smtpd: Allow disabling local delivery to act only as a relay

2013-07-29 00:56:31 +03:00 · 2013-07-29 00:56:31 +03:00 · 31f9fc449c
commit 31f9fc449c
parent 33bfafbdbe
2 changed files with 33 additions and 13 deletions
--- a/smtpd/manifests/init.pp
+++ b/smtpd/manifests/init.pp
@ -63,11 +63,15 @@ class smtpd {
 #   $maildir:
 #       Directory in user home for INBOX.
 #
+#   $local:
+#       Boolean for whether we accept mail for local recipients.
+#       Defaults to true.
+#
 #   $domains:
-#       Primary domains to accept mail for.
+#       Array of primary domains to accept mail for.
 #
 #   $virtual:
-#       Virtual domains to accept mail for.
+#       Array of virtual domains to accept mail for.
 #
 #   $ssl_key:
 #       Source path of private key.
@ -77,7 +81,8 @@ class smtpd {
 #
 class smtpd::server(
    $maildir,
-    $domains,
+    $local=true,
+    $domains=undef,
    $virtual=undef,
    $ssl_key="${puppet_ssldir}/private_keys/${homename}.pem",
    $ssl_cert="${puppet_ssldir}/certs/${homename}.pem"
@ -101,7 +106,7 @@ class smtpd::server(
        owner  => "root",
        group  => "wheel",
    }
-    file { "/etc/mail/certs/smtpd.key":
+    file { "/etc/mail/certs/server.key":
        ensure => present,
        mode   => "0600",
        owner  => "root",
@ -109,7 +114,7 @@ class smtpd::server(
        source => $ssl_key,
        notify => Service["smtpd"],
    }
-    file { "/etc/mail/certs/smtpd.crt":
+    file { "/etc/mail/certs/server.crt":
        ensure => present,
        mode   => "0600",
        owner  => "root",
@ -135,7 +140,9 @@ class smtpd::server(
        notify      => Service["smtpd"],
    }

+    if $domains {
        smtpd::aliases { $domains: }
+    }

    if $virtual {
        smtpd::virtual { $virtual: }
--- a/smtpd/templates/server.conf.erb
+++ b/smtpd/templates/server.conf.erb
@ -1,26 +1,39 @@
-listen on egress port smtp tls certificate smtpd
-listen on egress port submission tls-require certificate smtpd
+listen on egress port smtp tls certificate server
+listen on egress port submission tls-require certificate server
+<% if @domains or @virtual -%>

+# alias and virtual maps
+<% end -%>
 <% @domains.each do |domain| -%>
 table aliases.<%= domain %> db:/etc/mail/aliases.<%= domain %>.db
-<% end -%>
+<% end if @domains -%>
 <% @virtual.each do |domain| -%>
 table virtual.<%= domain %> db:/etc/mail/virtual.<%= domain %>.db
 <% end if @virtual -%>
+<% if @local == true -%>

+# accept for localhost and our fqdn
 accept from any for local alias <aliases> \
 	deliver to mda "<%= @mda %>"
+<% end -%>
+<% if @domains -%>

+# accept for primary domains
 <%   @domains.each do |domain| -%>
 accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \
 	alias <aliases.<%= domain%>> \
 	deliver to mda "<%= @mda %>"
-
 <%   end -%>
+<% end -%>
+<% if @virtual -%>
+
+# accept for virtual domains
 <% @virtual.each do |domain| -%>
 accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \
 	virtual <virtual.<%= domain%>> \
 	deliver to mda "<%= @mda %>"
+<%   end -%>
+<% end -%>

-<% end if @virtual -%>
+# relay for local and authenticated users
 accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %>