other/Puppet: modules/postfix/manifests/init.pp annotate

annotate modules/postfix/manifests/init.pp @ 180:83885499c093 puppet-3.6

Strip some headers on outbound emails Necessary because GMail app on Android using an account on our server adds half of the MS Outlook headers, but not the others and this causes SpamAssassin to flag as spam

author	IBBoard <dev@ibboard.co.uk>
date	Sun, 05 Aug 2018 10:40:51 +0100
parents	048bc4d6af43
children	c3fa3d65aa83

rev	line source
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	1 class postfix (
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	2 $mailserver,
176 048bc4d6af43 Make Postfix IPv4 only IBBoard <dev@ibboard.co.uk> parents: 131 diff changeset	3 $protocols='all'
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	4 ){
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	5 package { 'sendmail':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	6 ensure => 'absent',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	7 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	8 service { 'sendmail':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	9 ensure => stopped,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	10 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	11 package { 'postfix':
131 0dd899a10ee1 Change all "latest" packages to "installed" IBBoard <dev@ibboard.co.uk> parents: 126 diff changeset	12 ensure => installed;
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	13 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	14 service { 'postfix':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	15 ensure => running,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	16 subscribe => Package['postfix'],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	17 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	18 exec { 'postmap-files':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	19 command => 'for file in helo_whitelist recipient_bcc sender_access valias valias-blacklist virtual vmailbox; do postmap $file; done',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	20 cwd => '/etc/postfix/',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	21 provider => 'shell',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	22 refreshonly => true,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	23 notify => Service['postfix'],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	24 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	25 File {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	26 ensure => present,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	27 notify => Exec['postmap-files'],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	28 require => Package['postfix'],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	29 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	30 file { '/etc/postfix/main.cf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	31 content => template('postfix/main.cf.erb'),
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	32 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	33 file { '/etc/postfix/master.cf':
62 f192048f9b7e Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	34 source => [
f192048f9b7e Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	35 "puppet:///modules/postfix/master.${operatingsystem}${operatingsystemmajrelease}.cf",
f192048f9b7e Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	36 'puppet:///modules/postfix/master.cf'
f192048f9b7e Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	37 ]
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	38 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	39 #Hosted domains
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	40 file { '/etc/postfix/vdomains':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	41 source => 'puppet:///private/postfix/vdomains',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	42 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	43 #Hosted mailboxes
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	44 file { '/etc/postfix/vmailbox':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	45 source => 'puppet:///private/postfix/vmailbox',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	46 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	47 #Catch-alls
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	48 file { '/etc/postfix/virtual':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	49 source => 'puppet:///private/postfix/virtual',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	50 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	51 #Forwarders/aliases
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	52 file { '/etc/postfix/valias':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	53 source => 'puppet:///private/postfix/valias',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	54 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	55 #BCCing of inbound email
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	56 file { '/etc/postfix/recipient_bcc':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	57 source => 'puppet:///private/postfix/recipient_bcc',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	58 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	59 #Spammed/removed addresses
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	60 file { '/etc/postfix/valias-blacklist':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	61 source => 'puppet:///private/postfix/valias-blacklist',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	62 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	63 #Spammed/removed address patterns
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	64 file { '/etc/postfix/valias-blacklist-regex':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	65 source => 'puppet:///private/postfix/valias-blacklist-regex',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	66 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	67 #Bad headers (use sparingly)
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	68 file { '/etc/postfix/header_checks':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	69 source => 'puppet:///private/postfix/header_checks',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	70 }
180 83885499c093 Strip some headers on outbound emails IBBoard <dev@ibboard.co.uk> parents: 176 diff changeset	71 #Bad body (use even more sparingly!)
92 4412f5e0b2ba Add body checks to emails for the minority of obvious spam that aren't caught IBBoard <dev@ibboard.co.uk> parents: 89 diff changeset	72 file { '/etc/postfix/body_checks':
4412f5e0b2ba Add body checks to emails for the minority of obvious spam that aren't caught IBBoard <dev@ibboard.co.uk> parents: 89 diff changeset	73 source => 'puppet:///private/postfix/body_checks',
4412f5e0b2ba Add body checks to emails for the minority of obvious spam that aren't caught IBBoard <dev@ibboard.co.uk> parents: 89 diff changeset	74 }
180 83885499c093 Strip some headers on outbound emails IBBoard <dev@ibboard.co.uk> parents: 176 diff changeset	75 # Outbound header manipulation
83885499c093 Strip some headers on outbound emails IBBoard <dev@ibboard.co.uk> parents: 176 diff changeset	76 file { '/etc/postfix/smtp_header_checks':
83885499c093 Strip some headers on outbound emails IBBoard <dev@ibboard.co.uk> parents: 176 diff changeset	77 source => 'puppet:///private/postfix/smtp_header_checks',
83885499c093 Strip some headers on outbound emails IBBoard <dev@ibboard.co.uk> parents: 176 diff changeset	78 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	79 #Whitelisted HELO names
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	80 file { '/etc/postfix/helo_whitelist':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	81 source => 'puppet:///private/postfix/helo_whitelist',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	82 }
107 28a4e01b904b Add more Postscreen whitelisting, and a private section IBBoard <dev@ibboard.co.uk> parents: 92 diff changeset	83 #Private whitelisted IPs for greylisting process
28a4e01b904b Add more Postscreen whitelisting, and a private section IBBoard <dev@ibboard.co.uk> parents: 92 diff changeset	84 file { '/etc/postfix/postscreen_access_private.cidr':
28a4e01b904b Add more Postscreen whitelisting, and a private section IBBoard <dev@ibboard.co.uk> parents: 92 diff changeset	85 source => 'puppet:///private/postfix/postscreen_access_private.cidr',
28a4e01b904b Add more Postscreen whitelisting, and a private section IBBoard <dev@ibboard.co.uk> parents: 92 diff changeset	86 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	87 #Blacklist some domains (e.g. banks who don't do SPF that we don't bank with)
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	88 file { '/etc/postfix/sender_access':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	89 source => 'puppet:///private/postfix/sender_access',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	90 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	91 # Certificates
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	92 file { "/etc/pki/custom/$mailserver.crt":
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	93 ensure => present,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	94 source => "puppet:///private/pki/custom/$mailserver.crt",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	95 owner => 'postfix',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	96 mode => 600,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	97 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	98 file { "/etc/pki/custom/$mailserver.key":
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	99 ensure => present,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	100 source => "puppet:///private/pki/custom/$mailserver.key",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	101 owner => 'postfix',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	102 mode => 600,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	103 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	104
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	105 # Mail base dir
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	106 file { '/var/mail/vhosts/':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	107 ensure => directory,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	108 owner => 505,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	109 group => 505,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	110 mode => 700,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	111 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	112
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	113 #SPF checking
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	114 file { '/usr/local/lib/postfix-policyd-spf-perl/':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	115 ensure => directory
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	116 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	117 file { '/usr/local/lib/postfix-policyd-spf-perl/postfix-policyd-spf-perl':
62 f192048f9b7e Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	118 source => 'puppet:///modules/postfix/postfix-policyd-spf-perl',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	119 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	120 $perl_pkgs = [ 'perl', 'perl-NetAddr-IP', 'perl-Mail-SPF', 'perl-version', 'perl-Sys-Hostname-Long']
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	121 package { $perl_pkgs:
131 0dd899a10ee1 Change all "latest" packages to "installed" IBBoard <dev@ibboard.co.uk> parents: 126 diff changeset	122 ensure => installed,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	123 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	124 }

Mercurial > repos > other > Puppet

annotate modules/postfix/manifests/init.pp @ 180:83885499c093 puppet-3.6