tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactored sendmail::server.

Browse source
This commit is contained in:
Timo Mkinen 2012-05-10 09:02:15 +03:00
parent 28682778ac
commit ec7c903536
4 changed files with 228 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
sendmail/files/aliases Normal file
View file

@ -0,0 +1,19 @@
#
# Aliases in this file will NOT be expanded in the header from
# Mail, but WILL be visible over networks or from /bin/mail.
#
# >>>>>>>>>> The program "newaliases" must be run after
# >> NOTE >> this file is updated for any changes to
# >>>>>>>>>> show through to sendmail.
#
# Basic system aliases -- these MUST be present.
mailer-daemon: postmaster
postmaster: root
# General redirections for important pseudo accounts
daemon: root
# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES
abuse: root
security: root

0
sendmail/files/empty Normal file
View file

203
sendmail/manifests/init.pp
View file

@ -112,24 +112,65 @@ class sendmail::client::msa inherits sendmail::client {
# Configure Sendmail server.
#
# $sendmail_domain:
# $mail_domain:
# SMTP domain name.
#
# $sendmail_auth_mech:
# List of authentication mechanisms to use. Defaults to PLAIN and LOGIN.
#
# $sendmail_ssl_key:
#
# $sendmail_ssl_cert:
#
class sendmail::server inherits sendmail::common {
include procmail
if !$sendmail_auth_mech {
$sendmail_auth_mech = [ "PLAIN", "LOGIN", ]
}
$ssl_key = basename($sendmail_ssl_key)
$ssl_cert = basename($sendmail_ssl_cert)
if $sendmail_ssl_chain {
$ssl_chain = basename($sendmail_ssl_chain)
}
case $operatingsystem {
centos,redhat: {
$sendmail_ostype = "linux"
$group = "root"
"centos","fedora": {
File["/etc/sysconfig/sendmail"] {
content => "DAEMON=yes\nQUEUE=1h\n",
}
} ubuntu: {
fail("Operating system not supported.")
} openbsd: {
$sendmail_ostype = "openbsd"
$group = "wheel"
}
default: {
fail("sendmail::server not supported in '${::operatingsystem}'")
}
}
file { "/etc/pki/tls/private/${ssl_key}":
ensure => present,
source => $sendmail_ssl_key,
mode => "0600",
owner => "root",
group => "root",
notify => Service["sendmail"],
}
file { "/etc/pki/tls/certs/${ssl_cert}":
ensure => present,
source => $sendmail_ssl_cert,
mode => "0644",
owner => "root",
group => "root",
notify => Service["sendmail"],
}
if $ssl_chain {
file { "/etc/pki/tls/certs/${ssl_chain}":
ensure => present,
source => $sendmail_ssl_chain,
mode => "0644",
owner => "root",
group => "root",
notify => Service["sendmail"],
}
}
@ -140,47 +181,151 @@ class sendmail::server inherits sendmail::common {
},
content => template("sendmail/sendmail.mc.erb"),
owner => "root",
group => $group,
group => "root",
mode => "0644",
notify => Exec["make sendmail.cf"],
}
file { "/etc/aliases":
ensure => present,
notify => Exec["newaliases"],
owner => "root",
group => $group,
mode => "0644",
}
exec { "make sendmail.cf":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
path => "/bin:/usr/bin:/sbin:/usr/sbin:/etc/mail",
cwd => $operatingsystem ? {
openbsd => "/usr/share/sendmail/cf",
default => "/etc/mail",
"openbsd" => "/usr/share/sendmail/cf",
default => "/etc/mail",
},
require => $operatingsystem ? {
openbsd => undef,
default => Package["sendmail"],
"openbsd" => undef,
default => Package["sendmail"],
},
refreshonly => true,
}
file { "/etc/mail/sendmail.cf":
ensure => present,
owner => "root",
group => $group,
mode => "0644",
owner => "root",
group => "root",
source => $operatingsystem ? {
openbsd => "/usr/share/sendmail/cf/sendmail.cf",
default => undef,
"openbsd" => "/usr/share/sendmail/cf/sendmail.cf",
default => undef,
},
require => Exec["make sendmail.cf"],
notify => Service["sendmail"],
}
file { "/etc/mail/certs":
ensure => directory,
mode => "0755",
owner => "root",
group => "root",
}
exec { "populate-etc-mail-certs":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "csplit /etc/pki/tls/certs/ca-bundle.crt '/BEGIN/' '{*}' ; sh -c 'for i in x* ; do name=`openssl x509 -hash -noout -in \$i`.0 ; openssl x509 -hash -in \$i -out \$name ; done' && rm -f x* .0",
cwd => "/etc/mail/certs",
onlyif => "find /etc/mail/certs ! -newer /etc/pki/tls/certs/ca-bundle.crt | egrep '.*' || [ -z \"`ls /etc/mail/certs`\" ]",
require => File["/etc/mail/certs"],
before => Service["sendmail"],
}
file { "/etc/aliases":
ensure => present,
name => $operatingsystem ? {
"openbsd" => "/etc/mail/aliases",
default => "/etc/aliases",
},
source => [
"puppet:///files/mail/aliases",
"puppet:///modules/sendmail/aliases",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["newaliases"],
}
exec { "newaliases":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
file { "/etc/mail/access":
ensure => present,
source => [
"puppet:///files/mail/access",
"puppet:///modules/sendmail/empty",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["make access.db"],
}
exec { "make access.db":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "makemap hash /etc/mail/access < /etc/mail/access",
refreshonly => true,
notify => Service["sendmail"],
}
file { "/etc/mail/genericstable":
ensure => present,
source => [
"puppet:///files/mail/genericstable",
"puppet:///modules/sendmail/empty",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["make genericstable.db"],
}
exec { "make genericstable.db":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "makemap hash /etc/mail/genericstable < /etc/mail/genericstable",
refreshonly => true,
notify => Service["sendmail"],
}
file { "/etc/mail/mailertable":
ensure => present,
source => [
"puppet:///files/mail/mailertable",
"puppet:///modules/sendmail/empty",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["make mailertable.db"],
}
exec { "make mailertable.db":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "makemap hash /etc/mail/mailertable < /etc/mail/mailertable",
refreshonly => true,
notify => Service["sendmail"],
}
file { "/etc/mail/virtusertable":
ensure => present,
source => [
"puppet:///files/mail/virtusertable",
"puppet:///modules/sendmail/empty",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["make virtusertable.db"],
}
exec { "make virtusertable.db":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable",
refreshonly => true,
notify => Service["sendmail"],
}
file { "/etc/mail/local-host-names":
ensure => present,
source => [
"puppet:///files/mail/local-host-names",
"puppet:///modules/sendmail/local-host-names",
],
mode => "0644",
owner => "root",
group => "root",
}
}

