tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

smtpd: Manual merge from parameterize branch

Browse source
This commit is contained in:
Ossi Salmi 2015-05-04 10:11:05 +03:00
parent 8de3a4c16d
commit a8ebd9417c
3 changed files with 284 additions and 265 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

495
smtpd/manifests/init.pp
View file

@ -1,246 +1,261 @@
# Configure smtpd for local delivery. # Configure smtpd.
#
# === Global variables
#
# $mail_domain:
# Domain to masquerade as (envelope only).
#
# $mail_server:
# Hostname of mail relay server.
#
class smtpd {
if $mail_server {
$relay = "smtp+tls://${mail_server}"
}
case $::operatingsystem {
"centos","redhat": {
if versioncmp($::operatingsystemrelease, "6") < 0 {
fail("smtpd requires atleast ${::operatingsystem} 6")
}
$package = "opensmtpd"
$service = "opensmtpd"
$confdir = "/etc/opensmtpd"
$aliases = "/etc/aliases"
package { $package:
ensure => installed,
before => File["${confdir}/smtpd.conf"],
}
exec { "/usr/sbin/alternatives --set mta /usr/sbin/sendmail.opensmtpd":
refreshonly => true,
subscribe => Package[$package],
before => Service[$service],
}
service { [ "postfix", "sendmail" ]:
ensure => stopped,
enable => false,
before => Service[$service],
}
}
"openbsd": {
$package = undef
$service = "smtpd"
$confdir = "/etc/mail"
$aliases = "/etc/mail/aliases"
file { "/etc/mailer.conf":
ensure => present,
mode => "0644",
owner => "root",
group => "wheel",
source => "puppet:///modules/smtpd/mailer.conf",
before => Service[$service],
}
service { "sendmail":
ensure => stopped,
enable => false,
before => Service[$service],
}
}
default: {
fail("smtpd not supported on ${::operatingsystem}")
}
}
file { "${confdir}/smtpd.conf":
ensure => present,
mode => "0644",
owner => "root",
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
content => template("smtpd/client.conf.erb"),
notify => Service[$service],
}
service { $service:
ensure => running,
enable => true,
start => $::operatingsystem ? {
"openbsd" => "/usr/sbin/smtpd",
default => undef,
},
}
}
# Configure smtpd as mail server
# #
# === Parameters # === Parameters
# #
# $maildir: # $maildomain:
# Directory in user home for INBOX. Defaults to "Mail". # Domain to masquerade as.
# #
# $local: # $mailserver:
# Boolean for whether we accept mail for local recipients. # Server to relay mail via.
# Defaults to true.
# #
# $gecos: # $listen:
# Boolean for whether to enable gecos aliases. # Listen on external interfaces. Defaults to false.
# Defaults to true.
# #
# $domains: # $gecos:
# Array of primary domains to accept mail for. # Boolean for whether to enable gecos aliases.
# Defaults to true.
# #
# $virtual: # $maildir:
# Array of virtual domains to accept mail for. # Directory in user home for INBOX. Defaults to "Mail".
# #
# $ssl_key: # $custom:
# Source path of private key. # Array of custom accept/reject rules.
# #
# $ssl_cert: # $domains:
# Source path of certificate. # Array of primary domains to accept mail for.
# #
class smtpd::server( # $virtuals:
$maildir="Mail", # Array of virtual domains to accept mail for.
$local=true, #
$gecos=true, # $ssl_key:
$domains=undef, # Source path of private key.
$virtual=undef, #
$ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem", # $ssl_cert:
$ssl_cert="${::puppet_ssldir}/certs/${::homename}.pem" # Source path of certificate.
) inherits smtpd { #
class smtpd(
$maildomain=undef,
$mailserver=undef,
$listen=false,
$gecos=true,
$maildir="Mail",
$custom=undef,
$domains=undef,
$virtuals=undef,
$ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem",
$ssl_cert="${::puppet_ssldir}/certs/${::homename}.pem"
) {
if $::operatingsystem != "OpenBSD" { if $listen == true and $::operatingsystem != "OpenBSD" {
fail("smtpd::server only supported on OpenBSD") fail("listen only supported on OpenBSD")
}
case $::operatingsystem {
"centos","redhat": {
if versioncmp($::operatingsystemrelease, "6") < 0 {
fail("smtpd requires atleast ${::operatingsystem} 6")
}
$package = "opensmtpd"
$service = "opensmtpd"
$confdir = "/etc/opensmtpd"
$aliases = "/etc/aliases"
$mda = undef
package { $package:
ensure => installed,
before => File["${confdir}/smtpd.conf"],
}
exec { "/usr/sbin/alternatives --set mta /usr/sbin/sendmail.opensmtpd":
refreshonly => true,
subscribe => Package[$package],
before => Service[$service],
}
service { [ "postfix", "sendmail" ]:
ensure => stopped,
enable => false,
before => Service[$service],
}
} }
"ubuntu": {
if versioncmp($::operatingsystemrelease, "14.04") < 0 {
fail("smtpd requires atleast ${::operatingsystem} 14.04")
}
$package = "opensmtpd"
$service = "opensmtpd"
$confdir = "/etc"
$aliases = "/etc/aliases"
$mda = undef
package { $package:
ensure => installed,
before => File["${confdir}/smtpd.conf"],
}
}
"openbsd": {
$package = undef
$service = "smtpd"
$confdir = "/etc/mail"
$aliases = "/etc/mail/aliases"
$mda = "/usr/local/bin/procmail -Y -t -f %{sender}"
file { "/etc/mailer.conf":
ensure => present,
mode => "0644",
owner => "root",
group => "wheel",
source => "puppet:///modules/smtpd/mailer.conf",
before => Service[$service],
}
service { "sendmail":
ensure => stopped,
enable => false,
before => Service[$service],
}
}
default: {
fail("smtpd not supported on ${::operatingsystem}")
}
}
if $mailserver {
$mailrelay = "smtp+tls://${mailserver}"
} else {
$mailrelay = undef
}
include ssl
file { "${confdir}/smtpd.conf":
ensure => present,
mode => "0644",
owner => "root",
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
content => $listen ? {
true => template("smtpd/server.conf.erb"),
default => template("smtpd/client.conf.erb"),
},
notify => Service[$service],
}
service { $service:
ensure => running,
enable => true,
start => $::operatingsystem ? {
"openbsd" => "/usr/sbin/smtpd",
default => undef,
},
}
if $listen == true {
include procmail include procmail
procmail::rc { "00-default.rc": procmail::rc { "00-default.rc":
content => "MAILDIR=\$HOME/${maildir}\nDEFAULT=\$MAILDIR/INBOX\n", content => "MAILDIR=\$HOME/${maildir}\nDEFAULT=\$MAILDIR/INBOX\n",
}
$mda = "/usr/local/bin/procmail -Y -t -f %{sender}"
File["${confdir}/smtpd.conf"] {
content => template("smtpd/server.conf.erb"),
} }
file { [ "/root/${maildir}", "/etc/skel/${maildir}" ]: file { [ "/root/${maildir}", "/etc/skel/${maildir}" ]:
ensure => directory, ensure => directory,
mode => "0700", mode => "0700",
owner => "root", owner => "root",
group => "wheel", group => "wheel",
before => Service["smtpd"], before => Service["smtpd"],
} }
include ssl
file { "${ssl::private}/smtpd.key": file { "${ssl::private}/smtpd.key":
ensure => present, ensure => present,
mode => "0600", mode => "0600",
owner => "root", owner => "root",
group => "wheel", group => "wheel",
source => $ssl_key, source => $ssl_key,
notify => Service["smtpd"], notify => Service["smtpd"],
} }
file { "${ssl::certs}/smtpd.crt": file { "${ssl::certs}/smtpd.crt":
ensure => present, ensure => present,
mode => "0644", mode => "0644",
owner => "root", owner => "root",
group => "wheel", group => "wheel",
source => $ssl_cert, source => $ssl_cert,
notify => Service["smtpd"], notify => Service["smtpd"],
} }
if $gecos == true { if $gecos == true {
file { "/usr/local/sbin/generate-smtpd-gecos.sh": file { "/usr/local/sbin/generate-smtpd-gecos.sh":
ensure => present, ensure => present,
mode => "0700", mode => "0700",
owner => "root", owner => "root",
group => "wheel", group => "wheel",
source => "puppet:///modules/smtpd/generate-smtpd-gecos.sh", source => "puppet:///modules/smtpd/generate-smtpd-gecos.sh",
} }
exec { "/usr/local/sbin/generate-smtpd-gecos.sh": exec { "/usr/local/sbin/generate-smtpd-gecos.sh":
unless => "/bin/test /etc/mail/gecos -nt /etc/passwd", unless => "/bin/test /etc/mail/gecos -nt /etc/passwd",
require => File["/usr/local/sbin/generate-smtpd-gecos.sh"], require => File["/usr/local/sbin/generate-smtpd-gecos.sh"],
notify => Exec["makemap aliases"], notify => Exec["makemap aliases"],
} }
} }
file { "/etc/mail/aliases": file { "/etc/mail/aliases":
ensure => present, ensure => present,
mode => "0644", mode => "0644",
owner => "root", owner => "root",
group => "wheel", group => "wheel",
source => [ source => [
"puppet:///files/mail/aliases.${::homename}", "puppet:///files/mail/aliases.${::homename}",
"puppet:///files/mail/aliases", "puppet:///files/mail/aliases",
], ],
} }
exec { "makemap aliases": exec { "makemap aliases":
