Mercurial > repos > other > Puppet
annotate modules/postfix/manifests/init.pp @ 131:0dd899a10ee1 puppet-3.6
Change all "latest" packages to "installed"
Having Puppet update packages is dangerous and not correct sysadmin.
We have a script for checking for updates. Let that run and let the
sysadmin update when appropriate.
This will prevent any potential issues from faulty service restarts
in the middle of the night.
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Wed, 26 Oct 2016 19:40:37 +0100 |
| parents | 8316d4e55e92 |
| children | 048bc4d6af43 |
| rev | line source |
|---|---|
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
1 class postfix ( |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
2 $mailserver, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
3 ){ |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
4 package { 'sendmail': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
5 ensure => 'absent', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
6 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
7 service { 'sendmail': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
8 ensure => stopped, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
9 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
10 package { 'postfix': |
|
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
126
diff
changeset
|
11 ensure => installed; |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
12 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
13 service { 'postfix': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
14 ensure => running, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
15 subscribe => Package['postfix'], |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
16 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
17 exec { 'postmap-files': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
18 command => 'for file in helo_whitelist recipient_bcc sender_access valias valias-blacklist virtual vmailbox; do postmap $file; done', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
19 cwd => '/etc/postfix/', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
20 provider => 'shell', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
21 refreshonly => true, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
22 notify => Service['postfix'], |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
23 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
24 File { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
25 ensure => present, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
26 notify => Exec['postmap-files'], |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
27 require => Package['postfix'], |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
28 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
29 file { '/etc/postfix/main.cf': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
30 content => template('postfix/main.cf.erb'), |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
31 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
32 file { '/etc/postfix/master.cf': |
|
62
f192048f9b7e
Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
33 source => [ |
|
f192048f9b7e
Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
34 "puppet:///modules/postfix/master.${operatingsystem}${operatingsystemmajrelease}.cf", |
|
f192048f9b7e
Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
35 'puppet:///modules/postfix/master.cf' |
|
f192048f9b7e
Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
36 ] |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
37 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
38 #Hosted domains |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
39 file { '/etc/postfix/vdomains': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
40 source => 'puppet:///private/postfix/vdomains', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
41 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
42 #Hosted mailboxes |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
43 file { '/etc/postfix/vmailbox': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
44 source => 'puppet:///private/postfix/vmailbox', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
45 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
46 #Catch-alls |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
47 file { '/etc/postfix/virtual': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
48 source => 'puppet:///private/postfix/virtual', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
49 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
50 #Forwarders/aliases |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
51 file { '/etc/postfix/valias': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
52 source => 'puppet:///private/postfix/valias', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
53 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
54 #BCCing of inbound email |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
55 file { '/etc/postfix/recipient_bcc': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
56 source => 'puppet:///private/postfix/recipient_bcc', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
57 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
58 #Spammed/removed addresses |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
59 file { '/etc/postfix/valias-blacklist': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
60 source => 'puppet:///private/postfix/valias-blacklist', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
61 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
62 #Spammed/removed address patterns |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
63 file { '/etc/postfix/valias-blacklist-regex': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
64 source => 'puppet:///private/postfix/valias-blacklist-regex', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
65 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
66 #Bad headers (use sparingly) |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
67 file { '/etc/postfix/header_checks': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
68 source => 'puppet:///private/postfix/header_checks', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
69 } |
|
92
4412f5e0b2ba
Add body checks to emails for the minority of obvious spam that aren't caught
IBBoard <dev@ibboard.co.uk>
parents:
89
diff
changeset
|
70 #Bad headers (use even more sparingly!) |
|
4412f5e0b2ba
Add body checks to emails for the minority of obvious spam that aren't caught
IBBoard <dev@ibboard.co.uk>
parents:
89
diff
changeset
|
71 file { '/etc/postfix/body_checks': |
|
4412f5e0b2ba
Add body checks to emails for the minority of obvious spam that aren't caught
IBBoard <dev@ibboard.co.uk>
parents:
89
diff
changeset
|
72 source => 'puppet:///private/postfix/body_checks', |
|
4412f5e0b2ba
Add body checks to emails for the minority of obvious spam that aren't caught
IBBoard <dev@ibboard.co.uk>
parents:
89
diff
changeset
|
73 } |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
74 #Whitelisted HELO names |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
75 file { '/etc/postfix/helo_whitelist': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
76 source => 'puppet:///private/postfix/helo_whitelist', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
77 } |
|
107
28a4e01b904b
Add more Postscreen whitelisting, and a private section
IBBoard <dev@ibboard.co.uk>
parents:
92
diff
changeset
|
78 #Private whitelisted IPs for greylisting process |
|
28a4e01b904b
Add more Postscreen whitelisting, and a private section
IBBoard <dev@ibboard.co.uk>
parents:
92
diff
changeset
|
79 file { '/etc/postfix/postscreen_access_private.cidr': |
|
28a4e01b904b
Add more Postscreen whitelisting, and a private section
IBBoard <dev@ibboard.co.uk>
parents:
92
diff
changeset
|
80 source => 'puppet:///private/postfix/postscreen_access_private.cidr', |
|
28a4e01b904b
Add more Postscreen whitelisting, and a private section
IBBoard <dev@ibboard.co.uk>
parents:
92
diff
changeset
|
81 } |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
82 #Blacklist some domains (e.g. banks who don't do SPF that we don't bank with) |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
83 file { '/etc/postfix/sender_access': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
84 source => 'puppet:///private/postfix/sender_access', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
85 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
86 # Certificates |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
87 file { "/etc/pki/custom/$mailserver.crt": |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
88 ensure => present, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
89 source => "puppet:///private/pki/custom/$mailserver.crt", |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
90 owner => 'postfix', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
91 mode => 600, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
92 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
93 file { "/etc/pki/custom/$mailserver.key": |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
94 ensure => present, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
95 source => "puppet:///private/pki/custom/$mailserver.key", |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
96 owner => 'postfix', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
97 mode => 600, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
98 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
99 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
100 # Mail base dir |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
101 file { '/var/mail/vhosts/': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
102 ensure => directory, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
103 owner => 505, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
104 group => 505, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
105 mode => 700, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
106 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
107 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
108 #SPF checking |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
109 file { '/usr/local/lib/postfix-policyd-spf-perl/': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
110 ensure => directory |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
111 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
112 file { '/usr/local/lib/postfix-policyd-spf-perl/postfix-policyd-spf-perl': |
|
62
f192048f9b7e
Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
113 source => 'puppet:///modules/postfix/postfix-policyd-spf-perl', |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
114 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
115 $perl_pkgs = [ 'perl', 'perl-NetAddr-IP', 'perl-Mail-SPF', 'perl-version', 'perl-Sys-Hostname-Long'] |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
116 package { $perl_pkgs: |
|
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
126
diff
changeset
|
117 ensure => installed, |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
118 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
119 } |