smtpd: Added support for TLS and authentication

2013-07-29 00:12:52 +03:00 · 2013-07-29 00:12:52 +03:00 · 1c23696662
commit 1c23696662
parent 59dd7bf606
2 changed files with 49 additions and 9 deletions
--- a/smtpd/manifests/init.pp
+++ b/smtpd/manifests/init.pp
@ -69,7 +69,19 @@ class smtpd {
 #   $virtual:
 #       Virtual domains to accept mail for.
 #
-class smtpd::server($maildir, $domains, $virtual=undef) inherits smtpd {
+#   $ssl_key:
+#       Source path of private key.
+#
+#   $ssl_cert:
+#       Source path of certificate.
+#
+class smtpd::server(
+    $maildir,
+    $domains,
+    $virtual=undef,
+    $ssl_key="${puppet_ssldir}/private_keys/${homename}.pem",
+    $ssl_cert="${puppet_ssldir}/certs/${homename}.pem"
+) inherits smtpd {

    include procmail

@ -77,12 +89,35 @@ class smtpd::server($maildir, $domains, $virtual=undef) inherits smtpd {
        content => "MAILDIR=\$HOME/${maildir}\nDEFAULT=\$MAILDIR/INBOX\n",
    }

-    $mda = "/usr/local/bin/procmail -Y -t -f %{sender} rcpt=%{rcpt}"
+    $mda = "/usr/local/bin/procmail -Y -t -f %{sender}"

    File["/etc/mail/smtpd.conf.local"] {
        content => template("smtpd/server.conf.erb"),
    }

+    file { "/etc/mail/certs":
+        ensure => directory,
+        mode   => "0700",
+        owner  => "root",
+        group  => "wheel",
+    }
+    file { "/etc/mail/certs/smtpd.key":
+        ensure => present,
+        mode   => "0600",
+        owner  => "root",
+        group  => "wheel",
+        source => $ssl_key,
+        notify => Service["smtpd"],
+    }
+    file { "/etc/mail/certs/smtpd.crt":
+        ensure => present,
+        mode   => "0600",
+        owner  => "root",
+        group  => "wheel",
+        source => $ssl_cert,
+        notify => Service["smtpd"],
+    }
+
    file { "/etc/mail/aliases":
        ensure => present,
        mode   => "0644",