smtpd: Added support for TLS and authentication
This commit is contained in:
Ossi Salmi
parent
59dd7bf606
commit
1c23696662
2 changed files with 49 additions and 9 deletions
|
|
@ -69,7 +69,19 @@ class smtpd {
|
|||
# $virtual:
|
||||
# Virtual domains to accept mail for.
|
||||
#
|
||||
class smtpd::server($maildir, $domains, $virtual=undef) inherits smtpd {
|
||||
# $ssl_key:
|
||||
# Source path of private key.
|
||||
#
|
||||
# $ssl_cert:
|
||||
# Source path of certificate.
|
||||
#
|
||||
class smtpd::server(
|
||||
$maildir,
|
||||
$domains,
|
||||
$virtual=undef,
|
||||
$ssl_key="${puppet_ssldir}/private_keys/${homename}.pem",
|
||||
$ssl_cert="${puppet_ssldir}/certs/${homename}.pem"
|
||||
) inherits smtpd {
|
||||
|
||||
include procmail
|
||||
|
||||
|
|
@ -77,12 +89,35 @@ class smtpd::server($maildir, $domains, $virtual=undef) inherits smtpd {
|
|||
content => "MAILDIR=\$HOME/${maildir}\nDEFAULT=\$MAILDIR/INBOX\n",
|
||||
}
|
||||
|
||||
$mda = "/usr/local/bin/procmail -Y -t -f %{sender} rcpt=%{rcpt}"
|
||||
$mda = "/usr/local/bin/procmail -Y -t -f %{sender}"
|
||||
|
||||
File["/etc/mail/smtpd.conf.local"] {
|
||||
content => template("smtpd/server.conf.erb"),
|
||||
}
|
||||
|
||||
file { "/etc/mail/certs":
|
||||
ensure => directory,
|
||||
mode => "0700",
|
||||
owner => "root",
|
||||
group => "wheel",
|
||||
}
|
||||
file { "/etc/mail/certs/smtpd.key":
|
||||
ensure => present,
|
||||
mode => "0600",
|
||||
owner => "root",
|
||||
group => "wheel",
|
||||
source => $ssl_key,
|
||||
notify => Service["smtpd"],
|
||||
}
|
||||
file { "/etc/mail/certs/smtpd.crt":
|
||||
ensure => present,
|
||||
mode => "0600",
|
||||
owner => "root",
|
||||
group => "wheel",
|
||||
source => $ssl_cert,
|
||||
notify => Service["smtpd"],
|
||||
}
|
||||
|
||||
file { "/etc/mail/aliases":
|
||||
ensure => present,
|
||||
mode => "0644",
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
listen on egress
|
||||
listen on egress port smtp tls certificate smtpd
|
||||
listen on egress port submission tls-require certificate smtpd
|
||||
|
||||
<% @domains.each do |domain| -%>
|
||||
table aliases.<%= domain %> db:/etc/mail/aliases.<%= domain %>.db
|
||||
|
|
@ -7,15 +8,19 @@ table aliases.<%= domain %> db:/etc/mail/aliases.<%= domain %>.db
|
|||
table virtual.<%= domain %> db:/etc/mail/virtual.<%= domain %>.db
|
||||
<% end if @virtual -%>
|
||||
|
||||
<% @domains.each do |domain| -%>
|
||||
accept from any for domain <%= domain %> alias <aliases.<%= domain%>> \
|
||||
accept from any for local alias <aliases> \
|
||||
deliver to mda "<%= @mda %>"
|
||||
|
||||
<% @domains.each do |domain| -%>
|
||||
accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \
|
||||
alias <aliases.<%= domain%>> \
|
||||
deliver to mda "<%= @mda %>"
|
||||
|
||||
<% end -%>
|
||||
<% @virtual.each do |domain| -%>
|
||||
accept from any for domain <%= domain %> virtual <virtual.<%= domain%>> \
|
||||
accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \
|
||||
virtual <virtual.<%= domain%>> \
|
||||
deliver to mda "<%= @mda %>"
|
||||
<% end if @virtual -%>
|
||||
|
||||
accept from local for local alias <aliases> \
|
||||
deliver to mda "<%= @mda %>"
|
||||
<% end if @virtual -%>
|
||||
accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %>
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue