| # Class: postfix::server |
| # |
| # The title is used for the 'myhostname' parameter. |
| # |
| # When setting 'postgrey' to true, you might want to install a custom |
| # file as /etc/postfix/postgrey_whitelist_clients.local too. |
| # |
| # Sample Usage : |
| # |
| class postfix::server ( |
| # To install postfix-mysql package instead of plain postfix (EL5) |
| $mysql = false, |
| # See the main.cf comments for help on these options |
| $myhostname = $::fqdn, |
| $mydomain = false, |
| $myorigin = '$myhostname', |
| $inet_interfaces = 'localhost', |
| $inet_protocols = 'all', |
| $proxy_interfaces = false, |
| $mydestination = '$myhostname, localhost.$mydomain, localhost', |
| $local_recipient_maps = false, |
| $luser_relay = false, |
| $unknown_local_recipient_reject_code = '550', |
| $mynetworks_style = false, |
| $mynetworks = false, |
| $relay_domains = false, |
| $relayhost = false, |
| $relay_recipient_maps = false, |
| $transport_maps = false, |
| $in_flow_delay = '1s', |
| $alias_maps = 'hash:/etc/aliases', |
| $alias_database = 'hash:/etc/aliases', |
| $recipient_delimiter = false, |
| $home_mailbox = false, |
| $mail_spool_directory = false, |
| $mailbox_command = false, |
| $smtpd_banner = '$myhostname ESMTP $mail_name', |
| $setgid_group = $::postfix::params::setgid_group, |
| $mailbox_size_limit = undef, |
| $message_size_limit = false, |
| $mail_name = false, |
| $virtual_alias_domains = false, |
| $virtual_alias_maps = false, |
| $virtual_mailbox_domains = false, |
| $virtual_mailbox_maps = false, |
| $virtual_mailbox_base = false, |
| $virtual_uid_maps = false, |
| $virtual_gid_maps = false, |
| $virtual_transport = false, |
| $dovecot_destination = '${recipient}', |
| $masquerade_classes = false, |
| $masquerade_domains = false, |
| $smtpd_helo_required = false, |
| $smtpd_client_restrictions = [], |
| $smtpd_helo_restrictions = [], |
| $smtpd_sender_restrictions = [], |
| $smtpd_recipient_restrictions = [], |
| $smtpd_data_restrictions = [], |
| $smtpd_end_of_data_restrictions = [], |
| $smtpd_delay_reject = false, |
| $ssl = false, |
| $smtpd_tls_loglevel = 1, |
| $smtpd_tls_security_level = undef, |
| $smtpd_tls_received_header = undef, |
| $smtpd_tls_key_file = undef, |
| $smtpd_tls_cert_file = undef, |
| $smtpd_tls_CAfile = undef, |
| $smtpd_sasl_auth = false, |
| $smtpd_sasl_type = 'dovecot', |
| $smtpd_sasl_path = 'private/auth', |
| $smtp_sasl_auth = false, |
| $smtp_sasl_password_maps = undef, |
| $smtp_sasl_security_options = undef, |
| $smtp_tls_CAfile = undef, |
| $smtp_tls_CApath = undef, |
| $smtp_tls_key_file = undef, |
| $smtp_tls_cert_file = undef, |
| $smtp_tls_loglevel = 1, |
| $smtp_tls_security_level = undef, |
| $smtp_tls_secure_cert_match = undef, |
| $smtp_tls_note_starttls_offer = false, |
| $smtp_tls_mandatory_ciphers = undef, |
| $smtpd_tls_ask_ccert = false, |
| $tls_append_default_CA = false, |
| $smtp_sasl_tls = false, |
| $smtp_use_tls = false, |
| $canonical_maps = false, |
| $sender_canonical_maps = false, |
| $smtp_generic_maps = false, |
| $recipient_canonical_maps = false, |
| $relocated_maps = false, |
| $extra_main_parameters = {}, |
| # master.cf |
| $smtp_content_filter = [], |
| $smtps_content_filter = [], |
| $submission = false, |
| # EL5 |
| $submission_smtpd_enforce_tls = 'yes', |
| # EL6 |
| $submission_smtpd_tls_security_level = 'encrypt', |
| $submission_smtpd_sasl_auth_enable = 'yes', |
| $smtps_smtpd_sasl_auth_enable = 'yes', |
| # submission should only be used for authenticated delivery, so explicitly |
| # reject everything else. |
| $submission_smtpd_client_restrictions = 'permit_sasl_authenticated,reject', |
| # smtps should allow unauthenticated delivery (for local or relay_domains for |
| # example) so no explicit reject. smtps port 465 is non-standards compliant |
| # anyway so no one true answer. |
| $smtps_smtpd_client_restrictions = 'permit_sasl_authenticated', |
| $master_services = [], |
| # Other files |
| $header_checks = [], |
| $body_checks = [], |
| # Postscreen - available in Postfix 2.8 and later |
| $postscreen = false, |
| $postscreen_access_list = ['permit_mynetworks'], |
| $postscreen_blacklist_action = 'enforce', |
| $postscreen_cache_map = 'btree:$data_directory/postscreen_cache', |
| $postscreen_greet_wait = '${stress?2}${stress:6}s', |
| $postscreen_greet_banner = '$smtpd_banner', |
| $postscreen_greet_action = 'enforce', |
| $postscreen_dnsbl_sites = [], |
| $postscreen_dnsbl_reply_map = undef, |
| $postscreen_dnsbl_threshold = 1, |
| $postscreen_dnsbl_action = 'enforce', |
| # Spamassassin |
| $spamassassin = false, |
| $sa_required_hits = '5', |
| $sa_report_safe = '0', |
| $sa_rewrite_header = [], |
| $sa_trusted_networks = '10/8 172.16/12 192.168/16', |
| $sa_skip_rbl_checks = '1', |
| $sa_loadplugin = [ 'Mail::SpamAssassin::Plugin::SPF' ], |
| $sa_score = [ 'FH_DATE_PAST_20XX 0' ], |
| $spampd_port = '10026', |
| $spampd_relayport = '10027', |
| $spampd_children = '20', |
| $spampd_maxsize = '512', |
| # Other filters |
| $postgrey = false, |
| $postgrey_policy_service = undef, |
| $clamav = false, |
| $clamav_enabled = false, |
| # Parameters |
| $command_directory = $::postfix::params::command_directory, |
| $config_directory = $::postfix::params::config_directory, |
| $daemon_directory = $::postfix::params::daemon_directory, |
| $shlib_directory = $::postfix::params::shlib_directory, |
| $data_directory = $::postfix::params::data_directory, |
| $manpage_directory = $::postfix::params::manpage_directory, |
| $readme_directory = $::postfix::params::readme_directory, |
| $sample_directory = $::postfix::params::sample_directory, |
| $postfix_package = $::postfix::params::postfix_package, |
| $postfix_mysql_package = $::postfix::params::postfix_mysql_package, |
| $postfix_package_ensure = $::postfix::params::postfix_package_ensure, |
| $postgrey_package = $::postfix::params::postgrey_package, |
| $service_restart = $::postfix::params::service_restart, |
| $spamassassin_package = $::postfix::params::spamassassin_package, |
| $spampd_package = $::postfix::params::spampd_package, |
| $spampd_config = $::postfix::params::spampd_config, |
| $spampd_template = $::postfix::params::spampd_template, |
| $root_group = $::postfix::params::root_group, |
| $mailq_path = $::postfix::params::mailq_path, |
| $newaliases_path = $::postfix::params::newaliases_path, |
| $sendmail_path = $::postfix::params::sendmail_path, |
| ## ASF Custom |
| $backup_mx = false, |
| $asf_mx_enabled = false, |
| $asf_mx_content_filter = '', |
| $max_postfix_amavis_procs = '10', |
| $max_use_postfix_amavis = '25', |
| |
| ) inherits ::postfix::params { |
| |
| # Default has el5 files, for el6 a few defaults have changed |
| if ( $::operatingsystem =~ /RedHat|CentOS/ and versioncmp($::operatingsystemrelease, '6') < 0 ) { |
| $filesuffix = '-el5' |
| } else { |
| $filesuffix = '' |
| } |
| |
| # Main package and service it provides |
| if $mysql { |
| $package_name = $postfix_mysql_package |
| } else { |
| $package_name = $postfix_package |
| } |
| package { $package_name: ensure => $postfix_package_ensure, alias => 'postfix' } |
| |
| service { 'postfix': |
| require => Package[$package_name], |
| enable => true, |
| ensure => running, |
| hasstatus => true, |
| restart => $service_restart, |
| } |
| |
| file { "${config_directory}/master.cf": |
| content => template("postfix/master.cf${filesuffix}.erb"), |
| notify => Service['postfix'], |
| require => Package[$package_name], |
| } |
| file { "${config_directory}/main.cf": |
| content => template("postfix/main.cf${filesuffix}.erb"), |
| notify => Service['postfix'], |
| require => Package[$package_name], |
| } |
| |
| # Optional Spamassassin setup (using spampd) |
| if $spamassassin { |
| # Main packages and service they provide |
| package { [ $spamassassin_package, $spampd_package ]: ensure => installed } |
| # Note that we don't want the normal spamassassin (spamd) service |
| service { 'spampd': |
| require => Package[$spampd_package], |
| enable => true, |
| ensure => running, |
| hasstatus => true, |
| } |
| # Override the options passed to spampd |
| file { $spampd_config: |
| content => template($spampd_template), |
| notify => Service['spampd'], |
| } |
| # Change the spamassassin options |
| file { '/etc/mail/spamassassin/local.cf': |
| require => Package[$spamassassin_package], |
| content => template('postfix/spamassassin-local.cf.erb'), |
| notify => Service['spampd'], |
| } |
| } |
| |
| # Optional Postgrey setup |
| if $postgrey { |
| # Main package and service it provides |
| package { $postgrey_package: ensure => installed } |
| service { 'postgrey': |
| require => Package[$postgrey_package], |
| enable => true, |
| ensure => running, |
| # When stopped, status returns zero with 1.31-1.el5 |
| hasstatus => false, |
| } |
| } |
| |
| # Optional ClamAV setup (using clamsmtp) |
| # Defaults to listen on 10025 and re-send on 10026 |
| if $clamav { |
| include '::clamav::smtp' |
| } |
| |
| # Regex header_checks |
| postfix::file { 'header_checks': |
| content => template('postfix/header_checks.erb'), |
| group => $root_group, |
| notify => Service['postfix'], |
| postfixdir => $config_directory, |
| } |
| |
| # Regex body_checks |
| postfix::file { 'body_checks': |
| content => template('postfix/body_checks.erb'), |
| group => $root_group, |
| notify => Service['postfix'], |
| postfixdir => $config_directory, |
| } |
| |
| logrotate::rule { 'postfix': |
| ensure => absent, |
| } |
| |
| } |
