From a8ebd9417ce8ef19f91dfe661b4aa41606546a95 Mon Sep 17 00:00:00 2001 From: Ossi Salmi Date: Mon, 4 May 2015 10:11:05 +0300 Subject: [PATCH] smtpd: Manual merge from parameterize branch --- smtpd/manifests/init.pp | 495 ++++++++++++++++---------------- smtpd/templates/client.conf.erb | 8 +- smtpd/templates/server.conf.erb | 46 +-- 3 files changed, 284 insertions(+), 265 deletions(-) diff --git a/smtpd/manifests/init.pp b/smtpd/manifests/init.pp index 3d2509a..49c6117 100644 --- a/smtpd/manifests/init.pp +++ b/smtpd/manifests/init.pp @@ -1,246 +1,261 @@ -# Configure smtpd for local delivery. -# -# === Global variables -# -# $mail_domain: -# Domain to masquerade as (envelope only). -# -# $mail_server: -# Hostname of mail relay server. -# -class smtpd { - - if $mail_server { - $relay = "smtp+tls://${mail_server}" - } - - case $::operatingsystem { - "centos","redhat": { - if versioncmp($::operatingsystemrelease, "6") < 0 { - fail("smtpd requires atleast ${::operatingsystem} 6") - } - - $package = "opensmtpd" - $service = "opensmtpd" - $confdir = "/etc/opensmtpd" - $aliases = "/etc/aliases" - - package { $package: - ensure => installed, - before => File["${confdir}/smtpd.conf"], - } - - exec { "/usr/sbin/alternatives --set mta /usr/sbin/sendmail.opensmtpd": - refreshonly => true, - subscribe => Package[$package], - before => Service[$service], - } - - service { [ "postfix", "sendmail" ]: - ensure => stopped, - enable => false, - before => Service[$service], - } - - } - "openbsd": { - $package = undef - $service = "smtpd" - $confdir = "/etc/mail" - $aliases = "/etc/mail/aliases" - - file { "/etc/mailer.conf": - ensure => present, - mode => "0644", - owner => "root", - group => "wheel", - source => "puppet:///modules/smtpd/mailer.conf", - before => Service[$service], - } - - service { "sendmail": - ensure => stopped, - enable => false, - before => Service[$service], - } - } - default: { - fail("smtpd not supported on ${::operatingsystem}") - } - } - - file { "${confdir}/smtpd.conf": - ensure => present, - mode => "0644", - owner => "root", - group => $::operatingsystem ? { - "openbsd" => "wheel", - default => "root", - }, - content => template("smtpd/client.conf.erb"), - notify => Service[$service], - } - - service { $service: - ensure => running, - enable => true, - start => $::operatingsystem ? { - "openbsd" => "/usr/sbin/smtpd", - default => undef, - }, - } - -} - - -# Configure smtpd as mail server +# Configure smtpd. # # === Parameters # -# $maildir: -# Directory in user home for INBOX. Defaults to "Mail". +# $maildomain: +# Domain to masquerade as. # -# $local: -# Boolean for whether we accept mail for local recipients. -# Defaults to true. +# $mailserver: +# Server to relay mail via. # -# $gecos: -# Boolean for whether to enable gecos aliases. -# Defaults to true. +# $listen: +# Listen on external interfaces. Defaults to false. # -# $domains: -# Array of primary domains to accept mail for. +# $gecos: +# Boolean for whether to enable gecos aliases. +# Defaults to true. # -# $virtual: -# Array of virtual domains to accept mail for. +# $maildir: +# Directory in user home for INBOX. Defaults to "Mail". # -# $ssl_key: -# Source path of private key. +# $custom: +# Array of custom accept/reject rules. # -# $ssl_cert: -# Source path of certificate. +# $domains: +# Array of primary domains to accept mail for. # -class smtpd::server( - $maildir="Mail", - $local=true, - $gecos=true, - $domains=undef, - $virtual=undef, - $ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem", - $ssl_cert="${::puppet_ssldir}/certs/${::homename}.pem" -) inherits smtpd { +# $virtuals: +# Array of virtual domains to accept mail for. +# +# $ssl_key: +# Source path of private key. +# +# $ssl_cert: +# Source path of certificate. +# +class smtpd( + $maildomain=undef, + $mailserver=undef, + $listen=false, + $gecos=true, + $maildir="Mail", + $custom=undef, + $domains=undef, + $virtuals=undef, + $ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem", + $ssl_cert="${::puppet_ssldir}/certs/${::homename}.pem" +) { - if $::operatingsystem != "OpenBSD" { - fail("smtpd::server only supported on OpenBSD") + if $listen == true and $::operatingsystem != "OpenBSD" { + fail("listen only supported on OpenBSD") + } + + case $::operatingsystem { + "centos","redhat": { + if versioncmp($::operatingsystemrelease, "6") < 0 { + fail("smtpd requires atleast ${::operatingsystem} 6") + } + + $package = "opensmtpd" + $service = "opensmtpd" + $confdir = "/etc/opensmtpd" + $aliases = "/etc/aliases" + $mda = undef + + package { $package: + ensure => installed, + before => File["${confdir}/smtpd.conf"], + } + + exec { "/usr/sbin/alternatives --set mta /usr/sbin/sendmail.opensmtpd": + refreshonly => true, + subscribe => Package[$package], + before => Service[$service], + } + + service { [ "postfix", "sendmail" ]: + ensure => stopped, + enable => false, + before => Service[$service], + } } + "ubuntu": { + if versioncmp($::operatingsystemrelease, "14.04") < 0 { + fail("smtpd requires atleast ${::operatingsystem} 14.04") + } + $package = "opensmtpd" + $service = "opensmtpd" + $confdir = "/etc" + $aliases = "/etc/aliases" + $mda = undef + + package { $package: + ensure => installed, + before => File["${confdir}/smtpd.conf"], + } + } + "openbsd": { + $package = undef + $service = "smtpd" + $confdir = "/etc/mail" + $aliases = "/etc/mail/aliases" + $mda = "/usr/local/bin/procmail -Y -t -f %{sender}" + + file { "/etc/mailer.conf": + ensure => present, + mode => "0644", + owner => "root", + group => "wheel", + source => "puppet:///modules/smtpd/mailer.conf", + before => Service[$service], + } + + service { "sendmail": + ensure => stopped, + enable => false, + before => Service[$service], + } + } + default: { + fail("smtpd not supported on ${::operatingsystem}") + } + } + + if $mailserver { + $mailrelay = "smtp+tls://${mailserver}" + } else { + $mailrelay = undef + } + + include ssl + + file { "${confdir}/smtpd.conf": + ensure => present, + mode => "0644", + owner => "root", + group => $::operatingsystem ? { + "openbsd" => "wheel", + default => "root", + }, + content => $listen ? { + true => template("smtpd/server.conf.erb"), + default => template("smtpd/client.conf.erb"), + }, + notify => Service[$service], + } + + service { $service: + ensure => running, + enable => true, + start => $::operatingsystem ? { + "openbsd" => "/usr/sbin/smtpd", + default => undef, + }, + } + + if $listen == true { include procmail procmail::rc { "00-default.rc": - content => "MAILDIR=\$HOME/${maildir}\nDEFAULT=\$MAILDIR/INBOX\n", - } - - $mda = "/usr/local/bin/procmail -Y -t -f %{sender}" - - File["${confdir}/smtpd.conf"] { - content => template("smtpd/server.conf.erb"), + content => "MAILDIR=\$HOME/${maildir}\nDEFAULT=\$MAILDIR/INBOX\n", } file { [ "/root/${maildir}", "/etc/skel/${maildir}" ]: - ensure => directory, - mode => "0700", - owner => "root", - group => "wheel", - before => Service["smtpd"], + ensure => directory, + mode => "0700", + owner => "root", + group => "wheel", + before => Service["smtpd"], } - include ssl file { "${ssl::private}/smtpd.key": - ensure => present, - mode => "0600", - owner => "root", - group => "wheel", - source => $ssl_key, - notify => Service["smtpd"], + ensure => present, + mode => "0600", + owner => "root", + group => "wheel", + source => $ssl_key, + notify => Service["smtpd"], } file { "${ssl::certs}/smtpd.crt": - ensure => present, - mode => "0644", - owner => "root", - group => "wheel", - source => $ssl_cert, - notify => Service["smtpd"], + ensure => present, + mode => "0644", + owner => "root", + group => "wheel", + source => $ssl_cert, + notify => Service["smtpd"], } if $gecos == true { - file { "/usr/local/sbin/generate-smtpd-gecos.sh": - ensure => present, - mode => "0700", - owner => "root", - group => "wheel", - source => "puppet:///modules/smtpd/generate-smtpd-gecos.sh", - } - exec { "/usr/local/sbin/generate-smtpd-gecos.sh": - unless => "/bin/test /etc/mail/gecos -nt /etc/passwd", - require => File["/usr/local/sbin/generate-smtpd-gecos.sh"], - notify => Exec["makemap aliases"], - } + file { "/usr/local/sbin/generate-smtpd-gecos.sh": + ensure => present, + mode => "0700", + owner => "root", + group => "wheel", + source => "puppet:///modules/smtpd/generate-smtpd-gecos.sh", + } + exec { "/usr/local/sbin/generate-smtpd-gecos.sh": + unless => "/bin/test /etc/mail/gecos -nt /etc/passwd", + require => File["/usr/local/sbin/generate-smtpd-gecos.sh"], + notify => Exec["makemap aliases"], + } } file { "/etc/mail/aliases": - ensure => present, - mode => "0644", - owner => "root", - group => "wheel", - source => [ - "puppet:///files/mail/aliases.${::homename}", - "puppet:///files/mail/aliases", - ], + ensure => present, + mode => "0644", + owner => "root", + group => "wheel", + source => [ + "puppet:///files/mail/aliases.${::homename}", + "puppet:///files/mail/aliases", + ], } exec { "makemap aliases": - command => $gecos ? { - false => "makemap aliases", - true => "cat aliases gecos > aliases.gecos && makemap -o aliases.db aliases.gecos", - }, - refreshonly => true, - cwd => "/etc/mail", - path => "/bin:/usr/bin:/sbin:/usr/sbin", - subscribe => File["/etc/mail/aliases"], - before => Service["smtpd"], + command => $gecos ? { + false => "makemap aliases", + true => "cat aliases gecos > aliases.gecos && makemap -o aliases.db aliases.gecos", + }, + refreshonly => true, + cwd => "/etc/mail", + path => "/bin:/usr/bin:/sbin:/usr/sbin", + subscribe => File["/etc/mail/aliases"], + before => Service["smtpd"], } file { "/etc/mail/clients": - ensure => present, - mode => "0644", - owner => "root", - group => "wheel", - source => [ - "puppet:///files/mail/clients.${::homename}", - "puppet:///files/mail/clients", - "puppet:///modules/smtpd/empty", - ], + ensure => present, + mode => "0644", + owner => "root", + group => "wheel", + source => [ + "puppet:///files/mail/clients.${::homename}", + "puppet:///files/mail/clients", + "puppet:///modules/smtpd/empty", + ], } exec { "makemap -t set clients": - refreshonly => true, - cwd => "/etc/mail", - path => "/bin:/usr/bin:/sbin:/usr/sbin", - subscribe => File["/etc/mail/clients"], - before => Service["smtpd"], + refreshonly => true, + cwd => "/etc/mail", + path => "/bin:/usr/bin:/sbin:/usr/sbin", + subscribe => File["/etc/mail/clients"], + before => Service["smtpd"], } if $domains { - smtpd::aliases { $domains: - gecos => $gecos, - subscribe => $gecos ? { - false => undef, - true => Exec["/usr/local/sbin/generate-smtpd-gecos.sh"], - }, - } + smtpd::aliases { $domains: + gecos => $gecos, + subscribe => $gecos ? { + false => undef, + true => Exec["/usr/local/sbin/generate-smtpd-gecos.sh"], + }, + } } - if $virtual { - smtpd::virtual { $virtual: } + if $virtuals { + smtpd::virtual { $virtuals: } } + } } @@ -249,28 +264,28 @@ class smtpd::server( # define smtpd::aliases($gecos) { - file { "/etc/mail/aliases.${name}": - ensure => present, - mode => "0644", - owner => "root", - group => "wheel", - source => [ - "puppet:///files/mail/aliases.${name}", - "puppet:///files/mail/aliases.${::homename}", - "puppet:///files/mail/aliases", - ], - } - exec { "makemap aliases.${name}": - command => $gecos ? { - false => "makemap aliases.${name}", - true => "cat aliases.${name} gecos > aliases.${name}.gecos && makemap -o aliases.${name}.db aliases.${name}.gecos", - }, - refreshonly => true, - cwd => "/etc/mail", - path => "/bin:/usr/bin:/sbin:/usr/sbin", - subscribe => File["/etc/mail/aliases.${name}"], - before => Service["smtpd"], - } + file { "/etc/mail/aliases.${name}": + ensure => present, + mode => "0644", + owner => "root", + group => "wheel", + source => [ + "puppet:///files/mail/aliases.${name}", + "puppet:///files/mail/aliases.${::homename}", + "puppet:///files/mail/aliases", + ], + } + exec { "makemap aliases.${name}": + command => $gecos ? { + false => "makemap aliases.${name}", + true => "cat aliases.${name} gecos > aliases.${name}.gecos && makemap -o aliases.${name}.db aliases.${name}.gecos", + }, + refreshonly => true, + cwd => "/etc/mail", + path => "/bin:/usr/bin:/sbin:/usr/sbin", + subscribe => File["/etc/mail/aliases.${name}"], + before => Service["smtpd"], + } } @@ -279,23 +294,23 @@ define smtpd::aliases($gecos) { # define smtpd::virtual() { - file { "/etc/mail/virtual.${name}": - ensure => present, - mode => "0644", - owner => "root", - group => "wheel", - source => [ - "puppet:///files/mail/virtual.${name}", - "puppet:///files/mail/virtual.${::homename}", - "puppet:///files/mail/virtual", - ], - } - exec { "makemap virtual.${name}": - refreshonly => true, - cwd => "/etc/mail", - path => "/bin:/usr/bin:/sbin:/usr/sbin", - subscribe => File["/etc/mail/virtual.${name}"], - before => Service["smtpd"], - } + file { "/etc/mail/virtual.${name}": + ensure => present, + mode => "0644", + owner => "root", + group => "wheel", + source => [ + "puppet:///files/mail/virtual.${name}", + "puppet:///files/mail/virtual.${::homename}", + "puppet:///files/mail/virtual", + ], + } + exec { "makemap virtual.${name}": + refreshonly => true, + cwd => "/etc/mail", + path => "/bin:/usr/bin:/sbin:/usr/sbin", + subscribe => File["/etc/mail/virtual.${name}"], + before => Service["smtpd"], + } } diff --git a/smtpd/templates/client.conf.erb b/smtpd/templates/client.conf.erb index 696f302..7944412 100644 --- a/smtpd/templates/client.conf.erb +++ b/smtpd/templates/client.conf.erb @@ -1,14 +1,14 @@ <% if @operatingsystem == "OpenBSD" -%> listen on lo0 <% else -%> -listen on localhost +listen on lo <% end -%> table aliases db:<%= @aliases %>.db -<% if @relay -%> -accept from local for any relay via <%= @relay %><% if @mail_domain %> as "@<%= @mail_domain %>"<% end %> +<% if @mailrelay -%> +accept from local for any relay via <%= @mailrelay %><% if @maildomain %> as "@<%= @maildomain %>"<% end %> <% else -%> accept from local for local alias deliver to mbox -accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %> +accept from local for any relay<% if @maildomain %> as "@<%= @maildomain %>"<% end %> <% end -%> diff --git a/smtpd/templates/server.conf.erb b/smtpd/templates/server.conf.erb index 9c8a43c..ab469d9 100644 --- a/smtpd/templates/server.conf.erb +++ b/smtpd/templates/server.conf.erb @@ -1,43 +1,47 @@ +_mda = "\"<%= @mda %>\"" + pki egress certificate "<%= scope.lookupvar('ssl::certs') %>/smtpd.crt" pki egress key "<%= scope.lookupvar('ssl::private') %>/smtpd.key" listen on lo0 listen on egress port smtp tls pki egress -listen on egress port submission auth tls-require pki egress +listen on egress port submission tls-require pki egress auth mask-source table aliases db:/etc/mail/aliases.db table clients db:/etc/mail/clients.db -<% @domains.each do |domain| -%> -table aliases.<%= domain %> db:/etc/mail/aliases.<%= domain %>.db +<% @domains.each do |dom| -%> +table aliases.<%= dom %> db:/etc/mail/aliases.<%= dom %>.db <% end if @domains -%> -<% @virtual.each do |domain| -%> -table virtual.<%= domain %> db:/etc/mail/virtual.<%= domain %>.db -<% end if @virtual -%> -<% if @local == true -%> +<% @virtuals.each do |dom| -%> +table virtual.<%= dom %> db:/etc/mail/virtual.<%= dom %>.db +<% end if @virtuals -%> +<% if @custom -%> + +# custom rules +<% @custom.each do |rule| -%> +<%= rule %> +<% end -%> +<% end -%> # accept for localhost and our fqdn -accept from any for local alias \ - deliver to mda "<%= @mda %>" -<% end -%> +accept from any for local alias deliver to mda $_mda <% if @domains -%> # accept for primary domains -<% @domains.each do |domain| -%> -accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \ - alias > \ - deliver to mda "<%= @mda %>" +<% @domains.each do |dom| -%> +accept from any for domain { "<%= dom %>", "*.<%= dom %>" } \ + alias > deliver to mda $_mda <% end -%> <% end -%> -<% if @virtual -%> +<% if @virtuals -%> # accept for virtual domains -<% @virtual.each do |domain| -%> -accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \ - virtual > \ - deliver to mda "<%= @mda %>" +<% @virtuals.each do |dom| -%> +accept from any for domain { "<%= dom %>", "*.<%= dom %>" } \ + virtual > deliver to mda $_mda <% end -%> <% end -%> # relay for remote clients and local users -accept from source for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %> -accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %> +accept from source for any relay<% if @maildomain %> as "@<%= @maildomain %>"<% end %> +accept from local for any relay<% if @maildomain %> as "@<%= @maildomain %>"<% end %>