tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

smtpd: Update server config for OpenSMTPD 5.4

Browse source
This commit is contained in:
Ossi Salmi 2014-02-28 22:35:34 +02:00
parent fbadf40c91
commit 8653c7d02d
3 changed files with 15 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
smtpd/files/generate-smtpd-gecos.sh
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
echo "# Generated" > /etc/mail/gecos echo "# Generated by $0" > /etc/mail/gecos
/usr/bin/awk -F : '{ /usr/bin/awk -F : '{
if($3 != "0" && $7 != "/sbin/nologin") { if($3 != "0" && $7 != "/sbin/nologin") {

21
smtpd/manifests/init.pp
View file

@ -98,7 +98,7 @@ class smtpd {
# === Parameters # === Parameters
# #
# $maildir: # $maildir:
# Directory in user home for INBOX. # Directory in user home for INBOX. Defaults to "Mail".
# #
# $local: # $local:
# Boolean for whether we accept mail for local recipients. # Boolean for whether we accept mail for local recipients.
@ -106,7 +106,7 @@ class smtpd {
# #
# $gecos: # $gecos:
# Boolean for whether to enable gecos aliases. # Boolean for whether to enable gecos aliases.
# Defaults to false. # Defaults to true.
# #
# $domains: # $domains:
# Array of primary domains to accept mail for. # Array of primary domains to accept mail for.
@ -121,9 +121,9 @@ class smtpd {
# Source path of certificate. # Source path of certificate.
# #
class smtpd::server( class smtpd::server(
$maildir, $maildir="Mail",
$local=true, $local=true,
$gecos=false, $gecos=true,
$domains=undef, $domains=undef,
$virtual=undef, $virtual=undef,
$ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem", $ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem",
@ -154,13 +154,8 @@ class smtpd::server(
before => Service["smtpd"], before => Service["smtpd"],
} }
file { "/etc/mail/certs": include ssl
ensure => directory, file { "${ssl::private}/smtpd.key":
mode => "0700",
owner => "root",
group => "wheel",
}
file { "/etc/mail/certs/server.key":
ensure => present, ensure => present,
mode => "0600", mode => "0600",
owner => "root", owner => "root",
@ -168,9 +163,9 @@ class smtpd::server(
source => $ssl_key, source => $ssl_key,
notify => Service["smtpd"], notify => Service["smtpd"],
} }
file { "/etc/mail/certs/server.crt": file { "${ssl::certs}/smtpd.crt":
ensure => present, ensure => present,
mode => "0600", mode => "0644",
owner => "root", owner => "root",
group => "wheel", group => "wheel",
source => $ssl_cert, source => $ssl_cert,

9
smtpd/templates/server.conf.erb
View file

@ -1,6 +1,9 @@
pki egress certificate "<%= scope.lookupvar('ssl::certs') %>/smtpd.crt"
pki egress key "<%= scope.lookupvar('ssl::private') %>/smtpd.key"
listen on lo0 listen on lo0
listen on egress port smtp tls certificate server listen on egress port smtp tls pki egress
listen on egress port submission tls-require certificate server auth listen on egress port submission auth tls-require pki egress
table aliases db:/etc/mail/aliases.db table aliases db:/etc/mail/aliases.db
table clients db:/etc/mail/clients.db table clients db:/etc/mail/clients.db
@ -36,5 +39,5 @@ accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \
<% end -%> <% end -%>
# relay for remote clients and local users # relay for remote clients and local users
accept from <clients> for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %> accept from source <clients> for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %>
accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %> accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %>