diff --git a/smtpd/manifests/init.pp b/smtpd/manifests/init.pp index 81f4459..84df21a 100644 --- a/smtpd/manifests/init.pp +++ b/smtpd/manifests/init.pp @@ -69,7 +69,19 @@ class smtpd { # $virtual: # Virtual domains to accept mail for. # -class smtpd::server($maildir, $domains, $virtual=undef) inherits smtpd { +# $ssl_key: +# Source path of private key. +# +# $ssl_cert: +# Source path of certificate. +# +class smtpd::server( + $maildir, + $domains, + $virtual=undef, + $ssl_key="${puppet_ssldir}/private_keys/${homename}.pem", + $ssl_cert="${puppet_ssldir}/certs/${homename}.pem" +) inherits smtpd { include procmail @@ -77,12 +89,35 @@ class smtpd::server($maildir, $domains, $virtual=undef) inherits smtpd { content => "MAILDIR=\$HOME/${maildir}\nDEFAULT=\$MAILDIR/INBOX\n", } - $mda = "/usr/local/bin/procmail -Y -t -f %{sender} rcpt=%{rcpt}" + $mda = "/usr/local/bin/procmail -Y -t -f %{sender}" File["/etc/mail/smtpd.conf.local"] { content => template("smtpd/server.conf.erb"), } + file { "/etc/mail/certs": + ensure => directory, + mode => "0700", + owner => "root", + group => "wheel", + } + file { "/etc/mail/certs/smtpd.key": + ensure => present, + mode => "0600", + owner => "root", + group => "wheel", + source => $ssl_key, + notify => Service["smtpd"], + } + file { "/etc/mail/certs/smtpd.crt": + ensure => present, + mode => "0600", + owner => "root", + group => "wheel", + source => $ssl_cert, + notify => Service["smtpd"], + } + file { "/etc/mail/aliases": ensure => present, mode => "0644", diff --git a/smtpd/templates/server.conf.erb b/smtpd/templates/server.conf.erb index 6131907..f83fc95 100644 --- a/smtpd/templates/server.conf.erb +++ b/smtpd/templates/server.conf.erb @@ -1,4 +1,5 @@ -listen on egress +listen on egress port smtp tls certificate smtpd +listen on egress port submission tls-require certificate smtpd <% @domains.each do |domain| -%> table aliases.<%= domain %> db:/etc/mail/aliases.<%= domain %>.db @@ -7,15 +8,19 @@ table aliases.<%= domain %> db:/etc/mail/aliases.<%= domain %>.db table virtual.<%= domain %> db:/etc/mail/virtual.<%= domain %>.db <% end if @virtual -%> -<% @domains.each do |domain| -%> -accept from any for domain <%= domain %> alias > \ +accept from any for local alias \ deliver to mda "<%= @mda %>" + +<% @domains.each do |domain| -%> +accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \ + alias > \ + deliver to mda "<%= @mda %>" + <% end -%> <% @virtual.each do |domain| -%> -accept from any for domain <%= domain %> virtual > \ +accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \ + virtual > \ deliver to mda "<%= @mda %>" -<% end if @virtual -%> -accept from local for local alias \ - deliver to mda "<%= @mda %>" +<% end if @virtual -%> accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %>