Mercurial > repos > other > Puppet
view modules/postfix/manifests/init.pp @ 302:01d1b0f6dbaf
Fix more IPv4 vs IPv6 settings
Postfix wouldn't look up "localhost" but accepts IPs
Checking for the existance of "ipaddress" covers us for now as a
work-around, because IPv6-only doesn't have "ipaddress" but "IPv4
with IPv6 link-local" does have "ipaddress6"
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Mon, 17 Feb 2020 19:45:46 +0000 |
| parents | 8668dbeaa28a |
| children | 49e66019faf7 |
line wrap: on
line source
class postfix ( $mailserver, $protocols='all' ){ if has_key($facts, 'ipaddress') { $lo_ip = '127.0.0.1' $lo_networks = '127.0.0.0/8' } else { $lo_ip = '[::1]' $lo_networks = '[::1]' } package { 'sendmail': ensure => 'absent', } service { 'sendmail': ensure => stopped, } package { 'postfix': ensure => installed; } service { 'postfix': ensure => running, subscribe => Package['postfix'], } exec { 'postmap-files': command => 'for file in helo_whitelist recipient_bcc sender_access valias valias-blacklist virtual vmailbox transport; do postmap $file; done', cwd => '/etc/postfix/', provider => 'shell', refreshonly => true, notify => Service['postfix'], } File { ensure => present, notify => Exec['postmap-files'], require => Package['postfix'], } file { '/etc/postfix/main.cf': content => template('postfix/main.cf.erb'), } file { '/etc/postfix/master.cf': content => template('postfix/master.cf.erb'), } #Hosted domains file { '/etc/postfix/vdomains': source => 'puppet:///private/postfix/vdomains', } #Hosted mailboxes file { '/etc/postfix/vmailbox': source => 'puppet:///private/postfix/vmailbox', } #Catch-alls file { '/etc/postfix/virtual': source => 'puppet:///private/postfix/virtual', } #Forwarders/aliases file { '/etc/postfix/valias': source => 'puppet:///private/postfix/valias', } #BCCing of inbound email file { '/etc/postfix/recipient_bcc': source => 'puppet:///private/postfix/recipient_bcc', } #Spammed/removed addresses file { '/etc/postfix/valias-blacklist': source => 'puppet:///private/postfix/valias-blacklist', } #Spammed/removed address patterns file { '/etc/postfix/valias-blacklist-regex': source => 'puppet:///private/postfix/valias-blacklist-regex', } #Bad headers (use sparingly) file { '/etc/postfix/header_checks': source => 'puppet:///private/postfix/header_checks', } #Bad body (use even more sparingly!) file { '/etc/postfix/body_checks': source => 'puppet:///private/postfix/body_checks', } # Outbound header manipulation file { '/etc/postfix/smtp_header_checks': source => 'puppet:///private/postfix/smtp_header_checks', } #Whitelisted HELO names file { '/etc/postfix/helo_whitelist': source => 'puppet:///private/postfix/helo_whitelist', } #Private whitelisted IPs for greylisting process file { '/etc/postfix/postscreen_access_private.cidr': source => 'puppet:///private/postfix/postscreen_access_private.cidr', } #Blacklist some domains (e.g. banks who don't do SPF that we don't bank with) file { '/etc/postfix/sender_access': source => 'puppet:///private/postfix/sender_access', } # Certificates file { "/etc/pki/custom/$mailserver.crt": ensure => present, source => "puppet:///private/pki/custom/$mailserver.crt", owner => 'postfix', mode => '0600', } file { "/etc/pki/custom/$mailserver.key": ensure => present, source => "puppet:///private/pki/custom/$mailserver.key", owner => 'postfix', mode => '0600', } # Mail base dir file { '/var/mail/vhosts/': ensure => directory, owner => 505, group => 505, mode => '0700', } #SPF checking file { '/usr/local/lib/postfix-policyd-spf-perl/': ensure => directory } file { '/usr/local/lib/postfix-policyd-spf-perl/postfix-policyd-spf-perl': source => 'puppet:///modules/postfix/postfix-policyd-spf-perl', } $perl_pkgs = [ 'perl', 'perl-NetAddr-IP', 'perl-Mail-SPF', 'perl-version', 'perl-Sys-Hostname-Long'] package { $perl_pkgs: ensure => installed, } }