other/Puppet: modules/postfix/manifests/init.pp annotate

annotate modules/postfix/manifests/init.pp @ 326:63e0b5149cfb

Add fallback relays to Postfix This allows us to reliably send to IPv4 servers via Mythic-Beasts' mailserver rather than getting random IPs from the NAT64 servers. The firewall rules should ensure Postfix doesn't try to send email out via NAT64 and falls back to the relay. IPv6 will still go directly.

author	IBBoard <dev@ibboard.co.uk>
date	Sat, 07 Mar 2020 14:29:34 +0000
parents	49e66019faf7
children	38bb323e8231

rev	line source
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	1 class postfix (
313 49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	2 Stdlib::Fqdn $mailserver,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	3 Stdlib::IP::Address $mailserver_ip,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	4 Optional[Stdlib::IP::Address::V6] $mailserver_proxy = undef,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	5 Array[Stdlib::IP::Address::V6] $proxy_upstream = [],
326 63e0b5149cfb Add fallback relays to Postfix IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	6 Optional[Array[Stdlib::Host]] $mailrelays = [],
63e0b5149cfb Add fallback relays to Postfix IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	7 Optional[Array[Stdlib::IP::Address::V6]] $nat64_ranges = [],
313 49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	8 Enum['all', 'ipv4', 'ipv6'] $protocols='all'
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	9 ){
313 49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	10 if $mailserver_ip =~ Stdlib::IP::Address::V4 {
302 01d1b0f6dbaf Fix more IPv4 vs IPv6 settings IBBoard <dev@ibboard.co.uk> parents: 299 diff changeset	11 $lo_ip = '127.0.0.1'
01d1b0f6dbaf Fix more IPv4 vs IPv6 settings IBBoard <dev@ibboard.co.uk> parents: 299 diff changeset	12 $lo_networks = '127.0.0.0/8'
01d1b0f6dbaf Fix more IPv4 vs IPv6 settings IBBoard <dev@ibboard.co.uk> parents: 299 diff changeset	13 } else {
313 49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	14 $lo_ip = '::1'
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	15 $lo_networks = '::1'
302 01d1b0f6dbaf Fix more IPv4 vs IPv6 settings IBBoard <dev@ibboard.co.uk> parents: 299 diff changeset	16 }
01d1b0f6dbaf Fix more IPv4 vs IPv6 settings IBBoard <dev@ibboard.co.uk> parents: 299 diff changeset	17
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	18 package { 'sendmail':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	19 ensure => 'absent',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	20 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	21 service { 'sendmail':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	22 ensure => stopped,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	23 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	24 package { 'postfix':
131 0dd899a10ee1 Change all "latest" packages to "installed" IBBoard <dev@ibboard.co.uk> parents: 126 diff changeset	25 ensure => installed;
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	26 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	27 service { 'postfix':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	28 ensure => running,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	29 subscribe => Package['postfix'],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	30 }
313 49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	31 firewall { '101 allow SMTP':
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	32 destination => $mailserver_ip,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	33 dport => [25, 465, 587],
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	34 proto => tcp,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	35 action => accept,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	36 }
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	37 if $mailserver_proxy != undef {
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	38 $proxy_upstream.each \|Stdlib::IP::Address::V6 $upstream_addr\| {
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	39 firewall { "101 limit PROXY protocol for SMTP to upstream $upstream_addr":
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	40 source => $upstream_addr,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	41 destination => $mailserver_proxy,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	42 dport => [25, 465, 587],
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	43 proto => tcp,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	44 action => accept,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	45 }
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	46 }
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	47 }
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	48
326 63e0b5149cfb Add fallback relays to Postfix IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	49 $nat64_ranges.each \|Stdlib::IP::Address::V6 $nat64_range\| {
63e0b5149cfb Add fallback relays to Postfix IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	50 # Block SMTP to the NAT64 range so that we don't fail SPF checks
63e0b5149cfb Add fallback relays to Postfix IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	51 # The server should attempt it then fall back to the relay
63e0b5149cfb Add fallback relays to Postfix IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	52 firewall { "200 Prevent SMTP over NAT64 to $nat64_range":
63e0b5149cfb Add fallback relays to Postfix IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	53 destination => $nat64_range,
63e0b5149cfb Add fallback relays to Postfix IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	54 dport => [25, 265, 587],
63e0b5149cfb Add fallback relays to Postfix IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	55 proto => tcp,
63e0b5149cfb Add fallback relays to Postfix IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	56 action => 'reject',