command => $gecos ? { command => $gecos ? {
false => "makemap aliases", false => "makemap aliases",
true => "cat aliases gecos > aliases.gecos && makemap -o aliases.db aliases.gecos", true => "cat aliases gecos > aliases.gecos && makemap -o aliases.db aliases.gecos",
}, },
refreshonly => true, refreshonly => true,
cwd => "/etc/mail", cwd => "/etc/mail",
path => "/bin:/usr/bin:/sbin:/usr/sbin", path => "/bin:/usr/bin:/sbin:/usr/sbin",
subscribe => File["/etc/mail/aliases"], subscribe => File["/etc/mail/aliases"],
before => Service["smtpd"], before => Service["smtpd"],
} }
file { "/etc/mail/clients": file { "/etc/mail/clients":
ensure => present, ensure => present,
mode => "0644", mode => "0644",
owner => "root", owner => "root",
group => "wheel", group => "wheel",
source => [ source => [
"puppet:///files/mail/clients.${::homename}", "puppet:///files/mail/clients.${::homename}",
"puppet:///files/mail/clients", "puppet:///files/mail/clients",
"puppet:///modules/smtpd/empty", "puppet:///modules/smtpd/empty",
], ],
} }
exec { "makemap -t set clients": exec { "makemap -t set clients":
refreshonly => true, refreshonly => true,
cwd => "/etc/mail", cwd => "/etc/mail",
path => "/bin:/usr/bin:/sbin:/usr/sbin", path => "/bin:/usr/bin:/sbin:/usr/sbin",
subscribe => File["/etc/mail/clients"], subscribe => File["/etc/mail/clients"],
before => Service["smtpd"], before => Service["smtpd"],
} }
if $domains { if $domains {
smtpd::aliases { $domains: smtpd::aliases { $domains:
gecos => $gecos, gecos => $gecos,
subscribe => $gecos ? { subscribe => $gecos ? {
false => undef, false => undef,
true => Exec["/usr/local/sbin/generate-smtpd-gecos.sh"], true => Exec["/usr/local/sbin/generate-smtpd-gecos.sh"],
}, },
} }
} }
if $virtual { if $virtuals {
smtpd::virtual { $virtual: } smtpd::virtual { $virtuals: }
} }
}
} }
@ -249,28 +264,28 @@ class smtpd::server(
# #
define smtpd::aliases($gecos) { define smtpd::aliases($gecos) {
file { "/etc/mail/aliases.${name}": file { "/etc/mail/aliases.${name}":
ensure => present, ensure => present,
mode => "0644", mode => "0644",
owner => "root", owner => "root",
group => "wheel", group => "wheel",
source => [ source => [
"puppet:///files/mail/aliases.${name}", "puppet:///files/mail/aliases.${name}",
"puppet:///files/mail/aliases.${::homename}", "puppet:///files/mail/aliases.${::homename}",
"puppet:///files/mail/aliases", "puppet:///files/mail/aliases",
], ],
} }
exec { "makemap aliases.${name}": exec { "makemap aliases.${name}":
command => $gecos ? { command => $gecos ? {
false => "makemap aliases.${name}", false => "makemap aliases.${name}",
true => "cat aliases.${name} gecos > aliases.${name}.gecos && makemap -o aliases.${name}.db aliases.${name}.gecos", true => "cat aliases.${name} gecos > aliases.${name}.gecos && makemap -o aliases.${name}.db aliases.${name}.gecos",
}, },
refreshonly => true, refreshonly => true,
cwd => "/etc/mail", cwd => "/etc/mail",
path => "/bin:/usr/bin:/sbin:/usr/sbin", path => "/bin:/usr/bin:/sbin:/usr/sbin",
subscribe => File["/etc/mail/aliases.${name}"], subscribe => File["/etc/mail/aliases.${name}"],
before => Service["smtpd"], before => Service["smtpd"],
} }
} }
@ -279,23 +294,23 @@ define smtpd::aliases($gecos) {
# #
define smtpd::virtual() { define smtpd::virtual() {
file { "/etc/mail/virtual.${name}": file { "/etc/mail/virtual.${name}":
ensure => present, ensure => present,
mode => "0644", mode => "0644",
owner => "root", owner => "root",
group => "wheel", group => "wheel",
source => [ source => [
"puppet:///files/mail/virtual.${name}", "puppet:///files/mail/virtual.${name}",
"puppet:///files/mail/virtual.${::homename}", "puppet:///files/mail/virtual.${::homename}",
"puppet:///files/mail/virtual", "puppet:///files/mail/virtual",
], ],
} }
exec { "makemap virtual.${name}": exec { "makemap virtual.${name}":
refreshonly => true, refreshonly => true,
cwd => "/etc/mail", cwd => "/etc/mail",
path => "/bin:/usr/bin:/sbin:/usr/sbin", path => "/bin:/usr/bin:/sbin:/usr/sbin",
subscribe => File["/etc/mail/virtual.${name}"], subscribe => File["/etc/mail/virtual.${name}"],
before => Service["smtpd"], before => Service["smtpd"],
} }
} }

