From 8dcad44d0d74f10e7220816f39cea3b0b47d76aa Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Tue, 30 May 2017 15:33:16 +0200 Subject: [PATCH] Changing customer/pixelpark/test-mail02.pixelpark.net.yaml for Postfix --- .../pixelpark/test-mail02.pixelpark.net.yaml | 303 ++++++++++++++++++ 1 file changed, 303 insertions(+) diff --git a/customer/pixelpark/test-mail02.pixelpark.net.yaml b/customer/pixelpark/test-mail02.pixelpark.net.yaml index 3b0442d3..9fa2bec1 100644 --- a/customer/pixelpark/test-mail02.pixelpark.net.yaml +++ b/customer/pixelpark/test-mail02.pixelpark.net.yaml @@ -1,2 +1,305 @@ --- infra::role: base + +infra::additional_classes: + - infra::profile::sasl + - infra::profile::postfix + +# Necessary, because the host has a local caching only DNS resolver +puppetconf::server: puppetmaster01.pixelpark.com + +##################################################### +# SASL configuration +sasl::authd::mechanism: 'ldap' +sasl::authd::bind: 'ldap' +sasl::authd::ldap_auth_method: 'bind' +sasl::authd::ldap_search_base: 'o=isp' +sasl::authd::ldap_servers: + - 'ldap://ldap.pixelpark.com' +#sasl::authd::ldap_start_tls: false +sasl::authd::bind_dn: 'cn=admin' +sasl::authd::ldap_bind_dn: 'cn=admin' +sasl::authd::ldap_password: > + ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEAkGouEnyjTBA40/lpw1BEHsDx2b2I3L2HHnm9 + U9gHYhz1BrPTsyCklW8CC3BiE0W9NRS0Rod+cm6M+7OMzciXbgQMFO6Ko98V + tzoTyL8yeWr4ZXNpov/gVD+WTfcKo2A0w+egenTdErN4dclnwzAoSR9QOHNT + LUxHa6sTT191+79mjw0CnG1BwDKBnZRyO+fzgACFn0dUIasz7danBbZMPn/n + wOuOrXXq/PVNPW9GSeKkbimYCAn7KDwTvJNTJCR7dh29+aq0xoSSsGrN+L+f + OZrj3dG58D8lspbxNb4iFMswtOcihByp6n5fRmvnEFXw/Dn507UCTxURoLpp + EPXIdDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD/aCWYpB6KwUIcLp1T + EKskgBArkfXhMZNEUfrTvFILs4Ig] +sasl::authd::ldap_bind_pw: > + ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEAkGouEnyjTBA40/lpw1BEHsDx2b2I3L2HHnm9 + U9gHYhz1BrPTsyCklW8CC3BiE0W9NRS0Rod+cm6M+7OMzciXbgQMFO6Ko98V + tzoTyL8yeWr4ZXNpov/gVD+WTfcKo2A0w+egenTdErN4dclnwzAoSR9QOHNT + LUxHa6sTT191+79mjw0CnG1BwDKBnZRyO+fzgACFn0dUIasz7danBbZMPn/n + wOuOrXXq/PVNPW9GSeKkbimYCAn7KDwTvJNTJCR7dh29+aq0xoSSsGrN+L+f + OZrj3dG58D8lspbxNb4iFMswtOcihByp6n5fRmvnEFXw/Dn507UCTxURoLpp + EPXIdDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD/aCWYpB6KwUIcLp1T + EKskgBArkfXhMZNEUfrTvFILs4Ig] +sasl::authd::ldap_version: '3' +sasl::authd::ldap_filter: '(&(objectclass=inetlocalmailrecipient)(|(uid=%u)(mail=%u)))' + +infra::profile::sasl::enable_authd: true +infra::profile::sasl::application: + smtpd: + mech_list: + - PLAIN + - LOGIN + pwcheck_method: 'saslauthd' + + +##################################################### +# Postfix configuration: + +# Global configurations +infra::profile::postfix::aliases_file: '/etc/postfix/maps/aliases' +infra::profile::postfix::aliases_source: 'puppet:///postfix_dir/maps/aliases' + +ldap_server: 'ldap.pixelpark.com' +ldap_port: '389' +ldap_timeout: '5' +ldap_search_base: 'o=isp' +ldap_bind_dn: 'cn=admin' +ldap_bind_pw: > + ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEAkGouEnyjTBA40/lpw1BEHsDx2b2I3L2HHnm9 + U9gHYhz1BrPTsyCklW8CC3BiE0W9NRS0Rod+cm6M+7OMzciXbgQMFO6Ko98V + tzoTyL8yeWr4ZXNpov/gVD+WTfcKo2A0w+egenTdErN4dclnwzAoSR9QOHNT + LUxHa6sTT191+79mjw0CnG1BwDKBnZRyO+fzgACFn0dUIasz7danBbZMPn/n + wOuOrXXq/PVNPW9GSeKkbimYCAn7KDwTvJNTJCR7dh29+aq0xoSSsGrN+L+f + OZrj3dG58D8lspbxNb4iFMswtOcihByp6n5fRmvnEFXw/Dn507UCTxURoLpp + EPXIdDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD/aCWYpB6KwUIcLp1T + EKskgBArkfXhMZNEUfrTvFILs4Ig] + +postfix::alias_maps: "hash:/etc/postfix/maps/aliases ldap:/etc/postfix/ldap/alias.cf" +postfix::inet_interfaces: 'all' +postfix::manage_mailx: false +postfix::mastercf_source: 'puppet:///postfix_dir/master.cf' +postfix::myorigin: 'pixelpark.com' + +# Main.cf config entries +infra::profile::postfix::configs: + address_verify_map: + ensure: 'absent' + alias_database: + value: 'hash:/etc/postfix/maps/aliases' + append_dot_mydomain: + value: 'no' + biff: + value: 'no' + broken_sasl_auth_clients: + value: 'yes' + command_directory: + ensure: 'absent' + daemon_directory: + ensure: 'absent' + data_directory: + ensure: 'absent' + debug_peer_level: + ensure: 'absent' + debugger_command: + ensure: 'absent' + hash_queue_depth: + value: '3' + html_directory: + ensure: 'absent' + inet_protocols: + value: 'all' + lmtp_tls_loglevel: + value: '1' + mail_owner: + ensure: 'absent' + mailbox_size_limit: + value: '0' + manpage_directory: + ensure: 'absent' + masquerade_domains: + value: 'hash:/etc/postfix/maps/masquerade_domains' + maximal_queue_lifetime: + value: '10d' + message_size_limit: + value: '358400000' + mydestination: + value: '$myhostname, localhost.$mydomain, localhost' + mydomain: + value: 'pixelpark.com' + myhostname: + value: "%{::fqdn}" + mynetworks: + value: 'cidr:/etc/postfix/maps/my-networks' + queue_directory: + ensure: 'absent' + readme_directory: + value: '/usr/share/doc/postfix' + recipient_canonical_maps: + value: 'hash:/etc/postfix/maps/canonical-recipients ldap:/etc/postfix/ldap/mailroutingaddress.cf' + recipient_delimiter: + value: '+' + relay_domains: + value: 'hash:/etc/postfix/maps/relay_domains' + relayhost: + ensure: 'blank' + sample_directory: + ensure: 'absent' + sender_dependent_default_transport_maps: + ensure: 'absent' + sender_dependent_relayhost_maps: + ensure: 'absent' + setgid_group: + ensure: 'absent' + smtp_generic_maps: + ensure: 'absent' + smtp_sasl_auth_enable: + ensure: 'absent' + smtp_tls_cert_file: + value: '/etc/postfix/ssl/wildcard.pixelpark.com-cert.pem' + smtp_tls_enforce_peername: + value: 'no' + smtp_tls_key_file: + value: '$smtp_tls_cert_file' + smtp_tls_loglevel: + value: '1' + smtp_tls_note_starttls_offer: + ensure: 'absent' + smtp_tls_per_site: + value: 'hash:/etc/postfix/maps/smtp-tls-peers' + smtp_tls_policy_maps: + ensure: 'absent' + smtp_tls_session_cache_database: + value: 'btree:${data_directory}/smtp_scache' + smtp_use_tls: + value: 'yes' + smtpd_banner: + value: '$myhostname ESMTP $mail_name $mail_version' + smtpd_client_restrictions: + ensure: 'absent' + smtpd_recipient_restrictions: + ensure: 'absent' + smtpd_relay_restrictions: + value: "check_client_access hash:/etc/postfix/maps/access_client, check_recipient_access hash:/etc/postfix/maps/access_recipient, check_sender_access hash:/etc/postfix/maps/access_sender, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_invalid_helo_hostname, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_unauth_destination, reject_unauth_destination, reject_unverified_recipient, permit" + smtpd_sasl_auth_enable: + value: 'yes' + smtpd_sasl_authenticated_header: + value: 'yes' + smtpd_sasl_local_domain: + ensure: 'absent' + smtpd_sender_restrictions: + ensure: 'absent' + smtpd_tls_CAfile: + ensure: 'absent' + smtpd_tls_auth_only: + ensure: 'absent' + smtpd_tls_cert_file: + value: '$smtp_tls_cert_file' + smtpd_tls_key_file: + value: '$smtp_tls_cert_file' + smtpd_tls_loglevel: + value: '1' + smtpd_tls_received_header: + value: 'yes' + smtpd_tls_session_cache_database: + value: 'btree:${data_directory}/smtpd_scache' + smtpd_tls_session_cache_timeout: + ensure: 'absent' + tls_random_prng_update_period: + ensure: 'absent' + tls_random_source: + ensure: 'absent' + smtpd_use_tls: + value: 'yes' + transport_maps: + value: 'hash:/etc/postfix/maps/discarded_domains hash:/etc/postfix/maps/transport ldap:/etc/postfix/ldap/mailhost.cf' + unknown_local_recipient_reject_code: + ensure: 'absent' + unverified_recipient_reject_code: + value: '550' + virtual_alias_maps: + value: 'pcre:/etc/postfix/maps/virtual-regex hash:/etc/postfix/maps/virtual-aliases' + +# All postfix hash databases +infra::profile::postfix::hashes: + '/etc/postfix/maps/access_client': + ensure: 'present' + source: 'puppet:///postfix_dir/maps/access_client' + '/etc/postfix/maps/access_recipient': + ensure: 'present' + source: 'puppet:///postfix_dir/maps/access_recipient' + '/etc/postfix/maps/access_sender': + ensure: 'present' + source: 'puppet:///postfix_dir/maps/access_sender' + '/etc/postfix/maps/discarded_domains': + ensure: 'present' + source: 'puppet:///postfix_dir/maps/discarded_domains' + '/etc/postfix/maps/masquerade_domains': + ensure: 'present' + source: 'puppet:///postfix_dir/maps/masquerade_domains' + '/etc/postfix/maps/relay_domains': + ensure: 'present' + source: 'puppet:///postfix_dir/maps/relay_domains' + '/etc/postfix/maps/smtp-tls-peers': + ensure: 'present' + source: 'puppet:///postfix_dir/maps/smtp-tls-peers' + '/etc/postfix/maps/transport': + ensure: 'present' + source: 'puppet:///postfix_dir/maps/transport' + '/etc/postfix/maps/canonical-recipients': + ensure: 'present' + source: 'puppet:///postfix_dir/maps/canonical-recipients' + '/etc/postfix/maps/virtual-aliases': + ensure: 'present' + source: 'puppet:///postfix_dir/maps/virtual-aliases' + +# All other postfix configuration files +infra::profile::postfix::conffiles: + my-networks: + ensure: 'present' + path: '/etc/postfix/maps/my-networks' + source: 'puppet:///postfix_dir/maps/my-networks' + virtual-regex: + ensure: 'present' + path: '/etc/postfix/maps/virtual-regex' + source: 'puppet:///postfix_dir/maps/virtual-regex' + ldap-alias: + ensure: 'present' + path: '/etc/postfix/ldap/alias.cf' + options: + server_host: "%{hiera('ldap_server')}" + server_port: "%{hiera('ldap_port')}" + timeout: "%{hiera('ldap_timeout')}" + search_base: "%{hiera('ldap_search_base')}" + query_filter: '(mailAlternateAddress=%u@pixelpark.com)' + result_attribute: 'mail' + bind: 'yes' + bind_dn: "%{hiera('ldap_bind_dn')}" + bind_pw: "%{hiera('ldap_bind_pw')}" + ldap-mailhost: + ensure: 'present' + path: '/etc/postfix/ldap/mailhost.cf' + options: + server_host: "%{hiera('ldap_server')}" + server_port: "%{hiera('ldap_port')}" + timeout: "%{hiera('ldap_timeout')}" + search_base: "%{hiera('ldap_search_base')}" + query_filter: '(&(objectclass=inetLocalMailRecipient)(|(mail=%s)(mailAlternateAddress=%s)(mailEquivalentAddress=%s))(|(inetMailGroupStatus=active)(mailUserStatus=active)(mailUserStatus=hold)))' + result_attribute: 'mailhost' + result_format: 'smtp:[%s]' + bind: 'yes' + bind_dn: "%{hiera('ldap_bind_dn')}" + bind_pw: "%{hiera('ldap_bind_pw')}" + ldap-mailroutingaddress: + ensure: 'present' + path: '/etc/postfix/ldap/mailroutingaddress.cf' + options: + server_host: "%{hiera('ldap_server')}" + server_port: "%{hiera('ldap_port')}" + timeout: "%{hiera('ldap_timeout')}" + search_base: "%{hiera('ldap_search_base')}" + query_filter: '(&(objectclass=inetLocalMailRecipient)(|(mail=%s)(mailAlternateAddress=%s)(mailEquivalentAddress=%s))(|(inetMailGroupStatus=active)(mailUserStatus=active)(mailUserStatus=hold)))' + result_attribute: 'mailroutingaddress' + bind: 'yes' + bind_dn: "%{hiera('ldap_bind_dn')}" + bind_pw: "%{hiera('ldap_bind_pw')}" + -- 2.39.5