commit | 668efff62b60f5403589d5b114eb713047059254 | [log] [tgz] |
---|---|---|
author | Tim Nicholas <tim@nicholas.net.nz> | Sun Apr 27 06:44:01 2014 +0000 |
committer | Tim Nicholas <tim@nicholas.net.nz> | Sun Apr 27 06:44:01 2014 +0000 |
tree | b1c4f0f1fbcc23e65ecee45b84b5b3f45128388b | |
parent | b5468ce85b5a1e298bda17574b2e580b44bc2203 [diff] |
Added configuration options and templating for smtps options 'smtpd_sasl_auth_enable' and 'smtpd_client_restrictions'. Neither is certain and fixed. You might want to restrict authenticated sessions to the submission port for example, and you might or might not want to accept mail from unauthenticated connections on 465. Note that the use of port 465 isn't standards compliant anyway but I feel like to unauthenticated clients it should behave like port 25. Hmm... Greylisting on 465...
This module is meant for Red Hat Enterprise Linux, its clones and FreeBSD. It still requires some major clean up, but is currently fully functional.
postfix::dbfile
: Manage Postfix DB configuration filespostfix::file
: Manage flat text Postfix configuration filespostfix::server
: Manage the main Postfix instanceclass { '::postfix::server': myhostname => 'mx1.example.com', mydomain => 'example.com', mydestination => "\$myhostname, localhost.\$mydomain, localhost, $fqdn", inet_interfaces => 'all', message_size_limit => '15360000', # 15MB mail_name => 'example mail daemon', virtual_mailbox_domains => [ 'proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf', ], virtual_alias_maps => [ 'proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf', 'proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf', 'proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf', ], virtual_transport => 'dovecot', # if you want dovecot to deliver user+foo@example.org to user@example.org, # uncomment this: (c.f. http://wiki2.dovecot.org/LDA/Postfix#Virtual_users) # dovecot_destination => '${user}@${nexthop}', smtpd_sender_restrictions => [ 'permit_mynetworks', 'reject_unknown_sender_domain', ], smtpd_recipient_restrictions => [ 'permit_sasl_authenticated', 'permit_mynetworks', 'reject_unauth_destination', ], smtpd_sasl_auth => true, sender_canonical_maps => 'regexp:/etc/postfix/sender_canonical', ssl => 'wildcard.example.com', submission => true, header_checks => [ '# Remove LAN (Webmail) headers', '/^Received: from .*\.example\.ici/ IGNORE', '# Sh*tlist', '/^From: .*@(example\.com|example\.net)/ REJECT Spam, go away', '/^From: .*@(lcfnl\.com|.*\.cson4\.com|.*\.idep4\.com|.*\.gagc4\.com)/ REJECT user unknown', ], postgrey => true, spamassassin => true, sa_skip_rbl_checks => '0', spampd_children => '4', # Send all emails to spampd on 10026 smtp_content_filter => 'smtp:127.0.0.1:10026', # This is where we get emails back from spampd master_services => [ '127.0.0.1:10027 inet n - n - 20 smtpd'], }
The most common parameters are supported as parameters to the postfix::server
class, but any other ones may be added using the $extra_main_parameters
hash parameter, to which keys are main.cf
parameter names and values can be either a value string or array of strings.
Example :
class { '::postfix::server': extra_main_parameters => { 'virtual_mailbox_lock' => [ 'fcntl', 'dotlock', ], virtual_minimum_uid => '1000', }, }