From 05c973367a97309e33dc5478bf05e9cc8e2379fc Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Wed, 14 Jun 2017 16:34:28 +0200 Subject: [PATCH] Rewritten customer/pixelpark-mail/common.yaml for new Postfix manifest --- customer/pixelpark-mail/common.yaml | 278 ++++------------------------ 1 file changed, 33 insertions(+), 245 deletions(-) diff --git a/customer/pixelpark-mail/common.yaml b/customer/pixelpark-mail/common.yaml index 2eda7fe7..09cd257c 100644 --- a/customer/pixelpark-mail/common.yaml +++ b/customer/pixelpark-mail/common.yaml @@ -53,26 +53,42 @@ infra::profile::sasl::application: # Postfix configuration: # Global configurations +postfix::alias_maps: "hash:/etc/postfix/maps/aliases ldap:/etc/postfix/ldap/alias.cf" +postfix::inet_interfaces: 'all' +postfix::manage_mailx: false +postfix::mastercf_source: 'puppet:///postfix_dir/master.cf' +postfix::myorigin: 'pixelpark.com' + +#infra::profile::postfix::config_directory: '/etc/postfix' infra::profile::postfix::aliases_file: '/etc/postfix/maps/aliases' infra::profile::postfix::aliases_source: 'puppet:///postfix_dir/maps/aliases' +#infra::profile::postfix::myorigin: "%{hiera('postfix::myorigin')}" +#infra::profile::postfix::relayhost: ~ +#infra::profile::postfix::tls: true +#infra::profile::postfix::tls_cert: ~ +#infra::profile::postfix::tls_key: ~ +#infra::profile::postfix::tls_chain: ~ +#infra::profile::postfix::tls_loglevel: 1 +#infra::profile::postfix::tls_received_header: true +#infra::profile::postfix::tls_security_level: 'may' +#infra::profile::postfix::tls_auth_only: false +#infra::profile::postfix::cert_servername: 'wildcard.pixelpark.com' +#infra::profile::postfix::cert_customer: 'pixelpark' +infra::profile::postfix::has_map_smtp_tls_peers: true +#infra::profile::postfix::map_smtp_tls_peers: '/etc/postfix/maps/smtp-tls-peers' +infra::profile::postfix::is_relay: true +#infra::profile::postfix::unverified_recipient_reject_code: '550' +#infra::profile::postfix::transport_maps_source: ~ +#infra::profile::postfix::virtual_aliases_source: ~ +infra::profile::postfix::has_default_generic: false +#infra::profile::postfix::virtual_regex: ~ -ldap_server: 'ldap.pixelpark.com' -ldap_port: '389' -ldap_timeout: '5' -ldap_search_base: 'o=isp' -#ldap_bind_dn: 'uid=Solaris_NSS,ou=Unix NSS,ou=Applications,o=pixelpark,o=isp' -#ldap_bind_pw: > -# ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw -# DQYJKoZIhvcNAQEBBQAEggEAiDDL0RGJsOj7Nz9hIkqiDi5/EcFW/GBCzjGP -# P2QLHG79sX4peUhlw6nNk9Krtzh9G283pvg0ldJ9EOaC+6r6CMxe0V0K0AQ+ -# pcFbn/W1Vi/rrjvjeweZGpIqBaYatMzNI4KlJmKTgUeq26E48RIXkyagd+gm -# d4QHk1+KsrTBytvbdIKcpWgnfUJx8Q10QiYIQHyRHyXRRtUEgNERMiKZsxRt -# zGyo1O0XXsYJ23+qnqawrV25whwFgDv9A16eXqFm/3bVP0JBgWKN+u5f+3Fc -# cN+gbU7zWDyfgjkoll7VXt1ciTmtl3zvqP/WPInPqab5vcR+MSDD+J7XYqp/ -# P1KyqTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBBQH0PgyfGgShdRw3s -# SPGwgBBpfrJXgOfQa21UINdzHMjR] -ldap_bind_dn: 'cn=admin' -ldap_bind_pw: > +#infra::profile::postfix::ldap_server: 'ldap.pixelpark.com' +#infra::profile::postfix::ldap_port: '389' +#infra::profile::postfix::ldap_timeout: '5' +#infra::profile::postfix::ldap_search_base: 'o=isp' +#infra::profile::postfix::ldap_bind_dn: 'cn=admin' +infra::profile::postfix::ldap_bind_pw: > ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw DQYJKoZIhvcNAQEBBQAEggEAkGouEnyjTBA40/lpw1BEHsDx2b2I3L2HHnm9 U9gHYhz1BrPTsyCklW8CC3BiE0W9NRS0Rod+cm6M+7OMzciXbgQMFO6Ko98V @@ -83,232 +99,4 @@ ldap_bind_pw: > EPXIdDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD/aCWYpB6KwUIcLp1T EKskgBArkfXhMZNEUfrTvFILs4Ig] -postfix::alias_maps: "hash:/etc/postfix/maps/aliases ldap:/etc/postfix/ldap/alias.cf" -postfix::inet_interfaces: 'all' -postfix::manage_mailx: false -postfix::mastercf_source: 'puppet:///postfix_dir/master.cf' -postfix::myorigin: 'pixelpark.com' - -# Main.cf config entries -infra::profile::postfix::configs: - address_verify_map: - ensure: 'absent' - alias_database: - value: 'hash:/etc/postfix/maps/aliases' - append_dot_mydomain: - value: 'no' - biff: - value: 'no' - broken_sasl_auth_clients: - value: 'yes' - command_directory: - ensure: 'absent' - daemon_directory: - ensure: 'absent' - data_directory: - ensure: 'absent' - debug_peer_level: - ensure: 'absent' - debugger_command: - ensure: 'absent' - hash_queue_depth: - value: '3' - html_directory: - ensure: 'absent' - inet_protocols: - value: 'all' - lmtp_tls_loglevel: - value: '1' - mail_owner: - ensure: 'absent' - mailbox_size_limit: - value: '0' - manpage_directory: - ensure: 'absent' - masquerade_domains: - value: 'hash:/etc/postfix/maps/masquerade_domains' - maximal_queue_lifetime: - value: '10d' - message_size_limit: - value: '358400000' - mydestination: - value: '$myhostname, localhost.$mydomain, localhost' - mydomain: - value: 'pixelpark.com' - myhostname: - value: "%{::fqdn}" - mynetworks: - value: 'cidr:/etc/postfix/maps/my-networks' - queue_directory: - ensure: 'absent' - readme_directory: - value: '/usr/share/doc/postfix' - recipient_canonical_maps: - value: 'hash:/etc/postfix/maps/canonical-recipients ldap:/etc/postfix/ldap/mailroutingaddress.cf' - recipient_delimiter: - value: '+' - relay_domains: - value: 'hash:/etc/postfix/maps/relay_domains' - relayhost: - ensure: 'blank' - sample_directory: - ensure: 'absent' - sender_dependent_default_transport_maps: - ensure: 'absent' - sender_dependent_relayhost_maps: - ensure: 'absent' - setgid_group: - ensure: 'absent' - smtp_generic_maps: - ensure: 'absent' - smtp_sasl_auth_enable: - ensure: 'absent' - smtp_tls_cert_file: - value: '/etc/postfix/ssl/wildcard.pixelpark.com-cert.pem' - smtp_tls_enforce_peername: - value: 'no' - smtp_tls_key_file: - value: '$smtp_tls_cert_file' - smtp_tls_loglevel: - value: '1' - smtp_tls_note_starttls_offer: - ensure: 'absent' - smtp_tls_per_site: - value: 'hash:/etc/postfix/maps/smtp-tls-peers' - smtp_tls_policy_maps: - ensure: 'absent' - smtp_tls_session_cache_database: - value: 'btree:${data_directory}/smtp_scache' - smtp_use_tls: - value: 'yes' - smtpd_banner: - value: '$myhostname ESMTP $mail_name $mail_version' - smtpd_client_restrictions: - ensure: 'absent' - smtpd_recipient_restrictions: - ensure: 'absent' - smtpd_relay_restrictions: - value: "check_client_access hash:/etc/postfix/maps/access_client, check_recipient_access hash:/etc/postfix/maps/access_recipient, check_sender_access hash:/etc/postfix/maps/access_sender, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_invalid_helo_hostname, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_unauth_destination, reject_unauth_destination, reject_unverified_recipient, permit" - smtpd_sasl_auth_enable: - value: 'yes' - smtpd_sasl_authenticated_header: - value: 'yes' - smtpd_sasl_local_domain: - ensure: 'absent' - smtpd_sender_restrictions: - ensure: 'absent' - smtpd_tls_CAfile: - ensure: 'absent' - smtpd_tls_auth_only: - ensure: 'absent' - smtpd_tls_cert_file: - value: '$smtp_tls_cert_file' - smtpd_tls_key_file: - value: '$smtp_tls_cert_file' - smtpd_tls_loglevel: - value: '1' - smtpd_tls_received_header: - value: 'yes' - smtpd_tls_session_cache_database: - value: 'btree:${data_directory}/smtpd_scache' - smtpd_tls_session_cache_timeout: - ensure: 'absent' - tls_random_prng_update_period: - ensure: 'absent' - tls_random_source: - ensure: 'absent' - smtpd_use_tls: - value: 'yes' - transport_maps: - value: 'hash:/etc/postfix/maps/discarded_domains hash:/etc/postfix/maps/transport ldap:/etc/postfix/ldap/mailhost.cf' - unknown_local_recipient_reject_code: - ensure: 'absent' - unverified_recipient_reject_code: - value: '550' - virtual_alias_maps: - value: 'pcre:/etc/postfix/maps/virtual-regex hash:/etc/postfix/maps/virtual-aliases' - -# All postfix hash databases -infra::profile::postfix::hashes: - '/etc/postfix/maps/access_client': - ensure: 'present' - source: 'puppet:///postfix_dir/maps/access_client' - '/etc/postfix/maps/access_recipient': - ensure: 'present' - source: 'puppet:///postfix_dir/maps/access_recipient' - '/etc/postfix/maps/access_sender': - ensure: 'present' - source: 'puppet:///postfix_dir/maps/access_sender' - '/etc/postfix/maps/discarded_domains': - ensure: 'present' - source: 'puppet:///postfix_dir/maps/discarded_domains' - '/etc/postfix/maps/masquerade_domains': - ensure: 'present' - source: 'puppet:///postfix_dir/maps/masquerade_domains' - '/etc/postfix/maps/relay_domains': - ensure: 'present' - source: 'puppet:///postfix_dir/maps/relay_domains' - '/etc/postfix/maps/smtp-tls-peers': - ensure: 'present' - source: 'puppet:///postfix_dir/maps/smtp-tls-peers' - '/etc/postfix/maps/transport': - ensure: 'present' - source: 'puppet:///postfix_dir/maps/transport' - '/etc/postfix/maps/canonical-recipients': - ensure: 'present' - source: 'puppet:///postfix_dir/maps/canonical-recipients' - '/etc/postfix/maps/virtual-aliases': - ensure: 'present' - source: 'puppet:///postfix_dir/maps/virtual-aliases' - -# All other postfix configuration files -infra::profile::postfix::conffiles: - my-networks: - ensure: 'present' - path: '/etc/postfix/maps/my-networks' - source: 'puppet:///postfix_dir/maps/my-networks' - virtual-regex: - ensure: 'present' - path: '/etc/postfix/maps/virtual-regex' - source: 'puppet:///postfix_dir/maps/virtual-regex' - ldap-alias: - ensure: 'present' - path: '/etc/postfix/ldap/alias.cf' - options: - server_host: "%{hiera('ldap_server')}" - server_port: "%{hiera('ldap_port')}" - timeout: "%{hiera('ldap_timeout')}" - search_base: "%{hiera('ldap_search_base')}" - query_filter: '(mailAlternateAddress=%u@pixelpark.com)' - result_attribute: 'mail' - bind: 'yes' - bind_dn: "%{hiera('ldap_bind_dn')}" - bind_pw: "%{hiera('ldap_bind_pw')}" - ldap-mailhost: - ensure: 'present' - path: '/etc/postfix/ldap/mailhost.cf' - options: - server_host: "%{hiera('ldap_server')}" - server_port: "%{hiera('ldap_port')}" - timeout: "%{hiera('ldap_timeout')}" - search_base: "%{hiera('ldap_search_base')}" - query_filter: '(&(objectclass=inetLocalMailRecipient)(|(mail=%s)(mailAlternateAddress=%s)(mailEquivalentAddress=%s))(|(inetMailGroupStatus=active)(mailUserStatus=active)(mailUserStatus=hold)))' - result_attribute: 'mailhost' - result_format: 'smtp:[%s]' - bind: 'yes' - bind_dn: "%{hiera('ldap_bind_dn')}" - bind_pw: "%{hiera('ldap_bind_pw')}" - ldap-mailroutingaddress: - ensure: 'present' - path: '/etc/postfix/ldap/mailroutingaddress.cf' - options: - server_host: "%{hiera('ldap_server')}" - server_port: "%{hiera('ldap_port')}" - timeout: "%{hiera('ldap_timeout')}" - search_base: "%{hiera('ldap_search_base')}" - query_filter: '(&(objectclass=inetLocalMailRecipient)(|(mail=%s)(mailAlternateAddress=%s)(mailEquivalentAddress=%s))(|(inetMailGroupStatus=active)(mailUserStatus=active)(mailUserStatus=hold)))' - result_attribute: 'mailroutingaddress' - bind: 'yes' - bind_dn: "%{hiera('ldap_bind_dn')}" - bind_pw: "%{hiera('ldap_bind_pw')}" -- 2.39.5