Mercurial > repos > other > Puppet
annotate modules/postfix/manifests/init.pp @ 246:c3fa3d65aa83
Update configs for Puppet 6
This *should* all be backward compatible
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sat, 21 Dec 2019 14:19:47 -0500 |
parents | 83885499c093 |
children | 8668dbeaa28a |
rev | line source |
---|---|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
1 class postfix ( |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
2 $mailserver, |
176 | 3 $protocols='all' |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
4 ){ |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
5 package { 'sendmail': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
6 ensure => 'absent', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
7 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
8 service { 'sendmail': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
9 ensure => stopped, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
10 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
11 package { 'postfix': |
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
126
diff
changeset
|
12 ensure => installed; |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
13 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
14 service { 'postfix': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
15 ensure => running, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
16 subscribe => Package['postfix'], |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
17 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
18 exec { 'postmap-files': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
19 command => 'for file in helo_whitelist recipient_bcc sender_access valias valias-blacklist virtual vmailbox; do postmap $file; done', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
20 cwd => '/etc/postfix/', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
21 provider => 'shell', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
22 refreshonly => true, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
23 notify => Service['postfix'], |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
24 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
25 File { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
26 ensure => present, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
27 notify => Exec['postmap-files'], |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
28 require => Package['postfix'], |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
29 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
30 file { '/etc/postfix/main.cf': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
31 content => template('postfix/main.cf.erb'), |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
32 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
33 file { '/etc/postfix/master.cf': |
62
f192048f9b7e
Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
34 source => [ |
f192048f9b7e
Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
35 "puppet:///modules/postfix/master.${operatingsystem}${operatingsystemmajrelease}.cf", |
f192048f9b7e
Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
36 'puppet:///modules/postfix/master.cf' |
f192048f9b7e
Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
37 ] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
38 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
39 #Hosted domains |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
40 file { '/etc/postfix/vdomains': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
41 source => 'puppet:///private/postfix/vdomains', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
42 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
43 #Hosted mailboxes |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
44 file { '/etc/postfix/vmailbox': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
45 source => 'puppet:///private/postfix/vmailbox', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
46 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
47 #Catch-alls |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
48 file { '/etc/postfix/virtual': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
49 source => 'puppet:///private/postfix/virtual', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
50 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
51 #Forwarders/aliases |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
52 file { '/etc/postfix/valias': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
53 source => 'puppet:///private/postfix/valias', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
54 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
55 #BCCing of inbound email |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
56 file { '/etc/postfix/recipient_bcc': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
57 source => 'puppet:///private/postfix/recipient_bcc', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
58 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
59 #Spammed/removed addresses |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
60 file { '/etc/postfix/valias-blacklist': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
61 source => 'puppet:///private/postfix/valias-blacklist', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
62 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
63 #Spammed/removed address patterns |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
64 file { '/etc/postfix/valias-blacklist-regex': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
65 source => 'puppet:///private/postfix/valias-blacklist-regex', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
66 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
67 #Bad headers (use sparingly) |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
68 file { '/etc/postfix/header_checks': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
69 source => 'puppet:///private/postfix/header_checks', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
70 } |
180
83885499c093
Strip some headers on outbound emails
IBBoard <dev@ibboard.co.uk>
parents:
176
diff
changeset
|
71 #Bad body (use even more sparingly!) |
92
4412f5e0b2ba
Add body checks to emails for the minority of obvious spam that aren't caught
IBBoard <dev@ibboard.co.uk>
parents:
89
diff
changeset
|
72 file { '/etc/postfix/body_checks': |
4412f5e0b2ba
Add body checks to emails for the minority of obvious spam that aren't caught
IBBoard <dev@ibboard.co.uk>
parents:
89
diff
changeset
|
73 source => 'puppet:///private/postfix/body_checks', |
4412f5e0b2ba
Add body checks to emails for the minority of obvious spam that aren't caught
IBBoard <dev@ibboard.co.uk>
parents:
89
diff
changeset
|
74 } |
180
83885499c093
Strip some headers on outbound emails
IBBoard <dev@ibboard.co.uk>
parents:
176
diff
changeset
|
75 # Outbound header manipulation |
83885499c093
Strip some headers on outbound emails
IBBoard <dev@ibboard.co.uk>
parents:
176
diff
changeset
|
76 file { '/etc/postfix/smtp_header_checks': |
83885499c093
Strip some headers on outbound emails
IBBoard <dev@ibboard.co.uk>
parents:
176
diff
changeset
|
77 source => 'puppet:///private/postfix/smtp_header_checks', |
83885499c093
Strip some headers on outbound emails
IBBoard <dev@ibboard.co.uk>
parents:
176
diff
changeset
|
78 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
79 #Whitelisted HELO names |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
80 file { '/etc/postfix/helo_whitelist': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
81 source => 'puppet:///private/postfix/helo_whitelist', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
82 } |
107
28a4e01b904b
Add more Postscreen whitelisting, and a private section
IBBoard <dev@ibboard.co.uk>
parents:
92
diff
changeset
|
83 #Private whitelisted IPs for greylisting process |
28a4e01b904b
Add more Postscreen whitelisting, and a private section
IBBoard <dev@ibboard.co.uk>
parents:
92
diff
changeset
|
84 file { '/etc/postfix/postscreen_access_private.cidr': |
28a4e01b904b
Add more Postscreen whitelisting, and a private section
IBBoard <dev@ibboard.co.uk>
parents:
92
diff
changeset
|
85 source => 'puppet:///private/postfix/postscreen_access_private.cidr', |
28a4e01b904b
Add more Postscreen whitelisting, and a private section
IBBoard <dev@ibboard.co.uk>
parents:
92
diff
changeset
|
86 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
87 #Blacklist some domains (e.g. banks who don't do SPF that we don't bank with) |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
88 file { '/etc/postfix/sender_access': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
89 source => 'puppet:///private/postfix/sender_access', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
90 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
91 # Certificates |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
92 file { "/etc/pki/custom/$mailserver.crt": |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
93 ensure => present, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
94 source => "puppet:///private/pki/custom/$mailserver.crt", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
95 owner => 'postfix', |
246 | 96 mode => '0600', |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
97 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
98 file { "/etc/pki/custom/$mailserver.key": |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
99 ensure => present, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
100 source => "puppet:///private/pki/custom/$mailserver.key", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
101 owner => 'postfix', |
246 | 102 mode => '0600', |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
103 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
104 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
105 # Mail base dir |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
106 file { '/var/mail/vhosts/': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
107 ensure => directory, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
108 owner => 505, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
109 group => 505, |
246 | 110 mode => '0700', |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
111 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
112 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
113 #SPF checking |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
114 file { '/usr/local/lib/postfix-policyd-spf-perl/': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
115 ensure => directory |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
116 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
117 file { '/usr/local/lib/postfix-policyd-spf-perl/postfix-policyd-spf-perl': |
62
f192048f9b7e
Add CentOS 7 config for postfix to take advantage of Postfix 2.10 and Postscreen
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
118 source => 'puppet:///modules/postfix/postfix-policyd-spf-perl', |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
119 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
120 $perl_pkgs = [ 'perl', 'perl-NetAddr-IP', 'perl-Mail-SPF', 'perl-version', 'perl-Sys-Hostname-Long'] |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
121 package { $perl_pkgs: |
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
126
diff
changeset
|
122 ensure => installed, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
123 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
124 } |