Mercurial > repos > other > Puppet
changeset 314:0cddcd21c45e
Add forgotten "EPP" format template files
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Mon, 24 Feb 2020 20:53:10 +0000 |
| parents | 49e66019faf7 |
| children | 469f2ff92df2 |
| files | modules/postfix/templates/main.cf.epp modules/postfix/templates/master.cf.epp |
| diffstat | 2 files changed, 274 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/postfix/templates/main.cf.epp Mon Feb 24 20:53:10 2020 +0000 @@ -0,0 +1,96 @@ +<%- | Stdlib::Host $mailserver, + Stdlib::IP::Address $lo_ip, + Stdlib::IP::Address $lo_networks, + Enum['ipv4', 'ipv6', 'all'] $protocols + | +-%> +data_directory = /var/lib/postfix +queue_directory = /var/spool/postfix +command_directory = /usr/sbin +daemon_directory = /usr/libexec/postfix +mail_owner = postfix +myhostname = <%= $mailserver %> +myorigin = $mydomain +inet_interfaces = all +inet_protocols = <%= $protocols %> +mydestination = $myhostname, localhost.$mydomain, localhost +smtp_host_lookup = dns, native +unknown_local_recipient_reject_code = 550 +mynetworks = [<%= $lo_networks %>] +relay_domains = +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases + + +debug_peer_level = 2 +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 +sendmail_path = /usr/sbin/sendmail.postfix +newaliases_path = /usr/bin/newaliases.postfix +mailq_path = /usr/bin/mailq.postfix +setgid_group = postdrop +html_directory = no +manpage_directory = /usr/share/man +smtpd_sasl_type = dovecot +smtpd_sasl_path = private/auth +smtpd_sasl_auth_enable = yes +policy_time_limit = 3600 +smtpd_tls_received_header = yes +smtpd_tls_security_level = may +smtpd_tls_auth_only = no +smtpd_tls_loglevel = 0 +smtpd_tls_ciphers = high +smtpd_tls_exclude_ciphers = aNULL, MD5 +smtpd_tls_protocols = !SSLv2 +smtpd_tls_mandatory_ciphers = high +smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 +smtpd_tls_mandatory_protocols = !SSLv2 +smtpd_tls_key_file = /etc/pki/custom/<%= $mailserver %>.key +smtpd_tls_cert_file = /etc/pki/custom/<%= $mailserver %>.crt +smtp_tls_CApath = /etc/pki/tls/certs +smtp_tls_security_level = may +smtp_tls_ciphers = export +smtp_tls_exclude_ciphers = aNULL, MD5 +smtp_tls_protocols = !SSLv2 +smtp_tls_mandatory_ciphers = high +smtp_tls_mandatory_exclude_ciphers = aNULL, MD5 +smtp_tls_mandatory_protocols = !SSLv2 +tls_preempt_cipherlist = yes +smtpd_tls_eecdh_grade = strong +virtual_mailbox_domains = /etc/postfix/vdomains +virtual_mailbox_base = /var/mail/vhosts +virtual_mailbox_maps = hash:/etc/postfix/vmailbox +virtual_uid_maps = static:505 +virtual_gid_maps = static:505 +virtual_alias_maps = hash:/etc/postfix/valias +recipient_bcc_maps = hash:/etc/postfix/recipient_bcc +smtpd_helo_required = yes +smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, check_helo_access hash:/etc/postfix/helo_whitelist, permit +smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit +smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/valias-blacklist, check_recipient_access regexp:/etc/postfix/valias-blacklist-regex, check_policy_service unix:private/policy +smtpd_data_restrictions = reject_unauth_pipelining +transport_maps = hash:/etc/postfix/transport +message_size_limit = 15000000 +header_checks = regexp:/etc/postfix/header_checks +body_checks = regexp:/etc/postfix/body_checks +smtp_header_checks = regexp:/etc/postfix/smtp_header_checks + +# The following may not be used by all versions of Postfix +postscreen_dnsbl_threshold = 2 +postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 b.barracudacentral.org*1 +postscreen_dnsbl_action = enforce + +postscreen_greet_banner = Establishing connection... +postscreen_greet_action = enforce + +postscreen_pipelining_enable = yes +postscreen_pipelining_action = enforce + +postscreen_non_smtp_command_enable = yes +postscreen_non_smtp_command_action = enforce + +postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access_private.cidr, cidr:/etc/postfix/postscreen_spf_whitelist.cidr +postscreen_blacklist_action = enforce + +content_filter = smtp-amavis:[<%= $lo_ip %>]:10024
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/postfix/templates/master.cf.epp Mon Feb 24 20:53:10 2020 +0000 @@ -0,0 +1,178 @@ +<%- | + Stdlib::IP::Address $mailserver_ip, + Optional[Stdlib::IP::Address] $mailserver_proxy = undef, + Stdlib::IP::Address $lo_ip, + Stdlib::IP::Address $lo_networks, + | +-%> +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master"). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (yes) (never) (100) +# ========================================================================== +#smtp inet n - n - - smtpd +smtpd pass - - n - - smtpd +[<%= $mailserver_ip %>]:smtp inet n - n - 1 postscreen + -o smtpd_sasl_auth_enable=yes + -o receive_override_options=no_address_mappings + -o content_filter=smtp-amavis:[<%= $lo_ip %>]:10024 + <%- if $mailserver_ip =~ Stdlib::IP::Address::V6 { -%> + -o smtp_bind_address=<%= $mailserver_ip %> + <%- } else { -%> + -o smtp_bind_address6=<%= $mailserver_ip %> + <%- } -%> +<%- if $mailserver_proxy != undef { -%> +[<%= $mailserver_proxy %>]:smtp inet n - n - 1 postscreen + -o smtp_bind_address6=<%= $mailserver_proxy %> + -o postscreen_upstream_proxy_protocol=haproxy +[<%= $mailserver_proxy %>]:smtps inet n - n - - smtpd + -o smtp_bind_address6=<%= $mailserver_proxy %> + -o postscreen_upstream_proxy_protocol=haproxy + -o smtpd_tls_wrappermode=yes + -o smtpd_sasl_auth_enable=yes + -o smtpd_client_restrictions=permit_sasl_authenticated,reject + -o milter_macro_daemon_name=ORIGINATING +[<%= $mailserver_proxy %>]:submission inet n - n - - smtpd + -o smtp_bind_address6=<%= $mailserver_proxy %> + -o postscreen_upstream_proxy_protocol=haproxy + -o smtpd_tls_security_level=encrypt + -o smtpd_sasl_auth_enable=yes + -o smtpd_client_restrictions=permit_sasl_authenticated,reject + -o milter_macro_daemon_name=ORIGINATING +<%- } -%> +tlsproxy unix - - n - 0 tlsproxy +dnsblog unix - - n - 0 dnsblog +[<%= $mailserver_ip %>]:submission inet n - n - - smtpd + <%- if $mailserver_ip =~ Stdlib::IP::Address::V6 { -%> + -o smtp_bind_address=<%= $mailserver_ip %> + <%- } else { -%> + -o smtp_bind_address6=<%= $mailserver_ip %> + <%- } -%> + -o smtpd_tls_security_level=encrypt + -o smtpd_sasl_auth_enable=yes + -o smtpd_client_restrictions=permit_sasl_authenticated,reject + -o milter_macro_daemon_name=ORIGINATING +[<%= $mailserver_ip %>]:smtps inet n - n - - smtpd + <%- if $mailserver_ip =~ Stdlib::IP::Address::V6 { -%> + -o smtp_bind_address=<%= $mailserver_ip %> + <%- } else { -%> + -o smtp_bind_address6=<%= $mailserver_ip %> + <%- } -%> + -o smtpd_tls_wrappermode=yes + -o smtpd_sasl_auth_enable=yes + -o smtpd_client_restrictions=permit_sasl_authenticated,reject + -o milter_macro_daemon_name=ORIGINATING +#628 inet n - n - - qmqpd +pickup fifo n - n 60 1 pickup +cleanup unix n - n - 0 cleanup +qmgr fifo n - n 300 1 qmgr +#qmgr fifo n - n 300 1 oqmgr +tlsmgr unix - - n 1000? 1 tlsmgr +rewrite unix - - n - - trivial-rewrite +bounce unix - - n - 0 bounce +defer unix - - n - 0 bounce +trace unix - - n - 0 bounce +verify unix - - n - 1 verify +flush unix n - n 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - n - - smtp +# When relaying mail as backup MX, disable fallback_relay to avoid MX loops +relay unix - - n - - smtp + -o smtp_fallback_relay= +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - n - - showq +error unix - - n - - error +retry unix - - n - - error +discard unix - - n - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - n - - lmtp +anvil unix - - n - 1 anvil +scache unix - - n - 1 scache +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +#maildrop unix - n n - - pipe +# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# The Cyrus deliver program has changed incompatibly, multiple times. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +#uucp unix - n n - - pipe +# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# ==================================================================== +# +# Other external delivery methods. +# +#ifmail unix - n n - - pipe +# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +# +#bsmtp unix - n n - - pipe +# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient +# +#scalemail-backend unix - n n - 2 pipe +# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store +# ${nexthop} ${user} ${extension} +# +#mailman unix - n n - - pipe +# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py +# ${nexthop} ${user} + +policy unix - n n - 0 spawn + user=nobody argv=/usr/bin/perl /usr/local/lib/postfix-policyd-spf-perl/postfix-policyd-spf-perl + +# +# spam/virus section +# +smtp-amavis unix - - y - 2 smtp + -o smtp_data_done_timeout=1200 + -o disable_dns_lookups=yes + -o smtp_send_xforward_command=yes +[<%= $lo_ip %>]:10025 inet n - y - - smtpd + -o content_filter= + -o smtpd_helo_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o mynetworks=[<%= $lo_networks %>] + -o smtpd_error_sleep_time=0 + -o smtpd_soft_error_limit=1001 + -o smtpd_hard_error_limit=1000 + -o receive_override_options=no_header_body_checks + -o smtpd_helo_required=no + -o smtpd_client_restrictions= + -o smtpd_restriction_classes= + -o disable_vrfy_command=no + -o strict_rfc821_envelopes=yes \ No newline at end of file