Mercurial > repos > other > Puppet

view modules/postfix/manifests/init.pp @ 176:048bc4d6af43 puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Make Postfix IPv4 only We have IPv6 on the server, but not publicly routable. Disabling IPv6 through sysctl didn't work
author IBBoard <dev@ibboard.co.uk>
date Sat, 31 Mar 2018 10:19:53 +0100
parents 0dd899a10ee1
children 83885499c093
line wrap: on
line source

class postfix (
  $mailserver,
  $protocols='all'
  ){
  package { 'sendmail':
    ensure => 'absent',
  }
  service { 'sendmail':
    ensure => stopped,
  }
  package { 'postfix':
    ensure => installed;
  }
  service { 'postfix':
    ensure    => running,
    subscribe => Package['postfix'],
  }
  exec { 'postmap-files':
    command     => 'for file in helo_whitelist recipient_bcc sender_access valias valias-blacklist virtual vmailbox; do postmap $file; done',
    cwd         => '/etc/postfix/',
    provider    => 'shell',
    refreshonly => true,
    notify      => Service['postfix'],
  }
  File {
    ensure  => present,
    notify  => Exec['postmap-files'],
    require => Package['postfix'],
  }
  file { '/etc/postfix/main.cf':
    content => template('postfix/main.cf.erb'),
  }
  file { '/etc/postfix/master.cf':
    source => [
      "puppet:///modules/postfix/master.${operatingsystem}${operatingsystemmajrelease}.cf",
      'puppet:///modules/postfix/master.cf'
    ]
  }
  #Hosted domains
  file { '/etc/postfix/vdomains':
    source => 'puppet:///private/postfix/vdomains',
  }
  #Hosted mailboxes
  file { '/etc/postfix/vmailbox':
    source => 'puppet:///private/postfix/vmailbox',
  }
  #Catch-alls
  file { '/etc/postfix/virtual':
    source => 'puppet:///private/postfix/virtual',
  }
  #Forwarders/aliases
  file { '/etc/postfix/valias':
    source => 'puppet:///private/postfix/valias',
  }
  #BCCing of inbound email
  file { '/etc/postfix/recipient_bcc':
    source => 'puppet:///private/postfix/recipient_bcc',
  }
  #Spammed/removed addresses
  file { '/etc/postfix/valias-blacklist':
    source => 'puppet:///private/postfix/valias-blacklist',
  }
  #Spammed/removed address patterns
  file { '/etc/postfix/valias-blacklist-regex':
    source => 'puppet:///private/postfix/valias-blacklist-regex',
  }
  #Bad headers (use sparingly)
  file { '/etc/postfix/header_checks':
    source => 'puppet:///private/postfix/header_checks',
  }
  #Bad headers (use even more sparingly!)
  file { '/etc/postfix/body_checks':
    source => 'puppet:///private/postfix/body_checks',
  }
  #Whitelisted HELO names
  file { '/etc/postfix/helo_whitelist':
    source => 'puppet:///private/postfix/helo_whitelist',
  }
  #Private whitelisted IPs for greylisting process
  file { '/etc/postfix/postscreen_access_private.cidr':
    source => 'puppet:///private/postfix/postscreen_access_private.cidr',
  }
  #Blacklist some domains (e.g. banks who don't do SPF that we don't bank with)
  file { '/etc/postfix/sender_access':
    source => 'puppet:///private/postfix/sender_access',
  }
  # Certificates
  file { "/etc/pki/custom/$mailserver.crt":
    ensure => present,
    source => "puppet:///private/pki/custom/$mailserver.crt",
    owner  => 'postfix',
    mode   => 600,
  }
  file { "/etc/pki/custom/$mailserver.key":
    ensure => present,
    source => "puppet:///private/pki/custom/$mailserver.key",
    owner  => 'postfix',
    mode   => 600,
  }

  # Mail base dir
  file { '/var/mail/vhosts/':
    ensure => directory,
    owner => 505,
    group => 505,
    mode => 700,
  } 

  #SPF checking
  file { '/usr/local/lib/postfix-policyd-spf-perl/':
    ensure => directory
  }
  file { '/usr/local/lib/postfix-policyd-spf-perl/postfix-policyd-spf-perl':
    source => 'puppet:///modules/postfix/postfix-policyd-spf-perl',
  }
  $perl_pkgs = [ 'perl', 'perl-NetAddr-IP', 'perl-Mail-SPF', 'perl-version', 'perl-Sys-Hostname-Long']
  package { $perl_pkgs:
    ensure => installed,
  }
}