kosmos/postfix-cookbook
8
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of git://github.com/voroniys/postfix into voroniys-master

Browse Source
This commit is contained in:
Tim Smith 2017-01-17 23:50:55 -08:00
commit 3ea284d576
12 changed files with 574 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

214
README.md
View File

@ -1,7 +1,6 @@
# postfix Cookbook
[![Build Status](https://travis-ci.org/chef-cookbooks/postfix.svg?branch=master)](https://travis-ci.org/chef-cookbooks/postfix)
[![Cookbook Version](https://img.shields.io/cookbook/v/postfix.svg)](https://supermarket.chef.io/cookbooks/postfix)
[![Build Status](https://travis-ci.org/chef-cookbooks/postfix.svg?branch=master)](https://travis-ci.org/chef-cookbooks/postfix) [![Cookbook Version](https://img.shields.io/cookbook/v/postfix.svg)](https://supermarket.chef.io/cookbooks/postfix)
Installs and configures postfix for client or outbound relayhost, or to do SASL authentication.
@ -26,59 +25,60 @@ May work on other platforms with or without modification.
- none
## Attributes
See `attributes/default.rb` for default values.
### Generic cookbook attributes
* `node['postfix']['mail_type']` - Sets the kind of mail configuration. `master` will set up a server (relayhost).
* `node['postfix']['relayhost_role']` - name of a role used for search in the client recipe.
* `node['postfix']['multi_environment_relay']` - set to true if nodes should not constrain search for the relayhost in their own environment.
* `node['postfix']['use_procmail']` - set to true if nodes should use procmail as the delivery agent.
* `node['postfix']['use_alias_maps']` - set to true if you want the cookbook to use/configure alias maps
* `node['postfix']['use_transport_maps']` - set to true if you want the cookbook to use/configure transport maps
* `node['postfix']['use_access_maps']` - set to true if you want the cookbook to use/configure access maps
* `node['postfix']['use_virtual_aliases']` - set to true if you want the cookbook to use/configure virtual alias maps
* `node['postfix']['use_relay_restrictions_maps']` - set to true if you want the cookbook to use/configure a list of domains to which postfix will allow relay
* `node['postfix']['aliases']` - hash of aliases to create with `recipe[postfix::aliases]`, see below under __Recipes__ for more information.
* `node['postfix']['transports']` - hash of transports to create with `recipe[postfix::transports]`, see below under __Recipes__ for more information.
* `node['postfix']['access']` - hash of access to create with `recipe[postfix::access]`, see below under __Recipes__ for more information.
* `node['postfix']['virtual_aliases']` - hash of virtual_aliases to create with `recipe[postfix::virtual_aliases]`, see below under __Recipes__ for more information.
* `node['postfix']['main_template_source']` - Cookbook source for main.cf template. Default 'postfix'
* `node['postfix']['master_template_source']` - Cookbook source for master.cf template. Default 'postfix'
### main.cf and sasl\_passwd template attributes
- `node['postfix']['mail_type']` - Sets the kind of mail configuration. `master` will set up a server (relayhost).
- `node['postfix']['relayhost_role']` - name of a role used for search in the client recipe.
- `node['postfix']['multi_environment_relay']` - set to true if nodes should not constrain search for the relayhost in their own environment.
- `node['postfix']['use_procmail']` - set to true if nodes should use procmail as the delivery agent.
- `node['postfix']['use_alias_maps']` - set to true if you want the cookbook to use/configure alias maps
- `node['postfix']['use_transport_maps']` - set to true if you want the cookbook to use/configure transport maps
- `node['postfix']['use_access_maps']` - set to true if you want the cookbook to use/configure access maps
- `node['postfix']['use_virtual_aliases']` - set to true if you want the cookbook to use/configure virtual alias maps
- `node['postfix']['use_relay_restrictions_maps']` - set to true if you want the cookbook to use/configure a list of domains to which postfix will allow relay
- `node['postfix']['aliases']` - hash of aliases to create with `recipe[postfix::aliases]`, see below under **Recipes** for more information.
- `node['postfix']['transports']` - hash of transports to create with `recipe[postfix::transports]`, see below under **Recipes** for more information.
- `node['postfix']['access']` - hash of access to create with `recipe[postfix::access]`, see below under **Recipes** for more information.
- `node['postfix']['virtual_aliases']` - hash of virtual_aliases to create with `recipe[postfix::virtual_aliases]`, see below under __Recipes__ for more information.
- `node['postfix']['main_template_source']` - Cookbook source for main.cf template. Default 'postfix'
- `node['postfix']['master_template_source']` - Cookbook source for master.cf template. Default 'postfix'
### main.cf and sasl_passwd template attributes
The main.cf template has been simplified to include any attributes in the `node['postfix']['main']` data structure. The following attributes are still included with this cookbook to maintain some semblance of backwards compatibility.
This change in namespace to `node['postfix']['main']` should allow for greater flexibility, given the large number of configuration variables for the postfix daemon. All of these cookbook attributes correspond to the option of the same name in `/etc/postfix/main.cf`.
* `node['postfix']['main']['biff']` - (yes/no); default no
* `node['postfix']['main']['append_dot_mydomain']` - (yes/no); default no
* `node['postfix']['main']['myhostname']` - defaults to fqdn from Ohai
* `node['postfix']['main']['mydomain']` - defaults to domain from Ohai
* `node['postfix']['main']['myorigin']` - defaults to $myhostname
* `node['postfix']['main']['mynetworks']` - default is nil, which forces Postfix to default to loopback addresses.
* `node['postfix']['main']['inet_interfaces']` - set to `loopback-only`, or `all` for server recipe
* `node['postfix']['main']['alias_maps']` - set to `hash:/etc/aliases`
* `node['postfix']['main']['mailbox_size_limit']` - set to `0` (disabled)
* `node['postfix']['main']['mydestination']` - default fqdn, hostname, localhost.localdomain, localhost
* `node['postfix']['main']['smtpd_use_tls']` - (yes/no); default yes. See conditional cert/key attributes.
- `node['postfix']['main']['biff']` - (yes/no); default no
- `node['postfix']['main']['append_dot_mydomain']` - (yes/no); default no
- `node['postfix']['main']['myhostname']` - defaults to fqdn from Ohai
- `node['postfix']['main']['mydomain']` - defaults to domain from Ohai
- `node['postfix']['main']['myorigin']` - defaults to $myhostname
- `node['postfix']['main']['mynetworks']` - default is nil, which forces Postfix to default to loopback addresses.
- `node['postfix']['main']['inet_interfaces']` - set to `loopback-only`, or `all` for server recipe
- `node['postfix']['main']['alias_maps']` - set to `hash:/etc/aliases`
- `node['postfix']['main']['mailbox_size_limit']` - set to `0` (disabled)
- `node['postfix']['main']['mydestination']` - default fqdn, hostname, localhost.localdomain, localhost
- `node['postfix']['main']['smtpd_use_tls']` - (yes/no); default yes. See conditional cert/key attributes.
- `node['postfix']['main']['smtpd_tls_cert_file']` - conditional attribute, set to full path of server's x509 certificate.
- `node['postfix']['main']['smtpd_tls_key_file']` - conditional attribute, set to full path of server's private key
- `node['postfix']['main']['smtpd_tls_CAfile']` - set to platform specific CA bundle
- `node['postfix']['main']['smtpd_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
* `node['postfix']['main']['smtp_use_tls']` - (yes/no); default yes. See following conditional attributes.
- `node['postfix']['main']['smtp_use_tls']` - (yes/no); default yes. See following conditional attributes.
- `node['postfix']['main']['smtp_tls_CAfile']` - set to platform specific CA bundle
- `node['postfix']['main']['smtp_tls_session_cache_database']` - set to `btree:${data_directory}/smtpd_scache`
* `node['postfix']['main']['smtp_sasl_auth_enable']` - (yes/no); default no. If enabled, see following conditional attributes.
- `node['postfix']['main']['smtp_sasl_auth_enable']` - (yes/no); default no. If enabled, see following conditional attributes.
- `node['postfix']['main']['smtp_sasl_password_maps']` - Set to `hash:/etc/postfix/sasl_passwd` template file
- `node['postfix']['main']['smtp_sasl_security_options']` - Set to noanonymous
- `node['postfix']['main']['relayhost']` - Set to empty string
- `node['postfix']['sasl']['smtp_sasl_user_name']` - SASL user to authenticate as. Default empty
- `node['postfix']['sasl']['smtp_sasl_passwd']` - SASL password to use. Default empty.
* `node['postfix']['sender_canonical_map_entries']` - (hash with key value pairs); default not configured. Setup generic canonical maps. See `man 5 canonical`. If has at least one value, then will be enabled in config.
* `node['postfix']['smtp_generic_map_entries']` - (hash with key value pairs); default not configured. Setup generic postfix maps. See `man 5 generic`. If has at least one value, then will be enabled in config.
- `node['postfix']['sender_canonical_map_entries']` - (hash with key value pairs); default not configured. Setup generic canonical maps. See `man 5 canonical`. If has at least one value, then will be enabled in config.
- `node['postfix']['smtp_generic_map_entries']` - (hash with key value pairs); default not configured. Setup generic postfix maps. See `man 5 generic`. If has at least one value, then will be enabled in config.
Example of json role config, for setup *_map_entries:
@ -91,14 +91,78 @@ Example of json role config, for setup *_map_entries:
`}`
### master.cf template attributes
* `node['postfix']['master']['submission'] - Whether to use submission (TCP 587) daemon. (true/false); default false
The master.cf template has been changed to allow full customization of the file content. For purpose of backwards compatibility default attributes generate the same master.cf. But via `node['postfix']['master']` data structure in your role for instance it can be completelly rewritten.
Examples of json role config, for customize master.cf:
`postfix : {`
`...`
turn some services off or on:
```json
"master" : {
"smtps": {
"active": true
},
"old-cyrus": {
"active": false
},
"cyrus": {
"active": false
},
"uucp": {
"active": false
},
"ifmail": {
"active": false
},
```
`...` define you own service:
```json
"spamfilter": {
"comment": "My own spamfilter",
"active": true,
"order": 590,
"type": "unix",
"unpriv": false,
"chroot": false,
"command": "pipe",
"args": ["flags=Rq user=spamd argv=/usr/bin/spamfilter.sh -oi -f ${sender} ${recipient}"]
}
```
`...`
`}` `}`
The possible service hash fields and their meanings: hash key - have to be unique, unless you wish to override default definition.
Field | Mandatory | Description
------- | --------- | --------------------------------------------------------------------
active | Yes | Boolean. Defines whether or not the service needs to be in master.cf
comment | No | If you would like to add a comment line before service line
order | Yes | Number to define the order of lines in the file
type | Yes | Type of the service (inet, unix, fifo)
private | No | Boolean. If present replaced by `y` or `n`, otherwise by `-`
unpriv | No | Boolean. If present replaced by `y` or `n`, otherwise by `-`
chroot | No | Boolean. If present replaced by `y` or `n`, otherwise by `-`
wakeup | No | String. If present value placed in file, otherwise replaced by `-`
maxproc | No | String. If present value placed in file, otherwise replaced by `-`
command | Yes | String. The command to be executed.
args | Yes | String. Arguments passed to command.
For more information about meaning of the fields consult `master (5)` manual: <http://www.postfix.org/master.5.html>
## Recipes
### default
Installs the postfix package and manages the service and the main configuration files (`/etc/postfix/main.cf` and `/etc/postfix/master.cf`). See __Usage__ and __Examples__ to see how to affect behavior of this recipe through configuration. Depending on the `node['postfix']['use_alias_maps']`, `node['postfix']['use_transport_maps']`, `node['postfix']['use_access_maps']` and `node['postfix']['use_virtual_aliases']` attributes the default recipe can call additional recipes to manage additional postfix configuration files
Installs the postfix package and manages the service and the main configuration files (`/etc/postfix/main.cf` and `/etc/postfix/master.cf`). See **Usage** and **Examples** to see how to affect behavior of this recipe through configuration. Depending on the `node['postfix']['use_alias_maps']`, `node['postfix']['use_transport_maps']`, `node['postfix']['use_access_maps']` and `node['postfix']['use_virtual_aliases']` attributes the default recipe can call additional recipes to manage additional postfix configuration files
For a more dynamic approach to discovery for the relayhost, see the `client` and `server` recipes below.
@ -110,7 +174,7 @@ Includes the default recipe to install, configure and start postfix.
Does not work with `chef-solo`.
### sasl\_auth
### sasl_auth
Sets up the system to authenticate with a remote mail relay using SASL authentication.
@ -120,12 +184,70 @@ To use Chef Server search to automatically detect a node that is the relayhost,
**Note** This recipe will set the `node['postfix']['mail_type']` to "master" with an override attribute.
### maps
General recipe to manage any number of any type postfix lookup tables. You can replace with it recipes like `transport` or `virtual_aliases`, but what is more important - you can create any kinds of maps, which has no own recipe, including database lookup maps configuration. `maps` is a hash keys of which is a lookup table type and value is another hash with filenames as the keys and hash with file content as the value. File content is an any number of key/value pairs which meaning depends on lookup table type. Examlle:
```json
"override_attributes": {
"postfix": {
"maps": {
"hash": {
"/etc/postfix/vmailbox": {
"john@example.com": "ok",
"john@example.net": "ok",
},
"/etc/postfix/virtual": {
"postmaster@example.com": "john@example.com",
"postmaster@example.net": "john@example.net",
"root@mail.example.net": "john@example.net"
},
"/etc/postfix/envelope_senders": {
"@example.com": "john@example.com",
"@example.net": "john@example.net"
},
"/etc/postfix/relay_recipients": {
"john@example.net": "ok",
"john@example.com": "ok",
"admin@example.com": "ok",
}
},
"pgsql": {
"/etc/postfix/pgtest": {
"hosts": "db.local:2345",
"user": "postfix",
"password": "test",
"dbname": "postdb",
"query": "SELECT replacement FROM aliases WHERE mailbox = '%s'"
}
}
}
}
```
To use these files in your configuration reference them in `node['postfix']['main']`, for instance:
```json
"postfix": {
"main": {
"smtpd_sender_login_maps": "hash:/etc/postfix/envelope_senders",
"relay_recipient_maps": "hash:/etc/postfix/relay_recipients",
"virtual_mailbox_maps": "hash:/etc/postfix/vmailbox",
"virtual_alias_maps": "hash:/etc/postfix/virtual",
}
}
```
### aliases
Manage `/etc/aliases` with this recipe. Currently only Ubuntu 10.04 platform has a template for the aliases file. Add your aliases template to the `templates/default` or to the appropriate platform+version directory per the File Specificity rules for templates. Then specify a hash of aliases for the `node['postfix']['aliases']` attribute.
Arrays are supported as alias values, since postfix supports comma separated values per alias, simply specify your alias as an array to use this handy feature.
### aliases
Manage `/etc/aliases` with this recipe.
### transports
Manage `/etc/postfix/transport` with this recipe.
@ -140,23 +262,19 @@ Manage `/etc/postfix/virtual` with this recipe.
### relay_restrictions
Manage `/etc/postfix/relay_restriction` with this recipe
The postfix option smtpd_relay_restrictions in main.cf will point to this hash map db.
http://wiki.chef.io/display/chef/Templates#Templates-TemplateLocationSpecificity
Manage `/etc/postfix/relay_restriction` with this recipe The postfix option smtpd_relay_restrictions in main.cf will point to this hash map db.
<http://wiki.chef.io/display/chef/Templates#Templates-TemplateLocationSpecificity>
## Usage
On systems that should simply send mail directly to a relay, or out to the internet, use `recipe[postfix]` and modify the `node['postfix']['main']['relayhost']` attribute via a role.
On systems that should be the MX for a domain, set the attributes accordingly and make sure the `node['postfix']['mail_type']` attribute is `master`. See __Examples__ for information on how to use `recipe[postfix::server]` to do this automatically.
On systems that should be the MX for a domain, set the attributes accordingly and make sure the `node['postfix']['mail_type']` attribute is `master`. See **Examples** for information on how to use `recipe[postfix::server]` to do this automatically.
If you need to use SASL authentication to send mail through your ISP (such as on a home network), use `postfix::sasl_auth` and set the appropriate attributes.
For each of these implementations, see __Examples__ for role usage.
For each of these implementations, see **Examples** for role usage.
### Examples
@ -222,9 +340,10 @@ override_attributes(
For an example of using encrypted data bags to encrypt the SASL password, see the following blog post:
* http://jtimberman.github.com/blog/2011/08/06/encrypted-data-bag-for-postfix-sasl-authentication/
- <http://jtimberman.github.com/blog/2011/08/06/encrypted-data-bag-for-postfix-sasl-authentication/>
#### Examples using the client & server recipes
If you'd like to use the more dynamic search based approach for discovery, use the server and client recipes. First, create a relayhost role.
```ruby
@ -308,9 +427,10 @@ override_attributes(
## License & Authors
**Author:** Cookbook Engineering Team (<cookbooks@chef.io>)
**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))
**Copyright:** 2009-2016, Chef Software, Inc.
```
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

256
attributes/default.rb
View File

@ -117,7 +117,261 @@ end
# default['postfix']['main']['canonical_maps'] = nil
# Master.cf attributes
default['postfix']['master']['submission'] = false
default['postfix']['master']['smtp']['active'] = true
default['postfix']['master']['smtp']['order'] = 10
default['postfix']['master']['smtp']['type'] = 'inet'
default['postfix']['master']['smtp']['private'] = false
default['postfix']['master']['smtp']['chroot'] = false
default['postfix']['master']['smtp']['command'] = 'smtpd'
default['postfix']['master']['smtp']['args'] = []
default['postfix']['master']['submission']['active'] = false
default['postfix']['master']['submission']['order'] = 20
default['postfix']['master']['submission']['type'] = 'inet'
default['postfix']['master']['submission']['private'] = false
default['postfix']['master']['submission']['chroot'] = false
default['postfix']['master']['submission']['command'] = 'smtpd'
default['postfix']['master']['submission']['args'] = ['-o smtpd_enforce_tls=yes', ' -o smtpd_sasl_auth_enable=yes', '-o smtpd_client_restrictions=permit_sasl_authenticated,reject']
default['postfix']['master']['smtps']['active'] = false
default['postfix']['master']['smtps']['order'] = 30
default['postfix']['master']['smtps']['type'] = 'inet'
default['postfix']['master']['smtps']['private'] = false
default['postfix']['master']['smtps']['chroot'] = false
default['postfix']['master']['smtps']['command'] = 'smtpd'
default['postfix']['master']['smtps']['args'] = ['-o smtpd_tls_wrappermode=yes', '-o smtpd_sasl_auth_enable=yes', '-o smtpd_client_restrictions=permit_sasl_authenticated,reject']
default['postfix']['master']['628']['active'] = false
default['postfix']['master']['628']['order'] = 40
default['postfix']['master']['628']['type'] = 'inet'
default['postfix']['master']['628']['private'] = false
default['postfix']['master']['628']['chroot'] = false
default['postfix']['master']['628']['command'] = 'qmqpdd'
default['postfix']['master']['628']['args'] = []
default['postfix']['master']['pickup']['active'] = true
default['postfix']['master']['pickup']['order'] = 50
default['postfix']['master']['pickup']['type'] = 'fifo'
default['postfix']['master']['pickup']['private'] = false
default['postfix']['master']['pickup']['chroot'] = false
default['postfix']['master']['pickup']['wakeup'] = '60'
default['postfix']['master']['pickup']['maxproc'] = '1'
default['postfix']['master']['pickup']['command'] = 'pickup'
default['postfix']['master']['pickup']['args'] = []
default['postfix']['master']['cleanup']['active'] = true
default['postfix']['master']['cleanup']['order'] = 60
default['postfix']['master']['cleanup']['type'] = 'unix'
default['postfix']['master']['cleanup']['private'] = false
default['postfix']['master']['cleanup']['chroot'] = false
default['postfix']['master']['cleanup']['maxproc'] = '0'
default['postfix']['master']['cleanup']['command'] = 'cleanup'
default['postfix']['master']['cleanup']['args'] = []
default['postfix']['master']['qmgr']['active'] = true
default['postfix']['master']['qmgr']['order'] = 70
default['postfix']['master']['qmgr']['type'] = 'fifo'
default['postfix']['master']['qmgr']['private'] = false
default['postfix']['master']['qmgr']['chroot'] = false
default['postfix']['master']['qmgr']['wakeup'] = '300'
default['postfix']['master']['qmgr']['maxproc'] = '1'
default['postfix']['master']['qmgr']['command'] = 'qmgr'
default['postfix']['master']['qmgr']['args'] = []
default['postfix']['master']['tlsmgr']['active'] = true
default['postfix']['master']['tlsmgr']['order'] = 80
default['postfix']['master']['tlsmgr']['type'] = 'unix'
default['postfix']['master']['tlsmgr']['chroot'] = false
default['postfix']['master']['tlsmgr']['wakeup'] = '1000?'
default['postfix']['master']['tlsmgr']['maxproc'] = '1'
default['postfix']['master']['tlsmgr']['command'] = 'tlsmgr'
default['postfix']['master']['tlsmgr']['args'] = []
default['postfix']['master']['rewrite']['active'] = true
default['postfix']['master']['rewrite']['order'] = 90
default['postfix']['master']['rewrite']['type'] = 'unix'
default['postfix']['master']['rewrite']['chroot'] = false
default['postfix']['master']['rewrite']['command'] = 'trivial-rewrite'
default['postfix']['master']['rewrite']['args'] = []
default['postfix']['master']['bounce']['active'] = true
default['postfix']['master']['bounce']['order'] = 100
default['postfix']['master']['bounce']['type'] = 'unix'
default['postfix']['master']['bounce']['chroot'] = false
default['postfix']['master']['bounce']['maxproc'] = '0'
default['postfix']['master']['bounce']['command'] = 'bounce'
default['postfix']['master']['bounce']['args'] = []
default['postfix']['master']['defer']['active'] = true
default['postfix']['master']['defer']['order'] = 110
default['postfix']['master']['defer']['type'] = 'unix'
default['postfix']['master']['defer']['chroot'] = false
default['postfix']['master']['defer']['maxproc'] = '0'
default['postfix']['master']['defer']['command'] = 'bounce'
default['postfix']['master']['defer']['args'] = []
default['postfix']['master']['trace']['active'] = true
default['postfix']['master']['trace']['order'] = 120
default['postfix']['master']['trace']['type'] = 'unix'
default['postfix']['master']['trace']['chroot'] = false
default['postfix']['master']['trace']['maxproc'] = '0'
default['postfix']['master']['trace']['command'] = 'bounce'
default['postfix']['master']['trace']['args'] = []
default['postfix']['master']['verify']['active'] = true
default['postfix']['master']['verify']['order'] = 130
default['postfix']['master']['verify']['type'] = 'unix'
default['postfix']['master']['verify']['chroot'] = false
default['postfix']['master']['verify']['maxproc'] = '1'
default['postfix']['master']['verify']['command'] = 'verify'
default['postfix']['master']['verify']['args'] = []
default['postfix']['master']['flush']['active'] = true
default['postfix']['master']['flush']['order'] = 140
default['postfix']['master']['flush']['type'] = 'unix'
default['postfix']['master']['flush']['private'] = false
default['postfix']['master']['flush']['chroot'] = false
default['postfix']['master']['flush']['wakeup'] = '1000?'
default['postfix']['master']['flush']['maxproc'] = '0'
default['postfix']['master']['flush']['command'] = 'flush'
default['postfix']['master']['flush']['args'] = []
default['postfix']['master']['proxymap']['active'] = true
default['postfix']['master']['proxymap']['order'] = 150
default['postfix']['master']['proxymap']['type'] = 'unix'
default['postfix']['master']['proxymap']['chroot'] = false
default['postfix']['master']['proxymap']['command'] = 'proxymap'
default['postfix']['master']['proxymap']['args'] = []
default['postfix']['master']['smtpunix']['service'] = 'smtp'
default['postfix']['master']['smtpunix']['active'] = true
default['postfix']['master']['smtpunix']['order'] = 160
default['postfix']['master']['smtpunix']['type'] = 'unix'
default['postfix']['master']['smtpunix']['chroot'] = false
default['postfix']['master']['smtpunix']['maxproc'] = '500'
default['postfix']['master']['smtpunix']['command'] = 'smtp'
default['postfix']['master']['smtpunix']['args'] = []
default['postfix']['master']['relay']['active'] = true
default['postfix']['master']['relay']['comment'] = 'When relaying mail as backup MX, disable fallback_relay to avoid MX loops'
default['postfix']['master']['relay']['order'] = 170
default['postfix']['master']['relay']['type'] = 'unix'
default['postfix']['master']['relay']['chroot'] = false
default['postfix']['master']['relay']['command'] = 'smtp'
default['postfix']['master']['relay']['args'] = ['-o smtp_fallback_relay=']
default['postfix']['master']['showq']['active'] = true
default['postfix']['master']['showq']['order'] = 180
default['postfix']['master']['showq']['type'] = 'unix'
default['postfix']['master']['showq']['private'] = false
default['postfix']['master']['showq']['chroot'] = false
default['postfix']['master']['showq']['command'] = 'showq'
default['postfix']['master']['showq']['args'] = []
default['postfix']['master']['error']['active'] = true
default['postfix']['master']['error']['order'] = 190
default['postfix']['master']['error']['type'] = 'unix'
default['postfix']['master']['error']['chroot'] = false
default['postfix']['master']['error']['command'] = 'error'
default['postfix']['master']['error']['args'] = []
default['postfix']['master']['discard']['active'] = true
default['postfix']['master']['discard']['order'] = 200
default['postfix']['master']['discard']['type'] = 'unix'
default['postfix']['master']['discard']['chroot'] = false
default['postfix']['master']['discard']['command'] = 'discard'
default['postfix']['master']['discard']['args'] = []
default['postfix']['master']['local']['active'] = true
default['postfix']['master']['local']['order'] = 210
default['postfix']['master']['local']['type'] = 'unix'
default['postfix']['master']['local']['unpriv'] = false
default['postfix']['master']['local']['chroot'] = false
default['postfix']['master']['local']['command'] = 'local'
default['postfix']['master']['local']['args'] = []
default['postfix']['master']['virtual']['active'] = true
default['postfix']['master']['virtual']['order'] = 220
default['postfix']['master']['virtual']['type'] = 'unix'
default['postfix']['master']['virtual']['unpriv'] = false