63e0b5149cfb Add fallback relays to Postfix IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	57 chain => 'OUTPUT',
63e0b5149cfb Add fallback relays to Postfix IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	58 }
63e0b5149cfb Add fallback relays to Postfix IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	59 }
63e0b5149cfb Add fallback relays to Postfix IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	60
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	61 exec { 'postmap-files':
299 8668dbeaa28a Consolidate Postfix configs IBBoard <dev@ibboard.co.uk> parents: 246 diff changeset	62 command => 'for file in helo_whitelist recipient_bcc sender_access valias valias-blacklist virtual vmailbox transport; do postmap $file; done',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	63 cwd => '/etc/postfix/',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	64 provider => 'shell',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	65 refreshonly => true,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	66 notify => Service['postfix'],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	67 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	68 File {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	69 ensure => present,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	70 notify => Exec['postmap-files'],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	71 require => Package['postfix'],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	72 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	73 file { '/etc/postfix/main.cf':
313 49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	74 content => epp('postfix/main.cf.epp',
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	75 {
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	76 'mailserver' => $mailserver,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	77 'lo_ip' => $lo_ip,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	78 'lo_networks' => $lo_networks,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	79 'protocols' => $protocols,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	80 }
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	81 ),
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	82 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	83 file { '/etc/postfix/master.cf':
313 49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	84 content => epp('postfix/master.cf.epp',
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	85 {
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	86 'mailserver_ip' => $mailserver_ip,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	87 'mailserver_proxy' => $mailserver_proxy,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	88 'lo_ip' => $lo_ip,
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	89 'lo_networks' => $lo_networks,
326 63e0b5149cfb Add fallback relays to Postfix IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	90 'fallback_relays' => $mailrelays,
313 49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	91 }
49e66019faf7 Configure Postfix for IPv6 w/proxy IBBoard <dev@ibboard.co.uk> parents: 302 diff changeset	92 ),
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	93 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	94 #Hosted domains
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	95 file { '/etc/postfix/vdomains':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	96 source => 'puppet:///private/postfix/vdomains',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	97 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	98 #Hosted mailboxes
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	99 file { '/etc/postfix/vmailbox':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	100 source => 'puppet:///private/postfix/vmailbox',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	101 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	102 #Catch-alls
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	103 file { '/etc/postfix/virtual':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	104 source => 'puppet:///private/postfix/virtual',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	105 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	106 #Forwarders/aliases
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	107 file { '/etc/postfix/valias':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	108 source => 'puppet:///private/postfix/valias',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	109 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	110 #BCCing of inbound email
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	111 file { '/etc/postfix/recipient_bcc':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	112 source => 'puppet:///private/postfix/recipient_bcc',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	113 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	114 #Spammed/removed addresses
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	115 file { '/etc/postfix/valias-blacklist':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	116 source => 'puppet:///private/postfix/valias-blacklist',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	117 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	118 #Spammed/removed address patterns
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	119 file { '/etc/postfix/valias-blacklist-regex':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	120 source => 'puppet:///private/postfix/valias-blacklist-regex',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	121 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	122 #Bad headers (use sparingly)
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	123 file { '/etc/postfix/header_checks':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	124 source => 'puppet:///private/postfix/header_checks',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	125 }
180 83885499c093 Strip some headers on outbound emails IBBoard <dev@ibboard.co.uk> parents: 176 diff changeset	126 #Bad body (use even more sparingly!)
92 4412f5e0b2ba Add body checks to emails for the minority of obvious spam that aren't caught IBBoard <dev@ibboard.co.uk> parents: 89 diff changeset	127 file { '/etc/postfix/body_checks':
4412f5e0b2ba Add body checks to emails for the minority of obvious spam that aren't caught IBBoard <dev@ibboard.co.uk> parents: 89 diff changeset	128 source => 'puppet:///private/postfix/body_checks',
4412f5e0b2ba Add body checks to emails for the minority of obvious spam that aren't caught IBBoard <dev@ibboard.co.uk> parents: 89 diff changeset	129 }
180 83885499c093 Strip some headers on outbound emails IBBoard <dev@ibboard.co.uk> parents: 176 diff changeset	130 # Outbound header manipulation
83885499c093 Strip some headers on outbound emails IBBoard <dev@ibboard.co.uk> parents: 176 diff changeset	131 file { '/etc/postfix/smtp_header_checks':
83885499c093 Strip some headers on outbound emails IBBoard <dev@ibboard.co.uk> parents: 176 diff changeset	132 source => 'puppet:///private/postfix/smtp_header_checks',
83885499c093 Strip some headers on outbound emails IBBoard <dev@ibboard.co.uk> parents: 176 diff changeset	133 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	134 #Whitelisted HELO names
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	135 file { '/etc/postfix/helo_whitelist':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	136 source => 'puppet:///private/postfix/helo_whitelist',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	137 }
107 28a4e01b904b Add more Postscreen whitelisting, and a private section IBBoard <dev@ibboard.co.uk> parents: 92 diff changeset	138 #Private whitelisted IPs for greylisting process
28a4e01b904b Add more Postscreen whitelisting, and a private section IBBoard <dev@ibboard.co.uk> parents: 92 diff changeset	139 file { '/etc/postfix/postscreen_access_private.cidr':
28a4e01b904b Add more Postscreen whitelisting, and a private section IBBoard <dev@ibboard.co.uk> parents: 92 diff changeset	140 source => 'puppet:///private/postfix/postscreen_access_private.cidr',
28a4e01b904b Add more Postscreen whitelisting, and a private section IBBoard <dev@ibboard.co.uk> parents: 92 diff changeset	141 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	142 #Blacklist some domains (e.g. banks who don't do SPF that we don't bank with)
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	143 file { '/etc/postfix/sender_access':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	144 source => 'puppet:///private/postfix/sender_access',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	145 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	146 # Certificates
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	147 file { "/etc/pki/custom/$mailserver.crt":
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	148 ensure => present,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	149 source => "puppet:///private/pki/custom/$mailserver.crt",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	150 owner => 'postfix',
246 c3fa3d65aa83 Update configs for Puppet 6 IBBoard <dev@ibboard.co.uk> parents: 180 diff changeset	151 mode => '0600',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	152 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	153 file { "/etc/pki/custom/$mailserver.key":
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	154 ensure => present,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	155 source => "puppet:///private/pki/custom/$mailserver.key",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	156 owner => 'postfix',
246 c3fa3d65aa83 Update configs for Puppet 6 IBBoard <dev@ibboard.co.uk> parents: 180 diff changeset	157 mode => '0600',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	158 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	159
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	160 # Mail base dir
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	161 file { '/var/mail/vhosts/':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	162 ensure => directory,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	163 owner => 505,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	164 group => 505,
246 c3fa3d65aa83 Update configs for Puppet 6 IBBoard <dev@ibboard.co.uk> parents: 180 diff changeset	165 mode => '0700',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	166 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	167
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	168 #SPF checking
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	169 file { '/usr/local/lib/postfix-policyd-spf-perl/':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	170 ensure => directory
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	171 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	172 file { '/usr/local/lib/postfix-policyd-spf-perl/postfix-policyd-spf-perl':
62 f192048f9b7e Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	173 source => 'puppet:///modules/postfix/postfix-policyd-spf-perl',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	174 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	175 $perl_pkgs = [ 'perl', 'perl-NetAddr-IP', 'perl-Mail-SPF', 'perl-version', 'perl-Sys-Hostname-Long']
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	176 package { $perl_pkgs:
131 0dd899a10ee1 Change all "latest" packages to "installed" IBBoard <dev@ibboard.co.uk> parents: 126 diff changeset	177 ensure => installed,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	178 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	179 }

Mercurial > repos > other > Puppet

annotate modules/postfix/manifests/init.pp @ 326:63e0b5149cfb