tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

smtpd: Added support for TLS and authentication

Browse source
This commit is contained in:
Ossi Salmi 2013-07-29 00:12:52 +03:00
parent 59dd7bf606
commit 1c23696662
2 changed files with 49 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

39
smtpd/manifests/init.pp
View file

@ -69,7 +69,19 @@ class smtpd {
# $virtual: # $virtual:
# Virtual domains to accept mail for. # Virtual domains to accept mail for.
# #
class smtpd::server($maildir, $domains, $virtual=undef) inherits smtpd { # $ssl_key:
# Source path of private key.
#
# $ssl_cert:
# Source path of certificate.
#
class smtpd::server(
$maildir,
$domains,
$virtual=undef,
$ssl_key="${puppet_ssldir}/private_keys/${homename}.pem",
$ssl_cert="${puppet_ssldir}/certs/${homename}.pem"
) inherits smtpd {
include procmail include procmail
@ -77,12 +89,35 @@ class smtpd::server($maildir, $domains, $virtual=undef) inherits smtpd {
content => "MAILDIR=\$HOME/${maildir}\nDEFAULT=\$MAILDIR/INBOX\n", content => "MAILDIR=\$HOME/${maildir}\nDEFAULT=\$MAILDIR/INBOX\n",
} }
$mda = "/usr/local/bin/procmail -Y -t -f %{sender} rcpt=%{rcpt}" $mda = "/usr/local/bin/procmail -Y -t -f %{sender}"
File["/etc/mail/smtpd.conf.local"] { File["/etc/mail/smtpd.conf.local"] {
content => template("smtpd/server.conf.erb"), content => template("smtpd/server.conf.erb"),
} }
file { "/etc/mail/certs":
ensure => directory,
mode => "0700",
owner => "root",
group => "wheel",
}
file { "/etc/mail/certs/smtpd.key":
ensure => present,
mode => "0600",
owner => "root",
group => "wheel",
source => $ssl_key,
notify => Service["smtpd"],
}
file { "/etc/mail/certs/smtpd.crt":
ensure => present,
mode => "0600",
owner => "root",
group => "wheel",
source => $ssl_cert,
notify => Service["smtpd"],
}
file { "/etc/mail/aliases": file { "/etc/mail/aliases":
ensure => present, ensure => present,
mode => "0644", mode => "0644",

19
smtpd/templates/server.conf.erb
View file

@ -1,4 +1,5 @@
listen on egress listen on egress port smtp tls certificate smtpd
listen on egress port submission tls-require certificate smtpd
<% @domains.each do |domain| -%> <% @domains.each do |domain| -%>
table aliases.<%= domain %> db:/etc/mail/aliases.<%= domain %>.db table aliases.<%= domain %> db:/etc/mail/aliases.<%= domain %>.db
@ -7,15 +8,19 @@ table aliases.<%= domain %> db:/etc/mail/aliases.<%= domain %>.db
table virtual.<%= domain %> db:/etc/mail/virtual.<%= domain %>.db table virtual.<%= domain %> db:/etc/mail/virtual.<%= domain %>.db
<% end if @virtual -%> <% end if @virtual -%>
<% @domains.each do |domain| -%> accept from any for local alias <aliases> \
accept from any for domain <%= domain %> alias <aliases.<%= domain%>> \
deliver to mda "<%= @mda %>" deliver to mda "<%= @mda %>"
<% @domains.each do |domain| -%>
accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \
alias <aliases.<%= domain%>> \
deliver to mda "<%= @mda %>"
<% end -%> <% end -%>
<% @virtual.each do |domain| -%> <% @virtual.each do |domain| -%>
accept from any for domain <%= domain %> virtual <virtual.<%= domain%>> \ accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \
virtual <virtual.<%= domain%>> \
deliver to mda "<%= @mda %>" deliver to mda "<%= @mda %>"
<% end if @virtual -%>
accept from local for local alias <aliases> \ <% end if @virtual -%>
deliver to mda "<%= @mda %>"
accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %> accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %>