smtpd: Allow disabling local delivery to act only as a relay

smtpd/manifests/init.pp

@@ -57,17 +57,21 @@ class smtpd {
 
 
 # Configure smtpd as mail server
-# 
+#
 # === Parameters
 #
 #   $maildir:
 #       Directory in user home for INBOX.
 #
+#   $local:
+#       Boolean for whether we accept mail for local recipients.
+#       Defaults to true.
+#
 #   $domains:
-#       Primary domains to accept mail for.
+#       Array of primary domains to accept mail for.
 #
 #   $virtual:
-#       Virtual domains to accept mail for.
+#       Array of virtual domains to accept mail for.
 #
 #   $ssl_key:
 #       Source path of private key.
@@ -77,7 +81,8 @@ class smtpd {
 #
 class smtpd::server(
     $maildir,
-    $domains,
+    $local=true,
+    $domains=undef,
     $virtual=undef,
     $ssl_key="${puppet_ssldir}/private_keys/${homename}.pem",
     $ssl_cert="${puppet_ssldir}/certs/${homename}.pem"
@@ -101,7 +106,7 @@ class smtpd::server(
         owner  => "root",
         group  => "wheel",
     }
-    file { "/etc/mail/certs/smtpd.key":
+    file { "/etc/mail/certs/server.key":
         ensure => present,
         mode   => "0600",
         owner  => "root",
@@ -109,7 +114,7 @@ class smtpd::server(
         source => $ssl_key,
         notify => Service["smtpd"],
     }
-    file { "/etc/mail/certs/smtpd.crt":
+    file { "/etc/mail/certs/server.crt":
         ensure => present,
         mode   => "0600",
         owner  => "root",
@@ -135,7 +140,9 @@ class smtpd::server(
         notify      => Service["smtpd"],
     }
 
-    smtpd::aliases { $domains: }
+    if $domains {
+        smtpd::aliases { $domains: }
+    }
 
     if $virtual {
         smtpd::virtual { $virtual: }

smtpd/templates/server.conf.erb

@@ -1,26 +1,39 @@
-listen on egress port smtp tls certificate smtpd
+listen on egress port smtp tls certificate server
-listen on egress port submission tls-require certificate smtpd
+listen on egress port submission tls-require certificate server
+<% if @domains or @virtual -%>
 
+# alias and virtual maps
+<% end -%>
 <% @domains.each do |domain| -%>
 table aliases.<%= domain %> db:/etc/mail/aliases.<%= domain %>.db
-<% end -%>
+<% end if @domains -%>
 <% @virtual.each do |domain| -%>
 table virtual.<%= domain %> db:/etc/mail/virtual.<%= domain %>.db
 <% end if @virtual -%>
+<% if @local == true -%>
 
+# accept for localhost and our fqdn
 accept from any for local alias <aliases> \
 	deliver to mda "<%= @mda %>"
+<% end -%>
+<% if @domains -%>
 
-<% @domains.each do |domain| -%>
+# accept for primary domains
+<%   @domains.each do |domain| -%>
 accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \
 	alias <aliases.<%= domain%>> \
 	deliver to mda "<%= @mda %>"
-
+<%   end -%>
 <% end -%>
+<% if @virtual -%>
+
+# accept for virtual domains
 <% @virtual.each do |domain| -%>
 accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \
 	virtual <virtual.<%= domain%>> \
 	deliver to mda "<%= @mda %>"
+<%   end -%>
+<% end -%>
 
-<% end if @virtual -%>
+# relay for local and authenticated users
 accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %>