From a90016c5f2e475858183b83f30a8928fdae36992 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20M=E4kinen?= <tmakinen@foo.sh>
Date: Mon, 17 Jun 2013 10:26:23 +0300
Subject: [PATCH] sendmail: Added support for installing sendmail without SSL
 support.

---
 sendmail/manifests/init.pp         | 59 +++++++++++++++++-------------
 sendmail/templates/sendmail.mc.erb | 12 +++++-
 2 files changed, 44 insertions(+), 27 deletions(-)

diff --git a/sendmail/manifests/init.pp b/sendmail/manifests/init.pp
index 8309691..a8665ef 100644
--- a/sendmail/manifests/init.pp
+++ b/sendmail/manifests/init.pp
@@ -165,8 +165,15 @@ class sendmail::client::msa inherits sendmail::client {
 #       List of authentication mechanisms to use. Defaults to PLAIN and LOGIN.
 #
 #   $sendmail_ssl_key:
+#       Path to SSL key file. If not set sendmail will be configured
+#       without SSL support.
 #
 #   $sendmail_ssl_cert:
+#       Path to SSL certificate file. If not set sendmail will be
+#       configured without SSL support.
+#
+#   $sendmail_ssl_chain:
+#       Path to SSL certificate chain file.
 #
 class sendmail::server inherits sendmail::common {
 
@@ -180,12 +187,6 @@ class sendmail::server inherits sendmail::common {
         $masquerade_exception = []
     }
 
-    $ssl_key = basename($sendmail_ssl_key)
-    $ssl_cert = basename($sendmail_ssl_cert)
-    if $sendmail_ssl_chain {
-        $ssl_chain = basename($sendmail_ssl_chain)
-    }
-
     selinux::manage_fcontext { "/etc/smrsh(/.*)?":
         type => "sendmail_exec_t",
     }
@@ -201,31 +202,39 @@ class sendmail::server inherits sendmail::common {
         }
     }
 
-    file { "/etc/pki/tls/private/${ssl_key}":
-        ensure => present,
-        source => $sendmail_ssl_key,
-        mode   => "0600",
-        owner  => "root",
-        group  => "root",
-        notify => Service["sendmail"],
-    }
-    file { "/etc/pki/tls/certs/${ssl_cert}":
-        ensure => present,
-        source => $sendmail_ssl_cert,
-        mode   => "0644",
-        owner  => "root",
-        group  => "root",
-        notify => Service["sendmail"],
-    }
-    if $ssl_chain {
-        file { "/etc/pki/tls/certs/${ssl_chain}":
+    if $sendmail_ssl_key and $sendmail_ssl_cert {
+        $ssl_key = basename($sendmail_ssl_key)
+        $ssl_cert = basename($sendmail_ssl_cert)
+        if $sendmail_ssl_chain {
+            $ssl_chain = basename($sendmail_ssl_chain)
+        }
+
+        file { "/etc/pki/tls/private/${ssl_key}":
             ensure => present,
-            source => $sendmail_ssl_chain,
+            source => $sendmail_ssl_key,
+            mode   => "0600",
+            owner  => "root",
+            group  => "root",
+            notify => Service["sendmail"],
+        }
+        file { "/etc/pki/tls/certs/${ssl_cert}":
+            ensure => present,
+            source => $sendmail_ssl_cert,
             mode   => "0644",
             owner  => "root",
             group  => "root",
             notify => Service["sendmail"],
         }
+        if $ssl_chain {
+            file { "/etc/pki/tls/certs/${ssl_chain}":
+                ensure => present,
+                source => $sendmail_ssl_chain,
+                mode   => "0644",
+                owner  => "root",
+                group  => "root",
+                notify => Service["sendmail"],
+            }
+        }
     }
 
     file { "sendmail.mc":
diff --git a/sendmail/templates/sendmail.mc.erb b/sendmail/templates/sendmail.mc.erb
index a4b60ea..fc4f261 100644
--- a/sendmail/templates/sendmail.mc.erb
+++ b/sendmail/templates/sendmail.mc.erb
@@ -22,18 +22,24 @@ define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
 define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
 define(`confTO_IDENT', `0')dnl
 dnl #
+<% if @ssl_key and @ssl_cert -%>
 define(`confAUTH_OPTIONS', `A p y')dnl
 TRUST_AUTH_MECH(`<%= @sendmail_auth_mech.join(' ') %>')dnl
 define(`confAUTH_MECHANISMS', `<%= @sendmail_auth_mech.join(' ') %>')dnl
+<% else -%>
+define(`confAUTH_OPTIONS', `A')dnl
+<% end -%>
 dnl #
 define(`confCACERT_PATH', `/etc/mail/certs')
-<% if @ssl_chain -%>
+<% if @ssl_key and @ssl_cert -%>
+<%   if @ssl_chain -%>
 define(`confCACERT', `/etc/pki/tls/certs/<%= @ssl_chain %>')
-<% end -%>
+<%   end -%>
 define(`confSERVER_CERT', `/etc/pki/tls/certs/<%= @ssl_cert %>')
 define(`confSERVER_KEY', `/etc/pki/tls/private/<%= @ssl_key %>')
 define(`confCLIENT_CERT', `/etc/pki/tls/certs/<%= @ssl_cert %>')
 define(`confCLIENT_KEY', `/etc/pki/tls/private/<%= @ssl_key %>')
+<% end -%>
 dnl #
 FEATURE(`no_default_msa', `dnl')dnl
 FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
@@ -52,7 +58,9 @@ FEATURE(`blacklist_recipients')dnl
 EXPOSED_USER(`root')dnl
 dnl #
 DAEMON_OPTIONS(`Port=smtp, Name=MTA, M=A')dnl
+<% if @ssl_key and @ssl_cert -%>
 DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
+<% end -%>
 dnl #
 LOCAL_DOMAIN(`localhost.localdomain')dnl
 MASQUERADE_AS(`<%= @mail_domain %>')dnl