `/etc/postfix/virtual` with this recipe.
 ### relay_restrictions
-Manage `/etc/postfix/relay_restriction` with this recipe
+Manage `/etc/postfix/relay_restriction` with this recipe The postfix option smtpd_relay_restrictions in main.cf will point to this hash map db.
 The postfix option smtpd_relay_restrictions in main.cf will point to this hash map db.  
 http://wiki.chef.io/display/chef/Templates#Templates-TemplateLocationSpecificity
 <http://wiki.chef.io/display/chef/Templates#Templates-TemplateLocationSpecificity>
 ## Usage
 On systems that should simply send mail directly to a relay, or out to the internet, use `recipe[postfix]` and modify the `node['postfix']['main']['relayhost']` attribute via a role.
-On systems that should be the MX for a domain, set the attributes accordingly and make sure the `node['postfix']['mail_type']` attribute is `master`. See __Examples__ for information on how to use `recipe[postfix::server]` to do this automatically.
+On systems that should be the MX for a domain, set the attributes accordingly and make sure the `node['postfix']['mail_type']` attribute is `master`. See **Examples** for information on how to use `recipe[postfix::server]` to do this automatically.
 If you need to use SASL authentication to send mail through your ISP (such as on a home network), use `postfix::sasl_auth` and set the appropriate attributes.
-For each of these implementations, see __Examples__ for role usage.
+For each of these implementations, see **Examples** for role usage.
 ### Examples
@ -222,9 +340,10 @@ override_attributes(
 For an example of using encrypted data bags to encrypt the SASL password, see the following blog post:
-* http://jtimberman.github.com/blog/2011/08/06/encrypted-data-bag-for-postfix-sasl-authentication/
+- <http://jtimberman.github.com/blog/2011/08/06/encrypted-data-bag-for-postfix-sasl-authentication/>
 #### Examples using the client & server recipes
 If you'd like to use the more dynamic search based approach for discovery, use the server and client recipes. First, create a relayhost role.
 ```ruby
@ -308,9 +427,10 @@ override_attributes(
 ## License & Authors
-**Author:** Cookbook Engineering Team (<cookbooks@chef.io>)
+**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))
 **Copyright:** 2009-2016, Chef Software, Inc.
 ```
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/attributes/default.rb
+++ b/attributes/default.rb
@ -117,7 +117,261 @@ end
 # default['postfix']['main']['canonical_maps'] = nil
 # Master.cf attributes
-default['postfix']['master']['submission'] = false
+default['postfix']['master']['smtp']['active'] = true
 default['postfix']['master']['smtp']['order'] = 10
 default['postfix']['master']['smtp']['type'] = 'inet'
 default['postfix']['master']['smtp']['private'] = false
 default['postfix']['master']['smtp']['chroot'] = false
 default['postfix']['master']['smtp']['command'] = 'smtpd'
 default['postfix']['master']['smtp']['args'] = []
 default['postfix']['master']['submission']['active'] = false
 default['postfix']['master']['submission']['order'] = 20
 default['postfix']['master']['submission']['type'] = 'inet'
 default['postfix']['master']['submission']['private'] = false
 default['postfix']['master']['submission']['chroot'] = false
 default['postfix']['master']['submission']['command'] = 'smtpd'
 default['postfix']['master']['submission']['args'] = ['-o smtpd_enforce_tls=yes', ' -o smtpd_sasl_auth_enable=yes', '-o smtpd_client_restrictions=permit_sasl_authenticated,reject']
 default['postfix']['master']['smtps']['active'] = false
 default['postfix']['master']['smtps']['order'] = 30
 default['postfix']['master']['smtps']['type'] = 'inet'
 default['postfix']['master']['smtps']['private'] = false
 default['postfix']['master']['smtps']['chroot'] = false
 default['postfix']['master']['smtps']['command'] = 'smtpd'
 default['postfix']['master']['smtps']['args'] = ['-o smtpd_tls_wrappermode=yes', '-o smtpd_sasl_auth_enable=yes', '-o smtpd_client_restrictions=permit_sasl_authenticated,reject']
 default['postfix']['master']['628']['active'] = false
 default['postfix']['master']['628']['order'] = 40
 default['postfix']['master']['628']['type'] = 'inet'
 default['postfix']['master']['628']['private'] = false
 default['postfix']['master']['628']['chroot'] = false
 default['postfix']['master']['628']['command'] = 'qmqpdd'
 default['postfix']['master']['628']['args'] = []
 default['postfix']['master']['pickup']['active'] = true
 default['postfix']['master']['pickup']['order'] = 50
 default['postfix']['master']['pickup']['type'] = 'fifo'
 default['postfix']['master']['pickup']['private'] = false
 default['postfix']['master']['pickup']['chroot'] = false
 default['postfix']['master']['pickup']['wakeup'] = '60'
 default['postfix']['master']['pickup']['maxproc'] = '1'
 default['postfix']['master']['pickup']['command'] = 'pickup'
 default['postfix']['master']['pickup']['args'] = []
 default['postfix']['master']['cleanup']['active'] = true
 default['postfix']['master']['cleanup']['order'] = 60
 default['postfix']['master']['cleanup']['type'] = 'unix'
 default['postfix']['master']['cleanup']['private'] = false
 default['postfix']['master']['cleanup']['chroot'] = false
 default['postfix']['master']['cleanup']['maxproc'] = '0'
 default['postfix']['master']['cleanup']['command'] = 'cleanup'
 default['postfix']['master']['cleanup']['args'] = []
 default['postfix']['master']['qmgr']['active'] = true
 default['postfix']['master']['qmgr']['order'] = 70
 default['postfix']['master']['qmgr']['type'] = 'fifo'
 default['postfix']['master']['qmgr']['private'] = false
 default['postfix']['master']['qmgr']['chroot'] = false
 default['postfix']['master']['qmgr']['wakeup'] = '300'
 default['postfix']['master']['qmgr']['maxproc'] = '1'
 default['postfix']['master']['qmgr']['command'] = 'qmgr'
 default['postfix']['master']['qmgr']['args'] = []
 default['postfix']['master']['tlsmgr']['active'] = true
 default['postfix']['master']['tlsmgr']['order'] = 80
 default['postfix']['master']['tlsmgr']['type'] = 'unix'
 default['postfix']['master']['tlsmgr']['chroot'] = false
 default['postfix']['master']['tlsmgr']['wakeup'] = '1000?'
 default['postfix']['master']['tlsmgr']['maxproc'] = '1'
 default['postfix']['master']['tlsmgr']['command'] = 'tlsmgr'
 default['postfix']['master']['tlsmgr']['args'] = []
 default['postfix']['master']['rewrite']['active'] = true
 default['postfix']['master']['rewrite']['order'] = 90
 default['postfix']['master']['rewrite']['type'] = 'unix'
 default['postfix']['master']['rewrite']['chroot'] = false
 default['postfix']['master']['rewrite']['command'] = 'trivial-rewrite'
 default['postfix']['master']['rewrite']['args'] = []
 default['postfix']['master']['bounce']['active'] = true
 default['postfix']['master']['bounce']['order'] = 100
 default['postfix']['master']['bounce']['type'] = 'unix'
 default['postfix']['master']['bounce']['chroot'] = false
 default['postfix']['master']['bounce']['maxproc'] = '0'
 default['postfix']['master']['bounce']['command'] = 'bounce'
 default['postfix']['master']['bounce']['args'] = []
 default['postfix']['master']['defer']['active'] = true
 default['postfix']['master']['defer']['order'] = 110
 default['postfix']['master']['defer']['type'] = 'unix'
 default['postfix']['master']['defer']['chroot'] = false
 default['postfix']['master']['defer']['maxproc'] = '0'
 default['postfix']['master']['defer']['command'] = 'bounce'
 default['postfix']['master']['defer']['args'] = []
 default['postfix']['master']['trace']['active'] = true
 default['postfix']['master']['trace']['order'] = 120
 default['postfix']['master']['trace']['type'] = 'unix'
 default['postfix']['master']['trace']['chroot'] = false
 default['postfix']['master']['trace']['maxproc'] = '0'
 default['postfix']['master']['trace']['command'] = 'bounce'
 default['postfix']['master']['trace']['args'] = []
 default['postfix']['master']['verify']['active'] = true
 default['postfix']['master']['verify']['order'] = 130
 default['postfix']['master']['verify']['type'] = 'unix'
 default['postfix']['master']['verify']['chroot'] = false
 default['postfix']['master']['verify']['maxproc'] = '1'
 default['postfix']['master']['verify']['command'] = 'verify'
 default['postfix']['master']['verify']['args'] = []
 default['postfix']['master']['flush']['active'] = true
 default['postfix']['master']['flush']['order'] = 140
 default['postfix']['master']['flush']['type'] = 'unix'
 default['postfix']['master']['flush']['private'] = false
 default['postfix']['master']['flush']['chroot'] = false
 default['postfix']['master']['flush']['wakeup'] = '1000?'
 default['postfix']['master']['flush']['maxproc'] = '0'
 default['postfix']['master']['flush']['command'] = 'flush'
 default['postfix']['master']['flush']['args'] = []
 default['postfix']['master']['proxymap']['active'] = true
 default['postfix']['master']['proxymap']['order'] = 150
 default['postfix']['master']['proxymap']['type'] = 'unix'
 default['postfix']['master']['proxymap']['chroot'] = false
 default['postfix']['master']['proxymap']['command'] = 'proxymap'
 default['postfix']['master']['proxymap']['args'] = []
 default['postfix']['master']['smtpunix']['service'] = 'smtp'
 default['postfix']['master']['smtpunix']['active'] = true
 default['postfix']['master']['smtpunix']['order'] = 160
 default['postfix']['master']['smtpunix']['type'] = 'unix'
 default['postfix']['master']['smtpunix']['chroot'] = false
 default['postfix']['master']['smtpunix']['maxproc'] = '500'
 default['postfix']['master']['smtpunix']['command'] = 'smtp'
 default['postfix']['master']['smtpunix']['args'] = []
 default['postfix']['master']['relay']['active'] = true
 default['postfix']['master']['relay']['comment'] = 'When relaying mail as backup MX, disable fallback_relay to avoid MX loops'
 default['postfix']['master']['relay']['order'] = 170
 default['postfix']['master']['relay']['type'] = 'unix'
 default['postfix']['master']['relay']['chroot'] = false
 default['postfix']['master']['relay']['command'] = 'smtp'
 default['postfix']['master']['relay']['args'] = ['-o smtp_fallback_relay=']
 default['postfix']['master']['showq']['active'] = true
 default['postfix']['master']['showq']['order'] = 180
 default['postfix']['master']['showq']['type'] = 'unix'
 default['postfix']['master']['showq']['private'] = false
 default['postfix']['master']['showq']['chroot'] = false
 default['postfix']['master']['showq']['command'] = 'showq'
 default['postfix']['master']['showq']['args'] = []
 default['postfix']['master']['error']['active'] = true
 default['postfix']['master']['error']['order'] = 190
 default['postfix']['master']['error']['type'] = 'unix'
 default['postfix']['master']['error']['chroot'] = false
 default['postfix']['master']['error']['command'] = 'error'
 default['postfix']['master']['error']['args'] = []
 default['postfix']['master']['discard']['active'] = true
 default['postfix']['master']['discard']['order'] = 200
 default['postfix']['master']['discard']['type'] = 'unix'
 default['postfix']['master']['discard']['chroot'] = false
 default['postfix']['master']['discard']['command'] = 'discard'
 default['postfix']['master']['discard']['args'] = []
 default['postfix']['master']['local']['active'] = true
 default['postfix']['master']['local']['order'] = 210
 default['postfix']['master']['local']['type'] = 'unix'
 default['postfix']['master']['local']['unpriv'] = false
 default['postfix']['master']['local']['chroot'] = false
 default['postfix']['master']['local']['command'] = 'local'
 default['postfix']['master']['local']['args'] = []
 default['postfix']['master']['virtual']['active'] = true
 default['postfix']['master']['virtual']['order'] = 220
 default['postfix']['master']['virtual']['type'] = 'unix'
 default['postfix']['master']['virtual']['unpriv'] = false
 default['postfix']['master']['virtual']['chroot'] = false
 default['postfix']['master']['virtual']['command'] = 'virtual'
 default['postfix']['master']['virtual']['args'] = []
 default['postfix']['master']['lmtp']['active'] = true
 default['postfix']['master']['lmtp']['order'] = 230
 default['postfix']['master']['lmtp']['type'] = 'unix'
 default['postfix']['master']['lmtp']['chroot'] = false
 default['postfix']['master']['lmtp']['command'] = 'lmtp'
 default['postfix']['master']['lmtp']['args'] = []
 default['postfix']['master']['anvil']['active'] = true
 default['postfix']['master']['anvil']['order'] = 240
 default['postfix']['master']['anvil']['type'] = 'unix'
 default['postfix']['master']['anvil']['chroot'] = false
 default['postfix']['master']['anvil']['maxproc'] = '1'
 default['postfix']['master']['anvil']['command'] = 'anvil'
 default['postfix']['master']['anvil']['args'] = []
 default['postfix']['master']['scache']['active'] = true
 default['postfix']['master']['scache']['order'] = 250
 default['postfix']['master']['scache']['type'] = 'unix'
 default['postfix']['master']['scache']['chroot'] = false
 default['postfix']['master']['scache']['maxproc'] = '1'
 default['postfix']['master']['scache']['command'] = 'scache'
 default['postfix']['master']['scache']['args'] = []
 default['postfix']['master']['maildrop']['active'] = true
 default['postfix']['master']['maildrop']['comment'] = 'See the Postfix MAILDROP_README file for details. To main.cf will be added: maildrop_destination_recipient_limit=1'
 default['postfix']['master']['maildrop']['order'] = 510
 default['postfix']['master']['maildrop']['type'] = 'unix'
 default['postfix']['master']['maildrop']['unpriv'] = false
 default['postfix']['master']['maildrop']['chroot'] = false
 default['postfix']['master']['maildrop']['command'] = 'pipe'
 default['postfix']['master']['maildrop']['args'] = ['flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}']
 default['postfix']['master']['old-cyrus']['active'] = false
 default['postfix']['master']['old-cyrus']['comment'] = 'The Cyrus deliver program has changed incompatibly, multiple times.'
 default['postfix']['master']['old-cyrus']['order'] = 520
 default['postfix']['master']['old-cyrus']['type'] = 'unix'
 default['postfix']['master']['old-cyrus']['unpriv'] = false
 default['postfix']['master']['old-cyrus']['chroot'] = false
 default['postfix']['master']['old-cyrus']['command'] = 'pipe'
 default['postfix']['master']['old-cyrus']['args'] = ['flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}']
 default['postfix']['master']['cyrus']['active'] = true
 default['postfix']['master']['cyrus']['comment'] = 'Cyrus 2.1.5 (Amos Gouaux). To main.cf will be added: cyrus_destination_recipient_limit=1'
 default['postfix']['master']['cyrus']['order'] = 530
 default['postfix']['master']['cyrus']['type'] = 'unix'
 default['postfix']['master']['cyrus']['unpriv'] = false
 default['postfix']['master']['cyrus']['chroot'] = false
 default['postfix']['master']['cyrus']['command'] = 'pipe'
 default['postfix']['master']['cyrus']['args'] = ['user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}']
 default['postfix']['master']['uucp']['active'] = true
 default['postfix']['master']['uucp']['comment'] = 'See the Postfix UUCP_README file for configuration details.'
 default['postfix']['master']['uucp']['order'] = 540
 default['postfix']['master']['uucp']['type'] = 'unix'
 default['postfix']['master']['uucp']['unpriv'] = false
 default['postfix']['master']['uucp']['chroot'] = false
 default['postfix']['master']['uucp']['command'] = 'pipe'
 default['postfix']['master']['uucp']['args'] = ['flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)']
 default['postfix']['master']['ifmail']['active'] = false
 default['postfix']['master']['ifmail']['order'] = 550
 default['postfix']['master']['ifmail']['type'] = 'unix'
 default['postfix']['master']['ifmail']['unpriv'] = false
 default['postfix']['master']['ifmail']['chroot'] = false
 default['postfix']['master']['ifmail']['command'] = 'pipe'
 default['postfix']['master']['ifmail']['args'] = ['flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)']
 default['postfix']['master']['bsmtp']['active'] = true
 default['postfix']['master']['bsmtp']['order'] = 560
 default['postfix']['master']['bsmtp']['type'] = 'unix'
 default['postfix']['master']['bsmtp']['unpriv'] = false
 default['postfix']['master']['bsmtp']['chroot'] = false
 default['postfix']['master']['bsmtp']['command'] = 'pipe'
 default['postfix']['master']['bsmtp']['args'] = ['flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient']
 # OS Aliases
 default['postfix']['aliases'] = case node['platform']
--- a/metadata.rb
+++ b/metadata.rb
@ -14,6 +14,7 @@ recipe 'postfix::access', 'Manages /etc/postfix/access'
 recipe 'postfix::virtual_aliases', 'Manages /etc/postfix/virtual'
 recipe 'postfix::client', 'Searches for the relayhost based on an attribute'
 recipe 'postfix::server', 'Sets the mail_type attribute to master'
 recipe 'postfix::maps', 'Manages any number of any type postfix lookup tables'
 %w(ubuntu debian redhat centos amazon oracle scientific smartos fedora).each do |os|
  supports os
--- a/recipes/_attributes.rb
+++ b/recipes/_attributes.rb
@ -57,3 +57,15 @@ end
 if node['postfix']['use_virtual_aliases_domains']
  node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"]
 end
 if node['postfix']['use_relay_restirictions_maps']
  default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject"
 end
 if node['postfix']['master']['maildrop']['active']
  node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1
 end
 if node['postfix']['master']['cyrus']['active']
  node.default_unless['postfix']['main']['cyrus_destination_recipient_limit'] = 1
 end
--- a/recipes/_common.rb
+++ b/recipes/_common.rb
@ -99,7 +99,7 @@ unless node['postfix']['smtp_generic_map_entries'].empty?
  template "#{node['postfix']['conf_dir']}/smtp_generic" do
    owner 'root'
    group node['root_group']
-    mode  '0644'
+    mode '0644'
    notifies :run, 'execute[update-postfix-smtp_generic]'
    notifies :reload, 'service[postfix]'
  end
--- a/recipes/aliases.rb
+++ b/recipes/aliases.rb
@ -1,4 +1,4 @@
-# Copyright:: 2012-2016, Chef Software, Inc.
+# Copyright:: Copyright 2012-2016, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -19,7 +19,7 @@ execute 'update-postfix-aliases' do
  command 'newaliases'
  environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
  # On FreeBSD, /usr/sbin/newaliases is the sendmail command, and it's in the path before postfix's /usr/local/bin/newaliases
-  environment ({ 'PATH' => "/usr/local/bin:#{ENV['PATH']}" }) if platform_family?('freebsd') # rubocop: disable Lint/ParenthesesAsGroupedExpression
+  environment('PATH' => "/usr/local/bin:#{ENV['PATH']}") if platform_family?('freebsd')
  action :nothing
 end
--- a/recipes/default.rb
+++ b/recipes/default.rb
@ -19,9 +19,7 @@
 include_recipe 'postfix::_common'
-if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
+include_recipe 'postfix::sasl_auth' if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
  include_recipe 'postfix::sasl_auth'
 end
 include_recipe 'postfix::aliases' if node['postfix']['use_alias_maps']
@ -29,14 +27,10 @@ include_recipe 'postfix::transports' if node['postfix']['use_transport_maps']
 include_recipe 'postfix::access' if node['postfix']['use_access_maps']
-if node['postfix']['use_virtual_aliases']
+include_recipe 'postfix::virtual_aliases' if node['postfix']['use_virtual_aliases']
  include_recipe 'postfix::virtual_aliases'
 end
-if node['postfix']['use_virtual_aliases_domains']
+include_recipe 'postfix::virtual_aliases_domains' if node['postfix']['use_virtual_aliases_domains']
  include_recipe 'postfix::virtual_aliases_domains'
 end
-if node['postfix']['use_relay_restrictions_maps']
+include_recipe 'postfix::relay_restrictions' if node['postfix']['use_relay_restrictions_maps']
-  include_recipe 'postfix::relay_restrictions'
+
-end
+include_recipe 'postfix::maps' if node['postfix']['maps']
--- a/recipes/maps.rb
+++ b/recipes/maps.rb
@ -0,0 +1,47 @@
 # encoding: utf-8
 # Copyright:: Copyright (c) 2012, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
 node['postfix']['maps'].each do |type, maps|
  if node['platform_family'] == 'debian'
    package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
  end
  if %w(pgsql mysql ldap memcache sqlite).include?(type)
    separator = ' = '
  else
    separator = ' '
  end
  maps.each do |file, content|
    execute "update-postmap-#{file}" do
      command "postmap #{file}"
      environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
      action :nothing
    end if %w(btree cdb dbm hash sdbm).include?(type)
    template "#{file}-#{type}" do
      path file
      source 'maps.erb'
      only_if "postconf -m | grep -q #{type}"
      variables(
        map: content,
        separator: separator
      )
      if %w(btree cdb dbm hash sdbm).include?(type)
        notifies :run, "execute[update-postmap-#{file}]"
      end
      notifies :restart, 'service[postfix]'
    end
  end
 end
--- a/spec/wrapper_spec.rb
+++ b/spec/wrapper_spec.rb
@ -15,6 +15,7 @@ describe 'test::default' do
      expect(chef_run.node['postfix']['main']['relayhost']).to eq('please')
      expect(chef_run.node['postfix']['main']['smtp_sasl_security_options']).to eq('keep')
      expect(chef_run.node['postfix']['sasl']['smtp_sasl_user_name']).to eq('us')
      expect(chef_run.node['postfix']['sasl']['smtp_sasl_passwd']).to eq('happy')
    end
  end
 end
--- a/templates/default/maps.erb
+++ b/templates/default/maps.erb
@ -0,0 +1,8 @@
 #
 # This file is generated by Chef.
 # Local changes will be overwritten
 #
 <% @map.each do |key, value| -%>
 <%= key %><%= @separator %><%= value %>
 <% end unless @map.nil? -%>
--- a/templates/default/master.cf.erb
+++ b/templates/default/master.cf.erb
@ -1,3 +1,5 @@
 # This file is generated by Chef.
 # Local changes will be overwritten
 #
 # Postfix master process configuration file.  For details on the format
 # of the file, see the master(5) manual page (command: "man 5 master").
@ -6,76 +8,60 @@
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
-smtp      inet  n       -       n       -       -       smtpd
+<% @settings.sort_by{|k,v| v['order']}.map do |service, properties| -%>
-<% if @settings['submission'] -%>
+<%  next if !properties['active'] -%>
-submission inet n       -       n       -       -       smtpd
+<%  if properties.has_key?('comment') -%>
-  -o smtpd_enforce_tls=yes
+#
-  -o smtpd_sasl_auth_enable=yes
+#<%=  properties['comment'] %>
-  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+<%  end -%>
 <%  if properties.has_key?('service') -%>
 <%= properties['service'].ljust(10) -%>
 <%  else -%>
 <%= service.ljust(10) -%>
 <%  end -%>
 <%= properties['type'].ljust(6) -%>
 <%  if properties.has_key?('private') -%>
 <%   if properties['private'] -%>
 <% priv='y' -%>
 <%   else -%>
 <% priv='n' -%>
 <%   end -%>
 <%  else -%>
 <% priv='-' -%>
 <%  end -%>
 <%=  priv.ljust(8) -%>
 <%  if properties.has_key?('unpriv') -%>
 <%   if properties['unpriv'] -%>
 <% unpriv='y' -%>
 <%   else -%>
 <% unpriv='n' -%>
 <%   end -%>
 <%  else -%>
 <% unpriv='-' -%>
 <%  end -%>
 <%=  unpriv.ljust(8) -%>
 <%  if properties.has_key?('chroot') -%>
 <%   if properties['chroot'] -%>
 <% chroot='y' -%>
 <%   else -%>
 <% chroot='n' -%>
 <%   end -%>
 <%  else -%>
 <% chroot='-' -%>
 <%  end -%>
 <%=  chroot.ljust(7) -%>
 <%  if properties.has_key?('wakeup') -%>
 <%= properties['wakeup'].ljust(7) -%>
 <%  else -%>
 <%=  '-'.ljust(7) -%>
 <%  end -%>
 <%  if properties.has_key?('maxproc') -%>
 <%= properties['maxproc'].ljust(7) -%>
 <%  else -%>
 <%=  '-'.ljust(7) -%>
 <%  end -%>
 <%= properties['command'] %>
 <%  properties['args'].each do |arg| -%>
  <%= arg %>
 <%  end -%>
 <% end -%>
 #smtps     inet  n       -       n       -       -       smtpd
 #  -o smtpd_tls_wrappermode=yes
 #  -o smtpd_sasl_auth_enable=yes
 #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 #628      inet  n       -       n       -       -       qmqpd
 pickup    fifo  n       -       n       60      1       pickup
 cleanup   unix  n       -       n       -       0       cleanup
 qmgr      fifo  n       -       n       300     1       qmgr
 #qmgr     fifo  n       -       n       300     1       oqmgr
 tlsmgr    unix  -       -       n       1000?   1       tlsmgr
 rewrite   unix  -       -       n       -       -       trivial-rewrite
 bounce    unix  -       -       n       -       0       bounce
 defer     unix  -       -       n       -       0       bounce
 trace     unix  -       -       n       -       0       bounce
 verify    unix  -       -       n       -       1       verify
 flush     unix  n       -       n       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
 smtp      unix  -       -       n       -       500     smtp
 # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
 relay     unix  -       -       n       -       -       smtp
 	-o smtp_fallback_relay=
 #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
 showq     unix  n       -       n       -       -       showq
 error     unix  -       -       n       -       -       error
 discard   unix  -       -       n       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
 lmtp      unix  -       -       n       -       -       lmtp
 anvil     unix  -       -       n       -       1       anvil
 scache	  unix	-	-	n	-	1	scache
 #
 # ====================================================================
 # Interfaces to non-Postfix software. Be sure to examine the manual
 # pages of the non-Postfix software to find out what options it wants.
 #
 # Many of the following services use the Postfix pipe(8) delivery
 # agent.  See the pipe(8) man page for information about ${recipient}
 # and other message envelope options.
 # ====================================================================
 #
 # maildrop. See the Postfix MAILDROP_README file for details.
 # Also specify in main.cf: maildrop_destination_recipient_limit=1
 #
 maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
 #
 # The Cyrus deliver program has changed incompatibly, multiple times.
 #
 old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
 # Cyrus 2.1.5 (Amos Gouaux)
 # Also specify in main.cf: cyrus_destination_recipient_limit=1
 cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
 #
 # See the Postfix UUCP_README file for configuration details.
 #
 uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
 #
 # Other external delivery methods.
 #
 ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
 bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
--- a/test/fixtures/cookbooks/test/attributes/default.rb
+++ b/test/fixtures/cookbooks/test/attributes/default.rb
@ -1,5 +1,6 @@
 default['postfix']['main']['smtp_sasl_auth_enable'] = 'yes'
 default['postfix']['main']['relayhost'] = 'please'
-default['postfix']['sasl']['smtp_sasl_user_name'] = 'keep'
+default['postfix']['main']['smtp_sasl_security_options'] = 'keep'
-default['postfix']['sasl']['smtp_sasl_passwd'] = 'us'
+default['postfix']['sasl']['smtp_sasl_user_name'] = 'us'
 default['postfix']['sasl']['smtp_sasl_passwd'] = 'happy'
 default['postfix']['sender_canonical_map_entries'] = {}