Merge branch 'recipient_canonical_maps'
Conflicts:
manifests/server.pp
diff --git a/manifests/server.pp b/manifests/server.pp
index 8d84813..3a7e9e5 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -136,6 +136,7 @@
$postgrey = false,
$postgrey_policy_service = undef,
$clamav = false,
+ $clamav_enabled = false,
# Parameters
$command_directory = $::postfix::params::command_directory,
$config_directory = $::postfix::params::config_directory,
diff --git a/templates/main.cf.erb b/templates/main.cf.erb
index 4d08af9..a1ed4f7 100644
--- a/templates/main.cf.erb
+++ b/templates/main.cf.erb
@@ -906,7 +906,7 @@
<% if @postgrey_policy_service -%>
check_policy_service <%= @postgrey_policy_service %>,
<% else -%>
- check_policy_service unix:postgrey/socket,
+ ## check_policy_service unix:postgrey/socket,
<% end -%>
<% end -%>
@@ -970,3 +970,8 @@
<% end -%>
<% end -%>
+
+<% if @clamav_enabled -%>
+content_filter = scan:127.0.0.1:10026
+receive_override_options = no_address_mappings
+<% end -%>
diff --git a/templates/master.cf.erb b/templates/master.cf.erb
index 248face..4e21e90 100644
--- a/templates/master.cf.erb
+++ b/templates/master.cf.erb
@@ -8,6 +8,39 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
+<% if @clamav_enabled -%>
+## Amavis has been enabled because @amavisd is declared
+policy-spf unix - n n - 0 spawn
+ user=nobody argv=/usr/bin/policyd-spf
+
+# AV scan filter (used by content_filter)
+scan unix - - n - 16 smtp
+ -o smtp_send_xforward_command=yes
+
+# For injecting mail back into postfix from the filter
+127.0.0.1:10025 inet n - - - - smtpd
+ -o content_filter=
+ -o smtpd_delay_reject=no
+ -o smtpd_client_restrictions=permit_mynetworks,reject
+ -o smtpd_helo_restrictions=
+ -o smtpd_sender_restrictions=
+ -o smtpd_recipient_restrictions=permit_mynetworks,reject
+ -o smtpd_data_restrictions=reject_unauth_pipelining
+ -o smtpd_end_of_data_restrictions=
+ -o smtpd_restriction_classes=
+ -o mynetworks=127.0.0.0/8
+ -o smtpd_error_sleep_time=0
+ -o smtpd_soft_error_limit=1001
+ -o smtpd_hard_error_limit=1000
+ -o smtpd_client_connection_count_limit=0
+ -o smtpd_client_connection_rate_limit=0
+ -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
+ -o local_header_rewrite_clients=
+ -o smtpd_milters=
+ -o local_recipient_maps=
+ -o relay_recipient_maps=
+<% end -%>
+
<% unless @postscreen -%>
smtp inet n - n - - smtpd
<% else -%>
@@ -32,10 +65,17 @@
-o smtpd_sasl_auth_enable=<%= @smtps_smtpd_sasl_auth_enable %>
-o smtpd_client_restrictions=<%= @smtps_smtpd_client_restrictions %>
-o milter_macro_daemon_name=ORIGINATING
+<% if @smtps_content_filter -%>
<% @smtps_content_filter.each do |content_filter| -%>
-o content_filter=<%= content_filter %>
<% end -%>
<% end -%>
+<% end -%>
+<% if @spamassassin_enabled = true -%>
+spamassassin unix - n n - - pipe
+ flags=Rq user=debian-spamd argv=/usr/bin/spamfilter.sh -oi -f ${sender} ${recipient}
+<% end -%>
+
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
@@ -64,6 +104,7 @@
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
+
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual