Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Projets publics
Puppet Camptocamp Postfix
Commits
93ec96b9
Commit
93ec96b9
authored
Sep 18, 2017
by
Angel L. Mateo
Committed by
Raphaël Pinson
Sep 18, 2017
Browse files
Add chroot parameter (#170)
To be able to configure master.cf with chroot
parent
c3aa7982
Changes
11
Hide whitespace changes
Inline
Side-by-side
README.md
View file @
93ec96b9
...
...
@@ -160,6 +160,11 @@ A string to define the e-mail address to which all mail directed to root should
Default: 'nobody'.
Example: 'root_catch@example.com'.
##### `chroot`
A boolean to define if postfix should be run in a chroot jail or not. If not defined, '-' is used (OS dependant)
Default: Undefined.
Example: true
##### `satellite`
A Boolean to define whether to configure postfix as a satellite relay host. This setting is mutually exclusive with the mta Boolean.
Default: False.
...
...
manifests/files.pp
View file @
93ec96b9
...
...
@@ -14,6 +14,7 @@ class postfix::files {
$myorigin
=
$postfix::myorigin
$manage_root_alias
=
$postfix::manage_root_alias
$root_mail_recipient
=
$postfix::root_mail_recipient
$chroot
=
$postfix::chroot
$smtp_listen
=
$postfix::_smtp_listen
$use_amavisd
=
$postfix::use_amavisd
$use_dovecot_lda
=
$postfix::use_dovecot_lda
...
...
@@ -24,6 +25,12 @@ class postfix::files {
assert_type
(
Optional
[
String
],
$master_smtp
)
assert_type
(
Optional
[
String
],
$master_smtps
)
$jail
=
$chroot
?
{
undef
=>
'-'
,
true
=>
'y'
,
default
=>
'n'
,
}
File
{
replace
=>
$manage_conffiles
,
}
...
...
@@ -56,9 +63,9 @@ class postfix::files {
$mastercf_content
=
undef
}
else
{
$mastercf_content
=
template
(
$postfix::params::master_os_template
,
'postfix/master.cf.common.erb'
)
$postfix::params::master_os_template
,
'postfix/master.cf.common.erb'
)
}
file
{
'/etc/postfix/master.cf'
:
...
...
@@ -89,7 +96,7 @@ class postfix::files {
'myorigin'
:
value
=>
$myorigin
;
}
case
$
::os
family
{
case
$
facts
[
'os'
][
'
family
'
]
{
'RedHat'
:
{
::
postfix::config
{
'mailq_path'
:
value
=>
'/usr/bin/mailq.postfix'
;
...
...
manifests/init.pp
View file @
93ec96b9
...
...
@@ -50,6 +50,8 @@
#
# [*root_mail_recipient*] - (string)
#
# [*chroot*] - (undef/boolean) Whether postfix should be run in a chroot
#
# [*satellite*] - (boolean) Whether to use as a satellite
# (implies MTA)
#
...
...
@@ -97,6 +99,7 @@ class postfix (
Optional
[
String
]
$relayhost
=
undef
,
# postfix_relayhost
Boolean
$manage_root_alias
=
true
,
Variant
[
Array
[
String
],
String
]
$root_mail_recipient
=
'nobody'
,
# root_mail_recipient
Optional
[
Boolean
]
$chroot
=
undef
,
Boolean
$satellite
=
false
,
String
$smtp_listen
=
'127.0.0.1'
,
# postfix_smtp_listen
Boolean
$use_amavisd
=
false
,
# postfix_use_amavisd
...
...
spec/acceptance/postfix_spec.rb
View file @
93ec96b9
...
...
@@ -21,7 +21,9 @@ describe 'postfix class' do
}
}
class { 'postfix': }
class { 'postfix':
smtp_listen => 'all',
}
EOS
# Run it twice and test for idempotency
...
...
templates/master.cf.SLES11.2.erb
View file @
93ec96b9
...
...
@@ -10,9 +10,9 @@
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
<%
if
@smtp_listen
==
'all'
-%>
smtp inet n -
n
- - smtpd
smtp inet n -
<%=
@jail
%>
- - smtpd
<%
else
-%>
<%=
@smtp_listen
%>
:smtp inet n -
n
- - smtpd
<%=
@smtp_listen
%>
:smtp inet n -
<%=
@jail
%>
- - smtpd
<%
end
-%>
#smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
...
...
@@ -24,32 +24,32 @@ smtp inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n -
n
60 1 pickup
cleanup unix n -
n
- 0 cleanup
pickup fifo n -
<%=
@jail
%>
60 1 pickup
cleanup unix n -
<%=
@jail
%>
- 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - -
n
- - trivial-rewrite
bounce unix - -
n
- 0 bounce
defer unix - -
n
- 0 bounce
trace unix - -
n
- 0 bounce
verify unix - -
n
- 1 verify
flush unix n -
n
1000? 0 flush
rewrite unix - -
<%=
@jail
%>
- - trivial-rewrite
bounce unix - -
<%=
@jail
%>
- 0 bounce
defer unix - -
<%=
@jail
%>
- 0 bounce
trace unix - -
<%=
@jail
%>
- 0 bounce
verify unix - -
<%=
@jail
%>
- 1 verify
flush unix n -
<%=
@jail
%>
1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - -
n
- - smtp
smtp unix - -
<%=
@jail
%>
- - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - -
n
- - smtp
relay unix - -
<%=
@jail
%>
- - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n -
n
- - showq
error unix - -
n
- - error
discard unix - -
n
- - discard
showq unix n -
<%=
@jail
%>
- - showq
error unix - -
<%=
@jail
%>
- - error
discard unix - -
<%=
@jail
%>
- - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - -
n
- - lmtp
anvil unix - -
n
- 1 anvil
lmtp unix - -
<%=
@jail
%>
- - lmtp
anvil unix - -
<%=
@jail
%>
- 1 anvil
#localhost:10025 inet n - n - - smtpd -o content_filter=
scache unix - -
n
- 1 scache
scache unix - -
<%=
@jail
%>
- 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
...
...
templates/master.cf.SLES11.3.erb
View file @
93ec96b9
...
...
@@ -10,9 +10,9 @@
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
<%
if
@smtp_listen
==
'all'
-%>
smtp inet n -
n
- - smtpd
smtp inet n -
<%=
@jail
%>
- - smtpd
<%
else
-%>
<%=
@smtp_listen
%>
:smtp inet n -
n
- - smtpd
<%=
@smtp_listen
%>
:smtp inet n -
<%=
@jail
%>
- - smtpd
<%
end
-%>
#smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
...
...
@@ -24,32 +24,32 @@ smtp inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n -
n
60 1 pickup
cleanup unix n -
n
- 0 cleanup
pickup fifo n -
<%=
@jail
%>
60 1 pickup
cleanup unix n -
<%=
@jail
%>
- 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - -
n
- - trivial-rewrite
bounce unix - -
n
- 0 bounce
defer unix - -
n
- 0 bounce
trace unix - -
n
- 0 bounce
verify unix - -
n
- 1 verify
flush unix n -
n
1000? 0 flush
rewrite unix - -
<%=
@jail
%>
- - trivial-rewrite
bounce unix - -
<%=
@jail
%>
- 0 bounce
defer unix - -
<%=
@jail
%>
- 0 bounce
trace unix - -
<%=
@jail
%>
- 0 bounce
verify unix - -
<%=
@jail
%>
- 1 verify
flush unix n -
<%=
@jail
%>
1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - -
n
- - smtp
smtp unix - -
<%=
@jail
%>
- - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - -
n
- - smtp
relay unix - -
<%=
@jail
%>
- - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n -
n
- - showq
error unix - -
n
- - error
discard unix - -
n
- - discard
showq unix n -
<%=
@jail
%>
- - showq
error unix - -
<%=
@jail
%>
- - error
discard unix - -
<%=
@jail
%>
- - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - -
n
- - lmtp
anvil unix - -
n
- 1 anvil
lmtp unix - -
<%=
@jail
%>
- - lmtp
anvil unix - -
<%=
@jail
%>
- 1 anvil
#localhost:10025 inet n - n - - smtpd -o content_filter=
scache unix - -
n
- 1 scache
scache unix - -
<%=
@jail
%>
- 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
...
...
templates/master.cf.SLES11.4.erb
View file @
93ec96b9
...
...
@@ -10,9 +10,9 @@
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
<%
if
@smtp_listen
==
'all'
-%>
smtp inet n -
n
- - smtpd
smtp inet n -
<%=
@jail
%>
- - smtpd
<%
else
-%>
<%=
@smtp_listen
%>
:smtp inet n -
n
- - smtpd
<%=
@smtp_listen
%>
:smtp inet n -
<%=
@jail
%>
- - smtpd
<%
end
-%>
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
...
...
@@ -23,32 +23,32 @@ smtp inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n -
n
60 1 pickup
cleanup unix n -
n
- 0 cleanup
pickup fifo n -
<%=
@jail
%>
60 1 pickup
cleanup unix n -
<%=
@jail
%>
- 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - -
n
1000? 1 tlsmgr
rewrite unix - -
n
- - trivial-rewrite
bounce unix - -
n
- 0 bounce
defer unix - -
n
- 0 bounce
trace unix - -
n
- 0 bounce
verify unix - -
n
- 1 verify
flush unix n -
n
1000? 0 flush
tlsmgr unix - -
<%=
@jail
%>
1000? 1 tlsmgr
rewrite unix - -
<%=
@jail
%>
- - trivial-rewrite
bounce unix - -
<%=
@jail
%>
- 0 bounce
defer unix - -
<%=
@jail
%>
- 0 bounce
trace unix - -
<%=
@jail
%>
- 0 bounce
verify unix - -
<%=
@jail
%>
- 1 verify
flush unix n -
<%=
@jail
%>
1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - -
n
- - smtp
smtp unix - -
<%=
@jail
%>
- - smtp
# When relaying mail as backup MX, disable smtp_fallback_relay to avoid MX loops
relay unix - -
n
- - smtp
relay unix - -
<%=
@jail
%>
- - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n -
n
- - showq
error unix - -
n
- - error
discard unix - -
n
- - discard
showq unix n -
<%=
@jail
%>
- - showq
error unix - -
<%=
@jail
%>
- - error
discard unix - -
<%=
@jail
%>
- - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - -
n
- - lmtp
anvil unix - -
n
- 1 anvil
lmtp unix - -
<%=
@jail
%>
- - lmtp
anvil unix - -
<%=
@jail
%>
- 1 anvil
#localhost:10025 inet n - n - - smtpd -o content_filter=
scache unix - -
n
- 1 scache
scache unix - -
<%=
@jail
%>
- 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
...
...
templates/master.cf.common.erb
View file @
93ec96b9
<%
if
@use_amavisd
%>
amavis unix - -
-
- 2 smtp
amavis unix - -
<%=
@jail
%>
- 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n -
-
- - smtpd
127.0.0.1:10025 inet n -
<%=
@jail
%>
- - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
...
...
templates/master.cf.debian.erb
View file @
93ec96b9
...
...
@@ -10,9 +10,9 @@
<%
if
@master_smtp
-%>
<%=
@master_smtp
%>
<%
elsif
@smtp_listen
==
'all'
-%>
smtp inet n -
-
- - smtpd
smtp inet n -
<%=
@jail
%>
- - smtpd
<%
else
-%>
<%=
@smtp_listen
%>
:smtp inet n -
-
- - smtpd
<%=
@smtp_listen
%>
:smtp inet n -
<%=
@jail
%>
- - smtpd
<%
end
-%>
<%
if
@master_submission
-%>
<%=
@master_submission
%>
...
...
@@ -29,31 +29,31 @@ smtp inet n - - - - smtpd
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - - - - qmqpd
pickup fifo n -
-
60 1 pickup
cleanup unix n -
-
- 0 cleanup
pickup fifo n -
<%=
@jail
%>
60 1 pickup
cleanup unix n -
<%=
@jail
%>
- 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n -
-
300 1 oqmgr
tlsmgr unix - -
-
1000? 1 tlsmgr
rewrite unix - -
-
- - trivial-rewrite
bounce unix - -
-
- 0 bounce
defer unix - -
-
- 0 bounce
trace unix - -
-
- 0 bounce
verify unix - -
-
- 1 verify
flush unix n -
-
1000? 0 flush
#qmgr fifo n -
n
300 1 oqmgr
tlsmgr unix - -
<%=
@jail
%>
1000? 1 tlsmgr
rewrite unix - -
<%=
@jail
%>
- - trivial-rewrite
bounce unix - -
<%=
@jail
%>
- 0 bounce
defer unix - -
<%=
@jail
%>
- 0 bounce
trace unix - -
<%=
@jail
%>
- 0 bounce
verify unix - -
<%=
@jail
%>
- 1 verify
flush unix n -
<%=
@jail
%>
1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - -
-
- - smtp
smtp unix - -
<%=
@jail
%>
- - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - -
-
- - smtp
relay unix - -
<%=
@jail
%>
- - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n -
-
- - showq
error unix - -
-
- - error
discard unix - -
-
- - discard
showq unix n -
<%=
@jail
%>
- - showq
error unix - -
<%=
@jail
%>
- - error
discard unix - -
<%=
@jail
%>
- - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - -
-
- - lmtp
anvil unix - -
-
- 1 anvil
scache
unix
- - - - 1
scache
lmtp unix - -
<%=
@jail
%>
- - lmtp
anvil unix - -
<%=
@jail
%>
- 1 anvil
scache
unix
- -
<%=
@jail
%>
- 1
scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
...
...
templates/master.cf.redhat.erb
View file @
93ec96b9
...
...
@@ -10,9 +10,9 @@
<%
if
@master_smtp
-%>
<%=
@master_smtp
%>
<%
elsif
@smtp_listen
==
'all'
-%>
smtp inet n -
n
- - smtpd
smtp inet n -
<%=
@jail
%>
- - smtpd
<%
else
-%>
<%=
@smtp_listen
%>
:smtp inet n -
n
- - smtpd
<%=
@smtp_listen
%>
:smtp inet n -
<%=
@jail
%>
- - smtpd
<%
end
-%>
<%
if
@master_submission
-%>
<%=
@master_submission
%>
...
...
@@ -30,31 +30,31 @@ smtp inet n - n - - smtpd
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - n - - qmqpd
pickup fifo n -
n
60 1 pickup
cleanup unix n -
n
- 0 cleanup
pickup fifo n -
<%=
@jail
%>
60 1 pickup
cleanup unix n -
<%=
@jail
%>
- 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - -
n
1000? 1 tlsmgr
rewrite unix - -
n
- - trivial-rewrite
bounce unix - -
n
- 0 bounce
defer unix - -
n
- 0 bounce
trace unix - -
n
- 0 bounce
verify unix - -
n
- 1 verify
flush unix n -
n
1000? 0 flush
tlsmgr unix - -
<%=
@jail
%>
1000? 1 tlsmgr
rewrite unix - -
<%=
@jail
%>
- - trivial-rewrite
bounce unix - -
<%=
@jail
%>
- 0 bounce
defer unix - -
<%=
@jail
%>
- 0 bounce
trace unix - -
<%=
@jail
%>
- 0 bounce
verify unix - -
<%=
@jail
%>
- 1 verify
flush unix n -
<%=
@jail
%>
1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - -
n
- - smtp
smtp unix - -
<%=
@jail
%>
- - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - -
n
- - smtp
relay unix - -
<%=
@jail
%>
- - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n -
n
- - showq
error unix - -
n
- - error
discard unix - -
n
- - discard
showq unix n -
<%=
@jail
%>
- - showq
error unix - -
<%=
@jail
%>
- - error
discard unix - -
<%=
@jail
%>
- - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - -
n
- - lmtp
anvil unix - -
n
- 1 anvil
scache unix - -
n
- 1 scache
lmtp unix - -
<%=
@jail
%>
- - lmtp
anvil unix - -
<%=
@jail
%>
- 1 anvil
scache unix - -
<%=
@jail
%>
- 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
...
...
templates/master.cf.sles.erb
View file @
93ec96b9
...
...
@@ -13,9 +13,9 @@
<%
if
@master_smtp
-%>
<%=
@master_smtp
%>
<%
elsif
@smtp_listen
==
'all'
-%>
smtp inet n -
n
- - smtpd
smtp inet n -
<%=
@jail
%>
- - smtpd
<%
else
-%>
<%=
@smtp_listen
%>
:smtp inet n -
n
- - smtpd
<%=
@smtp_listen
%>
:smtp inet n -
<%=
@jail
%>
- - smtpd
<%
end
-%>
<%
if
@master_submission
-%>
<%=
@master_submission
%>
...
...
@@ -56,32 +56,32 @@ smtp inet n - n - - smtpd
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n -
n
60 1 pickup
cleanup unix n -
n
- 0 cleanup
pickup unix n -
<%=
@jail
%>
60 1 pickup
cleanup unix n -
<%=
@jail
%>
- 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - -
n
1000? 1 tlsmgr
rewrite unix - -
n
- - trivial-rewrite
bounce unix - -
n
- 0 bounce
defer unix - -
n
- 0 bounce
trace unix - -
n
- 0 bounce
verify unix - -
n
- 1 verify
flush unix n -
n
1000? 0 flush
tlsmgr unix - -
<%=
@jail
%>
1000? 1 tlsmgr
rewrite unix - -
<%=
@jail
%>
- - trivial-rewrite
bounce unix - -
<%=
@jail
%>
- 0 bounce
defer unix - -
<%=
@jail
%>
- 0 bounce
trace unix - -
<%=
@jail
%>
- 0 bounce
verify unix - -
<%=
@jail
%>
- 1 verify
flush unix n -
<%=
@jail
%>
1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - -
n
- - smtp
smtp unix - -
<%=
@jail
%>
- - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - -
n
- - smtp
relay unix - -
<%=
@jail
%>
- - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n -
n
- - showq
error unix - -
n
- - error
retry unix - -
n
- - error
discard unix - -
n
- - discard
showq unix n -
<%=
@jail
%>
- - showq
error unix - -
<%=
@jail
%>
- - error
retry unix - -
<%=
@jail
%>
- - error
discard unix - -
<%=
@jail
%>
- - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - -
n
- - lmtp
anvil unix - -
n
- 1 anvil
lmtp unix - -
<%=
@jail
%>
- - lmtp
anvil unix - -
<%=
@jail
%>
- 1 anvil
#localhost:10025 inet n - n - - smtpd
# -o content_filter=
# -o smtpd_delay_reject=no
...
...
@@ -102,7 +102,7 @@ anvil unix - - n - 1 anvil
# -o local_header_rewrite_clients=
# -o local_recipient_maps=
# -o relay_recipient_maps=
scache unix - -
n
- 1 scache
scache unix - -
<%=
@jail
%>
- 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment