Mercurial > repos > other > Puppet
changeset 299:8668dbeaa28a
Consolidate Postfix configs
Everything uses postscreen now, so we don't need a "CentOS7"
version.
Also fixed an issue where Postfix complained about a missing
transport.db
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Mon, 17 Feb 2020 16:12:29 +0000 |
| parents | 61e90445c899 |
| children | 220701d9799b |
| files | modules/postfix/files/master.CentOS7.cf modules/postfix/files/master.cf modules/postfix/manifests/init.pp |
| diffstat | 3 files changed, 32 insertions(+), 139 deletions(-) [+] |
line wrap: on
line diff
--- a/modules/postfix/files/master.CentOS7.cf Mon Feb 17 16:08:20 2020 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,137 +0,0 @@ -# CentOS 7 -# Postfix master process configuration file. For details on the format -# of the file, see the master(5) manual page (command: "man 5 master"). -# -# Do not forget to execute "postfix reload" after editing this file. -# -# ========================================================================== -# service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (yes) (never) (100) -# ========================================================================== -#smtp inet n - n - - smtpd -smtpd pass - - n - - smtpd -smtp inet n - n - 1 postscreen - -o smtpd_sasl_auth_enable=yes - -o receive_override_options=no_address_mappings - -o content_filter=smtp-amavis:127.0.0.1:10024 -tlsproxy unix - - n - 0 tlsproxy -dnsblog unix - - n - 0 dnsblog -#submission inet n - n - - smtpd -# -o smtpd_tls_security_level=encrypt -# -o smtpd_sasl_auth_enable=yes -# -o smtpd_client_restrictions=permit_sasl_authenticated,reject -# -o milter_macro_daemon_name=ORIGINATING -smtps inet n - n - - smtpd - -o smtpd_tls_wrappermode=yes - -o smtpd_sasl_auth_enable=yes - -o smtpd_client_restrictions=permit_sasl_authenticated,reject - -o milter_macro_daemon_name=ORIGINATING -#628 inet n - n - - qmqpd -pickup fifo n - n 60 1 pickup -cleanup unix n - n - 0 cleanup -qmgr fifo n - n 300 1 qmgr -#qmgr fifo n - n 300 1 oqmgr -tlsmgr unix - - n 1000? 1 tlsmgr -rewrite unix - - n - - trivial-rewrite -bounce unix - - n - 0 bounce -defer unix - - n - 0 bounce -trace unix - - n - 0 bounce -verify unix - - n - 1 verify -flush unix n - n 1000? 0 flush -proxymap unix - - n - - proxymap -proxywrite unix - - n - 1 proxymap -smtp unix - - n - - smtp -# When relaying mail as backup MX, disable fallback_relay to avoid MX loops -relay unix - - n - - smtp - -o smtp_fallback_relay= -# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -showq unix n - n - - showq -error unix - - n - - error -retry unix - - n - - error -discard unix - - n - - discard -local unix - n n - - local -virtual unix - n n - - virtual -lmtp unix - - n - - lmtp -anvil unix - - n - 1 anvil -scache unix - - n - 1 scache -# -# ==================================================================== -# Interfaces to non-Postfix software. Be sure to examine the manual -# pages of the non-Postfix software to find out what options it wants. -# -# Many of the following services use the Postfix pipe(8) delivery -# agent. See the pipe(8) man page for information about ${recipient} -# and other message envelope options. -# ==================================================================== -# -# maildrop. See the Postfix MAILDROP_README file for details. -# Also specify in main.cf: maildrop_destination_recipient_limit=1 -# -#maildrop unix - n n - - pipe -# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} -# -# ==================================================================== -# -# The Cyrus deliver program has changed incompatibly, multiple times. -# -#old-cyrus unix - n n - - pipe -# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} -# -# ==================================================================== -# -# Cyrus 2.1.5 (Amos Gouaux) -# Also specify in main.cf: cyrus_destination_recipient_limit=1 -# -#cyrus unix - n n - - pipe -# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} -# -# ==================================================================== -# -# See the Postfix UUCP_README file for configuration details. -# -#uucp unix - n n - - pipe -# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) -# -# ==================================================================== -# -# Other external delivery methods. -# -#ifmail unix - n n - - pipe -# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) -# -#bsmtp unix - n n - - pipe -# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient -# -#scalemail-backend unix - n n - 2 pipe -# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store -# ${nexthop} ${user} ${extension} -# -#mailman unix - n n - - pipe -# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py -# ${nexthop} ${user} - -policy unix - n n - 0 spawn - user=nobody argv=/usr/bin/perl /usr/local/lib/postfix-policyd-spf-perl/postfix-policyd-spf-perl - -# -# spam/virus section -# -smtp-amavis unix - - y - 2 smtp - -o smtp_data_done_timeout=1200 - -o disable_dns_lookups=yes - -o smtp_send_xforward_command=yes -127.0.0.1:10025 inet n - y - - smtpd - -o content_filter= - -o smtpd_helo_restrictions= - -o smtpd_sender_restrictions= - -o smtpd_recipient_restrictions=permit_mynetworks,reject - -o mynetworks=127.0.0.0/8 - -o smtpd_error_sleep_time=0 - -o smtpd_soft_error_limit=1001 - -o smtpd_hard_error_limit=1000 - -o receive_override_options=no_header_body_checks - -o smtpd_helo_required=no - -o smtpd_client_restrictions= - -o smtpd_restriction_classes= - -o disable_vrfy_command=no - -o strict_rfc821_envelopes=yes \ No newline at end of file
--- a/modules/postfix/files/master.cf Mon Feb 17 16:08:20 2020 +0000 +++ b/modules/postfix/files/master.cf Mon Feb 17 16:12:29 2020 +0000 @@ -8,7 +8,14 @@ # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== -smtp inet n - n - - smtpd +#smtp inet n - n - - smtpd +smtpd pass - - n - - smtpd +smtp inet n - n - 1 postscreen + -o smtpd_sasl_auth_enable=yes + -o receive_override_options=no_address_mappings + -o content_filter=smtp-amavis:127.0.0.1:10024 +tlsproxy unix - - n - 0 tlsproxy +dnsblog unix - - n - 0 dnsblog #submission inet n - n - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes @@ -105,3 +112,26 @@ policy unix - n n - 0 spawn user=nobody argv=/usr/bin/perl /usr/local/lib/postfix-policyd-spf-perl/postfix-policyd-spf-perl + +# +# spam/virus section +# +smtp-amavis unix - - y - 2 smtp + -o smtp_data_done_timeout=1200 + -o disable_dns_lookups=yes + -o smtp_send_xforward_command=yes +127.0.0.1:10025 inet n - y - - smtpd + -o content_filter= + -o smtpd_helo_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o mynetworks=127.0.0.0/8 + -o smtpd_error_sleep_time=0 + -o smtpd_soft_error_limit=1001 + -o smtpd_hard_error_limit=1000 + -o receive_override_options=no_header_body_checks + -o smtpd_helo_required=no + -o smtpd_client_restrictions= + -o smtpd_restriction_classes= + -o disable_vrfy_command=no + -o strict_rfc821_envelopes=yes \ No newline at end of file
--- a/modules/postfix/manifests/init.pp Mon Feb 17 16:08:20 2020 +0000 +++ b/modules/postfix/manifests/init.pp Mon Feb 17 16:12:29 2020 +0000 @@ -16,7 +16,7 @@ subscribe => Package['postfix'], } exec { 'postmap-files': - command => 'for file in helo_whitelist recipient_bcc sender_access valias valias-blacklist virtual vmailbox; do postmap $file; done', + command => 'for file in helo_whitelist recipient_bcc sender_access valias valias-blacklist virtual vmailbox transport; do postmap $file; done', cwd => '/etc/postfix/', provider => 'shell', refreshonly => true,