8
smtpd/templates/client.conf.erb
View file

@ -1,14 +1,14 @@
<% if @operatingsystem == "OpenBSD" -%> <% if @operatingsystem == "OpenBSD" -%>
listen on lo0 listen on lo0
<% else -%> <% else -%>
listen on localhost listen on lo
<% end -%> <% end -%>
table aliases db:<%= @aliases %>.db table aliases db:<%= @aliases %>.db
<% if @relay -%> <% if @mailrelay -%>
accept from local for any relay via <%= @relay %><% if @mail_domain %> as "@<%= @mail_domain %>"<% end %> accept from local for any relay via <%= @mailrelay %><% if @maildomain %> as "@<%= @maildomain %>"<% end %>
<% else -%> <% else -%>
accept from local for local alias <aliases> deliver to mbox accept from local for local alias <aliases> deliver to mbox
accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %> accept from local for any relay<% if @maildomain %> as "@<%= @maildomain %>"<% end %>
<% end -%> <% end -%>

46
smtpd/templates/server.conf.erb
View file

@ -1,43 +1,47 @@
_mda = "\"<%= @mda %>\""
pki egress certificate "<%= scope.lookupvar('ssl::certs') %>/smtpd.crt" pki egress certificate "<%= scope.lookupvar('ssl::certs') %>/smtpd.crt"
pki egress key "<%= scope.lookupvar('ssl::private') %>/smtpd.key" pki egress key "<%= scope.lookupvar('ssl::private') %>/smtpd.key"
listen on lo0 listen on lo0
listen on egress port smtp tls pki egress listen on egress port smtp tls pki egress
listen on egress port submission auth tls-require pki egress listen on egress port submission tls-require pki egress auth mask-source
table aliases db:/etc/mail/aliases.db table aliases db:/etc/mail/aliases.db
table clients db:/etc/mail/clients.db table clients db:/etc/mail/clients.db
<% @domains.each do |domain| -%> <% @domains.each do |dom| -%>
table aliases.<%= domain %> db:/etc/mail/aliases.<%= domain %>.db table aliases.<%= dom %> db:/etc/mail/aliases.<%= dom %>.db
<% end if @domains -%> <% end if @domains -%>
<% @virtual.each do |domain| -%> <% @virtuals.each do |dom| -%>
table virtual.<%= domain %> db:/etc/mail/virtual.<%= domain %>.db table virtual.<%= dom %> db:/etc/mail/virtual.<%= dom %>.db
<% end if @virtual -%> <% end if @virtuals -%>
<% if @local == true -%> <% if @custom -%>
# custom rules
<% @custom.each do |rule| -%>
<%= rule %>
<% end -%>
<% end -%>
# accept for localhost and our fqdn # accept for localhost and our fqdn
accept from any for local alias <aliases> \ accept from any for local alias <aliases> deliver to mda $_mda
deliver to mda "<%= @mda %>"
<% end -%>
<% if @domains -%> <% if @domains -%>
# accept for primary domains # accept for primary domains
<% @domains.each do |domain| -%> <% @domains.each do |dom| -%>
accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \ accept from any for domain { "<%= dom %>", "*.<%= dom %>" } \
alias <aliases.<%= domain%>> \ alias <aliases.<%= dom %>> deliver to mda $_mda
deliver to mda "<%= @mda %>"
<% end -%> <% end -%>
<% end -%> <% end -%>
<% if @virtual -%> <% if @virtuals -%>
# accept for virtual domains # accept for virtual domains
<% @virtual.each do |domain| -%> <% @virtuals.each do |dom| -%>
accept from any for domain { "<%= domain %>", "*.<%= domain %>" } \ accept from any for domain { "<%= dom %>", "*.<%= dom %>" } \
virtual <virtual.<%= domain%>> \ virtual <virtual.<%= dom %>> deliver to mda $_mda
deliver to mda "<%= @mda %>"
<% end -%> <% end -%>
<% end -%> <% end -%>
# relay for remote clients and local users # relay for remote clients and local users
accept from source <clients> for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %> accept from source <clients> for any relay<% if @maildomain %> as "@<%= @maildomain %>"<% end %>
accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %> accept from local for any relay<% if @maildomain %> as "@<%= @maildomain %>"<% end %>