default['postfix']['master']['virtual']['chroot'] = false
default['postfix']['master']['virtual']['command'] = 'virtual'
default['postfix']['master']['virtual']['args'] = []
default['postfix']['master']['lmtp']['active'] = true
default['postfix']['master']['lmtp']['order'] = 230
default['postfix']['master']['lmtp']['type'] = 'unix'
default['postfix']['master']['lmtp']['chroot'] = false
default['postfix']['master']['lmtp']['command'] = 'lmtp'
default['postfix']['master']['lmtp']['args'] = []
default['postfix']['master']['anvil']['active'] = true
default['postfix']['master']['anvil']['order'] = 240
default['postfix']['master']['anvil']['type'] = 'unix'
default['postfix']['master']['anvil']['chroot'] = false
default['postfix']['master']['anvil']['maxproc'] = '1'
default['postfix']['master']['anvil']['command'] = 'anvil'
default['postfix']['master']['anvil']['args'] = []
default['postfix']['master']['scache']['active'] = true
default['postfix']['master']['scache']['order'] = 250
default['postfix']['master']['scache']['type'] = 'unix'
default['postfix']['master']['scache']['chroot'] = false
default['postfix']['master']['scache']['maxproc'] = '1'
default['postfix']['master']['scache']['command'] = 'scache'
default['postfix']['master']['scache']['args'] = []
default['postfix']['master']['maildrop']['active'] = true
default['postfix']['master']['maildrop']['comment'] = 'See the Postfix MAILDROP_README file for details. To main.cf will be added: maildrop_destination_recipient_limit=1'
default['postfix']['master']['maildrop']['order'] = 510
default['postfix']['master']['maildrop']['type'] = 'unix'
default['postfix']['master']['maildrop']['unpriv'] = false
default['postfix']['master']['maildrop']['chroot'] = false
default['postfix']['master']['maildrop']['command'] = 'pipe'
default['postfix']['master']['maildrop']['args'] = ['flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}']
default['postfix']['master']['old-cyrus']['active'] = false
default['postfix']['master']['old-cyrus']['comment'] = 'The Cyrus deliver program has changed incompatibly, multiple times.'
default['postfix']['master']['old-cyrus']['order'] = 520
default['postfix']['master']['old-cyrus']['type'] = 'unix'
default['postfix']['master']['old-cyrus']['unpriv'] = false
default['postfix']['master']['old-cyrus']['chroot'] = false
default['postfix']['master']['old-cyrus']['command'] = 'pipe'
default['postfix']['master']['old-cyrus']['args'] = ['flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}']
default['postfix']['master']['cyrus']['active'] = true
default['postfix']['master']['cyrus']['comment'] = 'Cyrus 2.1.5 (Amos Gouaux). To main.cf will be added: cyrus_destination_recipient_limit=1'
default['postfix']['master']['cyrus']['order'] = 530
default['postfix']['master']['cyrus']['type'] = 'unix'
default['postfix']['master']['cyrus']['unpriv'] = false
default['postfix']['master']['cyrus']['chroot'] = false
default['postfix']['master']['cyrus']['command'] = 'pipe'
default['postfix']['master']['cyrus']['args'] = ['user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}']
default['postfix']['master']['uucp']['active'] = true
default['postfix']['master']['uucp']['comment'] = 'See the Postfix UUCP_README file for configuration details.'
default['postfix']['master']['uucp']['order'] = 540
default['postfix']['master']['uucp']['type'] = 'unix'
default['postfix']['master']['uucp']['unpriv'] = false
default['postfix']['master']['uucp']['chroot'] = false
default['postfix']['master']['uucp']['command'] = 'pipe'
default['postfix']['master']['uucp']['args'] = ['flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)']
default['postfix']['master']['ifmail']['active'] = false
default['postfix']['master']['ifmail']['order'] = 550
default['postfix']['master']['ifmail']['type'] = 'unix'
default['postfix']['master']['ifmail']['unpriv'] = false
default['postfix']['master']['ifmail']['chroot'] = false
default['postfix']['master']['ifmail']['command'] = 'pipe'
default['postfix']['master']['ifmail']['args'] = ['flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)']
default['postfix']['master']['bsmtp']['active'] = true
default['postfix']['master']['bsmtp']['order'] = 560
default['postfix']['master']['bsmtp']['type'] = 'unix'
default['postfix']['master']['bsmtp']['unpriv'] = false
default['postfix']['master']['bsmtp']['chroot'] = false
default['postfix']['master']['bsmtp']['command'] = 'pipe'
default['postfix']['master']['bsmtp']['args'] = ['flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient']
# OS Aliases
default['postfix']['aliases'] = case node['platform']

1
metadata.rb
View File

@ -14,6 +14,7 @@ recipe 'postfix::access', 'Manages /etc/postfix/access'
recipe 'postfix::virtual_aliases', 'Manages /etc/postfix/virtual'
recipe 'postfix::client', 'Searches for the relayhost based on an attribute'
recipe 'postfix::server', 'Sets the mail_type attribute to master'
recipe 'postfix::maps', 'Manages any number of any type postfix lookup tables'
%w(ubuntu debian redhat centos amazon oracle scientific smartos fedora).each do |os|
supports os

12
recipes/_attributes.rb
View File

@ -57,3 +57,15 @@ end
if node['postfix']['use_virtual_aliases_domains']
node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"]
end
if node['postfix']['use_relay_restirictions_maps']
default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject"
end
if node['postfix']['master']['maildrop']['active']
node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1
end
if node['postfix']['master']['cyrus']['active']
node.default_unless['postfix']['main']['cyrus_destination_recipient_limit'] = 1
end

4
recipes/aliases.rb
View File

@ -1,4 +1,4 @@
# Copyright:: 2012-2016, Chef Software, Inc.
# Copyright:: Copyright 2012-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -19,7 +19,7 @@ execute 'update-postfix-aliases' do
command 'newaliases'
environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
# On FreeBSD, /usr/sbin/newaliases is the sendmail command, and it's in the path before postfix's /usr/local/bin/newaliases
environment ({ 'PATH' => "/usr/local/bin:#{ENV['PATH']}" }) if platform_family?('freebsd') # rubocop: disable Lint/ParenthesesAsGroupedExpression
environment('PATH' => "/usr/local/bin:#{ENV['PATH']}") if platform_family?('freebsd')
action :nothing
end

18
recipes/default.rb
View File

@ -19,9 +19,7 @@
include_recipe 'postfix::_common'
if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
include_recipe 'postfix::sasl_auth'
end
include_recipe 'postfix::sasl_auth' if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
include_recipe 'postfix::aliases' if node['postfix']['use_alias_maps']
@ -29,14 +27,10 @@ include_recipe 'postfix::transports' if node['postfix']['use_transport_maps']
include_recipe 'postfix::access' if node['postfix']['use_access_maps']
if node['postfix']['use_virtual_aliases']
include_recipe 'postfix::virtual_aliases'
end
include_recipe 'postfix::virtual_aliases' if node['postfix']['use_virtual_aliases']
if node['postfix']['use_virtual_aliases_domains']
include_recipe 'postfix::virtual_aliases_domains'
end
include_recipe 'postfix::virtual_aliases_domains' if node['postfix']['use_virtual_aliases_domains']
if node['postfix']['use_relay_restrictions_maps']
include_recipe 'postfix::relay_restrictions'
end
include_recipe 'postfix::relay_restrictions' if node['postfix']['use_relay_restrictions_maps']
include_recipe 'postfix::maps' if node['postfix']['maps']

47
recipes/maps.rb Normal file
View File

@ -0,0 +1,47 @@
# encoding: utf-8
# Copyright:: Copyright (c) 2012, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node['postfix']['maps'].each do |type, maps|
if node['platform_family'] == 'debian'
package "postfix-#{type}" if %w(pgsql mysql ldap cdb).include?(type)
end
if %w(pgsql mysql ldap memcache sqlite).include?(type)
separator = ' = '
else
separator = ' '
end
maps.each do |file, content|
execute "update-postmap-#{file}" do
command "postmap #{file}"
environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
action :nothing
end if %w(btree cdb dbm hash sdbm).include?(type)
template "#{file}-#{type}" do
path file
source 'maps.erb'
only_if "postconf -m | grep -q #{type}"
variables(
map: content,
separator: separator
)
if %w(btree cdb dbm hash sdbm).include?(type)
notifies :run, "execute[update-postmap-#{file}]"
end
notifies :restart, 'service[postfix]'
end
end
end

1
spec/wrapper_spec.rb
View File

@ -15,6 +15,7 @@ describe 'test::default' do
expect(chef_run.node['postfix']['main']['relayhost']).to eq('please')
expect(chef_run.node['postfix']['main']['smtp_sasl_security_options']).to eq('keep')
expect(chef_run.node['postfix']['sasl']['smtp_sasl_user_name']).to eq('us')
expect(chef_run.node['postfix']['sasl']['smtp_sasl_passwd']).to eq('happy')
end
end
end

8
templates/default/maps.erb Normal file
View File

@ -0,0 +1,8 @@
#
# This file is generated by Chef.
# Local changes will be overwritten
#
<% @map.each do |key, value| -%>
<%= key %><%= @separator %><%= value %>
<% end unless @map.nil? -%>

130
templates/default/master.cf.erb
View File

@ -1,3 +1,5 @@
# This file is generated by Chef.
# Local changes will be overwritten
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
@ -6,76 +8,60 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
<% if @settings['submission'] -%>
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
<% @settings.sort_by{|k,v| v['order']}.map do |service, properties| -%>
<% next if !properties['active'] -%>
<% if properties.has_key?('comment') -%>
#
#<%= properties['comment'] %>
<% end -%>
<% if properties.has_key?('service') -%>
<%= properties['service'].ljust(10) -%>
<% else -%>
<%= service.ljust(10) -%>
<% end -%>
<%= properties['type'].ljust(6) -%>
<% if properties.has_key?('private') -%>
<% if properties['private'] -%>
<% priv='y' -%>
<% else -%>
<% priv='n' -%>
<% end -%>
<% else -%>
<% priv='-' -%>
<% end -%>
<%= priv.ljust(8) -%>
<% if properties.has_key?('unpriv') -%>
<% if properties['unpriv'] -%>
<% unpriv='y' -%>
<% else -%>
<% unpriv='n' -%>
<% end -%>
<% else -%>
<% unpriv='-' -%>
<% end -%>
<%= unpriv.ljust(8) -%>
<% if properties.has_key?('chroot') -%>
<% if properties['chroot'] -%>
<% chroot='y' -%>
<% else -%>
<% chroot='n' -%>
<% end -%>
<% else -%>
<% chroot='-' -%>
<% end -%>
<%= chroot.ljust(7) -%>
<% if properties.has_key?('wakeup') -%>
<%= properties['wakeup'].ljust(7) -%>
<% else -%>
<%= '-'.ljust(7) -%>
<% end -%>
<% if properties.has_key?('maxproc') -%>
<%= properties['maxproc'].ljust(7) -%>
<% else -%>
<%= '-'.ljust(7) -%>
<% end -%>
<%= properties['command'] %>
<% properties['args'].each do |arg| -%>
<%= arg %>
<% end -%>
<% end -%>
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - 500 smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

5
test/fixtures/cookbooks/test/attributes/default.rb vendored
View File

@ -1,5 +1,6 @@
default['postfix']['main']['smtp_sasl_auth_enable'] = 'yes'
default['postfix']['main']['relayhost'] = 'please'
default['postfix']['sasl']['smtp_sasl_user_name'] = 'keep'
default['postfix']['sasl']['smtp_sasl_passwd'] = 'us'
default['postfix']['main']['smtp_sasl_security_options'] = 'keep'
default['postfix']['sasl']['smtp_sasl_user_name'] = 'us'
default['postfix']['sasl']['smtp_sasl_passwd'] = 'happy'
default['postfix']['sender_canonical_map_entries'] = {}