smtpd: Update server config for OpenSMTPD 5.4

2014-02-28 22:35:34 +02:00 · 2014-02-28 22:35:34 +02:00 · 8653c7d02d
commit 8653c7d02d
parent fbadf40c91
3 changed files with 15 additions and 17 deletions
--- a/smtpd/files/generate-smtpd-gecos.sh
+++ b/smtpd/files/generate-smtpd-gecos.sh
@ -1,6 +1,6 @@
 #!/bin/sh

-echo "# Generated" > /etc/mail/gecos
+echo "# Generated by $0" > /etc/mail/gecos

 /usr/bin/awk -F : '{
    if($3 != "0" && $7 != "/sbin/nologin") {
--- a/smtpd/manifests/init.pp
+++ b/smtpd/manifests/init.pp
@ -98,7 +98,7 @@ class smtpd {
 # === Parameters
 #
 #   $maildir:
-#       Directory in user home for INBOX.
+#       Directory in user home for INBOX. Defaults to "Mail".
 #
 #   $local:
 #       Boolean for whether we accept mail for local recipients.
@ -106,7 +106,7 @@ class smtpd {
 #
 #   $gecos:
 #       Boolean for whether to enable gecos aliases.
-#       Defaults to false.
+#       Defaults to true.
 #
 #   $domains:
 #       Array of primary domains to accept mail for.
@ -121,9 +121,9 @@ class smtpd {
 #       Source path of certificate.
 #
 class smtpd::server(
-    $maildir,
+    $maildir="Mail",
    $local=true,
-    $gecos=false,
+    $gecos=true,
    $domains=undef,
    $virtual=undef,
    $ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem",
@ -154,13 +154,8 @@ class smtpd::server(
        before => Service["smtpd"],
    }

-    file { "/etc/mail/certs":
-        ensure => directory,
-        mode   => "0700",
-        owner  => "root",
-        group  => "wheel",
-    }
-    file { "/etc/mail/certs/server.key":
+    include ssl
+    file { "${ssl::private}/smtpd.key":
        ensure => present,
        mode   => "0600",
        owner  => "root",
@ -168,9 +163,9 @@ class smtpd::server(
        source => $ssl_key,
        notify => Service["smtpd"],
    }
-    file { "/etc/mail/certs/server.crt":
+    file { "${ssl::certs}/smtpd.crt":
        ensure => present,
-        mode   => "0600",
+        mode   => "0644",
        owner  => "root",
        group  => "wheel",
        source => $ssl_cert,
--- a/smtpd/templates/server.conf.erb
+++ b/smtpd/templates/server.conf.erb
@ -1,6 +1,9 @@
+pki egress certificate "<%= scope.lookupvar('ssl::certs') %>/smtpd.crt"
+pki egress key "<%= scope.lookupvar('ssl::private') %>/smtpd.key"
+
 listen on lo0
-listen on egress port smtp tls certificate server
-listen on egress port submission tls-require certificate server auth
+listen on egress port smtp tls pki egress
+listen on egress port submission auth tls-require pki egress

 table aliases db:/etc/mail/aliases.db
 table clients db:/etc/mail/clients.db
@ -36,5 +39,5 @@ accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \
 <% end -%>

 # relay for remote clients and local users
-accept from <clients> for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %>
+accept from source <clients> for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %>
 accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %>