From 8653c7d02d46957717d12ff750cf615253aad25b Mon Sep 17 00:00:00 2001 From: Ossi Salmi Date: Fri, 28 Feb 2014 22:35:34 +0200 Subject: [PATCH] smtpd: Update server config for OpenSMTPD 5.4 --- smtpd/files/generate-smtpd-gecos.sh | 2 +- smtpd/manifests/init.pp | 21 ++++++++------------- smtpd/templates/server.conf.erb | 9 ++++++--- 3 files changed, 15 insertions(+), 17 deletions(-) diff --git a/smtpd/files/generate-smtpd-gecos.sh b/smtpd/files/generate-smtpd-gecos.sh index 24a1ac1..005765e 100644 --- a/smtpd/files/generate-smtpd-gecos.sh +++ b/smtpd/files/generate-smtpd-gecos.sh @@ -1,6 +1,6 @@ #!/bin/sh -echo "# Generated" > /etc/mail/gecos +echo "# Generated by $0" > /etc/mail/gecos /usr/bin/awk -F : '{ if($3 != "0" && $7 != "/sbin/nologin") { diff --git a/smtpd/manifests/init.pp b/smtpd/manifests/init.pp index 01f82b6..3d2509a 100644 --- a/smtpd/manifests/init.pp +++ b/smtpd/manifests/init.pp @@ -98,7 +98,7 @@ class smtpd { # === Parameters # # $maildir: -# Directory in user home for INBOX. +# Directory in user home for INBOX. Defaults to "Mail". # # $local: # Boolean for whether we accept mail for local recipients. @@ -106,7 +106,7 @@ class smtpd { # # $gecos: # Boolean for whether to enable gecos aliases. -# Defaults to false. +# Defaults to true. # # $domains: # Array of primary domains to accept mail for. @@ -121,9 +121,9 @@ class smtpd { # Source path of certificate. # class smtpd::server( - $maildir, + $maildir="Mail", $local=true, - $gecos=false, + $gecos=true, $domains=undef, $virtual=undef, $ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem", @@ -154,13 +154,8 @@ class smtpd::server( before => Service["smtpd"], } - file { "/etc/mail/certs": - ensure => directory, - mode => "0700", - owner => "root", - group => "wheel", - } - file { "/etc/mail/certs/server.key": + include ssl + file { "${ssl::private}/smtpd.key": ensure => present, mode => "0600", owner => "root", @@ -168,9 +163,9 @@ class smtpd::server( source => $ssl_key, notify => Service["smtpd"], } - file { "/etc/mail/certs/server.crt": + file { "${ssl::certs}/smtpd.crt": ensure => present, - mode => "0600", + mode => "0644", owner => "root", group => "wheel", source => $ssl_cert, diff --git a/smtpd/templates/server.conf.erb b/smtpd/templates/server.conf.erb index f4fe530..9c8a43c 100644 --- a/smtpd/templates/server.conf.erb +++ b/smtpd/templates/server.conf.erb @@ -1,6 +1,9 @@ +pki egress certificate "<%= scope.lookupvar('ssl::certs') %>/smtpd.crt" +pki egress key "<%= scope.lookupvar('ssl::private') %>/smtpd.key" + listen on lo0 -listen on egress port smtp tls certificate server -listen on egress port submission tls-require certificate server auth +listen on egress port smtp tls pki egress +listen on egress port submission auth tls-require pki egress table aliases db:/etc/mail/aliases.db table clients db:/etc/mail/clients.db @@ -36,5 +39,5 @@ accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \ <% end -%> # relay for remote clients and local users -accept from for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %> +accept from source for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %> accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %>