diff --git a/dovecot/manifests/init.pp b/dovecot/manifests/init.pp index 49572f8..deb1efd 100644 --- a/dovecot/manifests/init.pp +++ b/dovecot/manifests/init.pp @@ -16,16 +16,14 @@ class dovecot::common { # # $dovecot_mail_domain: # Mail domain name. -# $dovecot_mx_mailname: -# MX mail name. # $dovecot_ssl_csr: # Puppet source for the CSR file. # $dovecot_ssl_cert: # Puppet source for the X.509 certificate. # $dovecot_ssl_key: # Puppet source for the X.509 key. -# $dovecot_ssl_chain: -# Puppet source for the optional X.509 chain certificate. +# $dovecot_ssl_ca: +# Puppet source for the optional X.509 ca certificate. class dovecot::server inherits dovecot::common { @@ -45,7 +43,7 @@ class dovecot::server inherits dovecot::common { } if $dovecot_ssl_csr { - file { "$dovecot_ssl_dir/private/${dovecot_mx_mailname}.csr": + file { "$dovecot_ssl_dir/private/dovecot.csr": ensure => present, source => $dovecot_ssl_csr, mode => 0640, @@ -55,10 +53,10 @@ class dovecot::server inherits dovecot::common { } } - if $dovecot_ssl_chain { - file { "$dovecot_ssl_dir/certs/${dovecot_mx_mailname}.chain.crt": + if $dovecot_ssl_ca { + file { "$dovecot_ssl_dir/certs/dovecot.ca.crt": ensure => present, - source => $dovecot_ssl_chain, + source => $dovecot_ssl_ca, mode => 0644, owner => root, group => root, @@ -67,7 +65,7 @@ class dovecot::server inherits dovecot::common { } if $dovecot_ssl_cert { - file { "$dovecot_ssl_dir/certs/${dovecot_mx_mailname}.crt": + file { "$dovecot_ssl_dir/certs/dovecot.crt": ensure => present, source => $dovecot_ssl_cert, mode => 0644, @@ -80,7 +78,7 @@ class dovecot::server inherits dovecot::common { } if $dovecot_ssl_key { - file { "$dovecot_ssl_dir/private/${dovecot_mx_mailname}.key": + file { "$dovecot_ssl_dir/private/dovecot.key": ensure => present, source => $dovecot_ssl_key, mode => 0600, diff --git a/dovecot/templates/dovecot.conf.erb b/dovecot/templates/dovecot.conf.erb index 74a476b..dfd3eb1 100644 --- a/dovecot/templates/dovecot.conf.erb +++ b/dovecot/templates/dovecot.conf.erb @@ -1,8 +1,10 @@ protocols = imaps disable_plaintext_auth = yes -ssl_cert_file = <%= dovecot_ssl_dir %>/certs/<%= dovecot_mx_mailname %>.crt -ssl_key_file = <%= dovecot_ssl_dir %>/private/<%= dovecot_mx_mailname %>.key -ssl_ca_file = <%= dovecot_ssl_dir %>/certs/<%= dovecot_mx_mailname %>.chain.crt +ssl_cert_file = <%= dovecot_ssl_dir %>/certs/dovecot.crt +ssl_key_file = <%= dovecot_ssl_dir %>/private/dovecot.key +<% if has_variable?('dovecot_ssl_ca') -%> +ssl_ca_file = <%= dovecot_ssl_dir %>/certs/dovecot.ca.crt +<% end -%> login_chroot = yes login_user = dovecot login_max_processes_count = 256 diff --git a/sendmail/manifests/init.pp b/sendmail/manifests/init.pp index 3d4a2d2..95003af 100644 --- a/sendmail/manifests/init.pp +++ b/sendmail/manifests/init.pp @@ -35,8 +35,8 @@ class sendmail::client inherits sendmail::common { file { "/usr/share/sendmail/cf/submit.mc": ensure => present, content => template("sendmail/submit.mc.erb"), - owner => root, - group => bin, + owner => "root", + group => "bin", mode => 0444, notify => Exec["make submit.cf"], } @@ -45,8 +45,8 @@ class sendmail::client inherits sendmail::common { file { "/etc/mail/submit.mc": ensure => present, content => template("sendmail/submit.mc.erb"), - owner => root, - group => root, + owner => "root", + group => "root", mode => 0644, notify => Exec["make submit.cf"], } @@ -68,10 +68,10 @@ class sendmail::client inherits sendmail::common { file { "/etc/mail/submit.cf": ensure => present, - owner => root, + owner => "root", group => $operatingsystem ? { - openbsd => wheel, - default => root, + openbsd => "wheel", + default => "root", }, mode => 0644, source => $operatingsystem ? { @@ -82,3 +82,99 @@ class sendmail::client inherits sendmail::common { } } + +# Configure Sendmail server. +# +# $sendmail_domain: +# SMTP domain name. +class sendmail::server inherits sendmail::common { + + case $operatingsystem { + centos,redhat,ubuntu: { + $sendmail_ostype = "linux" + package { ["procmail"]: + ensure => installed, + } + file { "/etc/mail/sendmail.mc": + ensure => present, + content => template("sendmail/sendmail.mc.erb"), + owner => "root", + group => "root", + mode => 0644, + notify => Exec["make sendmail.cf"], + } + file { "/etc/aliases": + ensure => present, + notify => Exec["newaliases"], + owner => "root", + group => "root", + mode => 0644, + } + file { "/etc/sysconfig/sendmail": + ensure => present, + content => "DAEMON=yes\nQUEUE=1h\n", + owner => "root", + group => "root", + mode => 0644, + notify => Service["sendmail"], + } + } openbsd: { + $sendmail_os_type = "openbsd" + file { "/usr/share/sendmail/cf/sendmail.mc": + ensure => present, + content => template("sendmail/sendmail.mc.erb"), + owner => "root", + group => "bin", + mode => 0444, + notify => Exec["make sendmail.cf"], + } + file { "/etc/aliases": + ensure => present, + notify => Exec["newaliases"], + owner => "root", + group => "wheel", + mode => 0644, + } + } + } + + exec { "make sendmail.cf": + path => "/bin:/usr/bin:/sbin:/usr/sbin", + cwd => $operatingsystem ? { + openbsd => "/usr/share/sendmail/cf", + default => "/etc/mail", + }, + require => $operatingsystem ? { + openbsd => undef, + default => Package["sendmail-cf"], + }, + refreshonly => true, + } + + file { "/etc/mail/sendmail.cf": + ensure => present, + owner => "root", + group => $operatingsystem ? { + openbsd => "wheel", + default => "root", + }, + mode => 0644, + source => $operatingsystem ? { + openbsd => "/usr/share/sendmail/cf/sendmail.cf", + default => undef, + }, + require => Exec["make sendmail.cf"], + notify => Service["sendmail"], + } + + service { "sendmail": + ensure => running, + enable => true, + require => File["/etc/mail/sendmail.cf"], + } + + exec { "newaliases": + path => "/bin:/usr/bin:/sbin:/usr/sbin", + refreshonly => true, + } +} diff --git a/sendmail/templates/sendmail.mc.erb b/sendmail/templates/sendmail.mc.erb new file mode 100644 index 0000000..c063bd5 --- /dev/null +++ b/sendmail/templates/sendmail.mc.erb @@ -0,0 +1,41 @@ +divert(-1)dnl +include(`/usr/share/sendmail-cf/m4/cf.m4')dnl +VERSIONID(`setup for <%= sendmail_ostype %>')dnl +OSTYPE(`<%= sendmail_ostype %>')dnl +define(`confDEF_USER_ID', ``8:12'')dnl +define(`confTO_CONNECT', `1m')dnl +define(`confTRY_NULL_MX_LIST', `True')dnl +define(`confDONT_PROBE_INTERFACES', `True')dnl +define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl +define(`ALIAS_FILE', `/etc/aliases')dnl +define(`STATUS_FILE', `/var/log/mail/statistics')dnl +define(`UUCP_MAILER_MAX', `2000000')dnl +define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl +define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl +define(`confTO_IDENT', `0')dnl +FEATURE(`no_default_msa', `dnl')dnl +FEATURE(`smrsh', `/usr/sbin/smrsh')dnl +FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl +FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl +FEATURE(`genericstable', `hash -o /etc/mail/genericstable.db')dnl +GENERICS_DOMAIN_FILE(`/etc/mail/local-host-names')dnl +FEATURE(redirect)dnl +FEATURE(always_add_domain)dnl +FEATURE(use_cw_file)dnl +FEATURE(use_ct_file)dnl +FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl +FEATURE(`access_db', `hash -T -o /etc/mail/access.db')dnl +FEATURE(`blacklist_recipients')dnl +EXPOSED_USER(`root')dnl +DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl +FEATURE(`accept_unresolvable_domains')dnl +LOCAL_DOMAIN(`localhost.localdomain')dnl +MASQUERADE_AS(`<%= sendmail_domain %>')dnl +FEATURE(masquerade_envelope)dnl +FEATURE(allmasquerade)dnl +define(`confMATCH_GECOS')dnl +define(`confDOMAIN_NAME', `<%= sendmail_domain %>')dnl +define(`confDONT_BLAME_SENDMAIL', `GroupWritableDirpathSafe,GroupWritableIncludeFileSafe,GroupWritableForwardFile,ForwardFileInGroupWritableDirPath')dnl +FEATURE(masquerade_entire_domain)dnl +MAILER(smtp)dnl +MAILER(procmail)dnl