Google Git
Sign in
apache / puppet-postfix

Puppet Postfix module

Mirrored from https://github.com/apache/puppet-postfix.git
Clone this repo:

Branches

Tags

  1. 8b72a7a Merge pull request #1 from apache/dbfile_reload by fluxo · 12 months ago main
  2. e78600f reload when dbfile is updated by cml · 12 months ago dbfile_reload
  3. 15e93bb Merge branch 'smtpd_tls' by cml · 12 months ago
  4. ef23936 auto-restart on changes to header_checks and body_checks by Chris Lambertus · 1 year, 8 months ago smtpd_tls
  5. c0b0685 remove custom logrotate rule by Chris Lambertus · 3 years, 10 months ago

puppet-postfix

Overview

This is an ASF/Infra forked version of thias/puppet-postfix to include options necessary to ASF postfix configurations.

This module is meant for Red Hat Enterprise Linux, its clones and FreeBSD. It still requires some major clean up, but is currently fully functional.

  • postfix::dbfile : Manage Postfix DB configuration files
  • postfix::file : Manage flat text Postfix configuration files
  • postfix::server : Manage the main Postfix instance

Examples

class { '::postfix::server':
  myhostname              => 'mx1.example.com',
  mydomain                => 'example.com',
  mydestination           => "\$myhostname, localhost.\$mydomain, localhost, $fqdn",
  inet_interfaces         => 'all',
  message_size_limit      => '15360000', # 15MB
  mail_name               => 'example mail daemon',
  virtual_mailbox_domains => [
    'proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf',
  ],
  virtual_alias_maps      => [
    'proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf',
    'proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf',
    'proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf',
  ],
  virtual_transport         => 'dovecot',
  # if you want dovecot to deliver user+foo@example.org to user@example.org,
  # uncomment this: (c.f. http://wiki2.dovecot.org/LDA/Postfix#Virtual_users)
  # dovecot_destination     => '${user}@${nexthop}',
  smtpd_sender_restrictions => [
    'permit_mynetworks',
    'reject_unknown_sender_domain',
  ],
  smtpd_recipient_restrictions => [
    'permit_sasl_authenticated',
    'permit_mynetworks',
    'reject_unauth_destination',
  ],
  smtpd_sasl_auth       => true,
  sender_canonical_maps => 'regexp:/etc/postfix/sender_canonical',
  ssl                   => 'wildcard.example.com',
  submission            => true,
  header_checks         => [
    '# Remove LAN (Webmail) headers',
    '/^Received: from .*\.example\.ici/ IGNORE',
    '# Sh*tlist',
    '/^From: .*@(example\.com|example\.net)/ REJECT Spam, go away',
    '/^From: .*@(lcfnl\.com|.*\.cson4\.com|.*\.idep4\.com|.*\.gagc4\.com)/ REJECT user unknown',
  ],
  postgrey              => true,
  spamassassin          => true,
  sa_skip_rbl_checks    => '0',
  spampd_children       => '4',
  # Send all emails to spampd on 10026
  smtp_content_filter   => 'smtp:127.0.0.1:10026',
  # This is where we get emails back from spampd
  master_services       => [ '127.0.0.1:10027 inet n  -       n       -      20       smtpd'],
}

Parameters for main.cf

The most common parameters are supported as parameters to the postfix::server class, but any other ones may be added using the $extra_main_parameters hash parameter, to which keys are main.cf parameter names and values can be either a value string or array of strings.

Example :

class { '::postfix::server':
  extra_main_parameters => {
    'virtual_mailbox_lock' => [
      'fcntl',
      'dotlock',
    ],
    virtual_minimum_uid => '1000',
  },
}

Limitations

  • The service will only be reloaded on configuration change, meaning that changes requiring a full restart won't be applied, such as changes to listening interfaces.