43
sendmail/templates/sendmail.mc.erb
View file

@ -1,7 +1,14 @@
divert(-1)dnl
dnl #
dnl # This file is managed by puppet so hand editing is not recommended.
dnl #
<% if ['CentOS','Fedora'].index(operatingsystem) -%>
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for <%= sendmail_ostype %>')dnl
OSTYPE(`<%= sendmail_ostype %>')dnl
<% elsif operatingsystem == 'Ubuntu' -%>
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
<% end -%>
VERSIONID(`puppet sendmail::server')dnl
dnl #
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
@ -13,6 +20,20 @@ define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confTO_IDENT', `0')dnl
dnl #
define(`confAUTH_OPTIONS', `A p y')dnl
TRUST_AUTH_MECH(`<%= sendmail_auth_mech.join(' ') %>')dnl
define(`confAUTH_MECHANISMS', `<%= sendmail_auth_mech.join(' ') %>')dnl
dnl #
define(`confCACERT_PATH', `/etc/mail/certs')
<% if has_variable?('ssl_chain') -%>
define(`confCACERT', `/etc/pki/tls/certs/<%= ssl_chain %>')
<% end -%>
define(`confSERVER_CERT', `/etc/pki/tls/certs/<%= ssl_cert %>')
define(`confSERVER_KEY', `/etc/pki/tls/private/<%= ssl_key %>')
define(`confCLIENT_CERT', `/etc/pki/tls/certs/<%= ssl_cert %>')
define(`confCLIENT_KEY', `/etc/pki/tls/private/<%= ssl_key %>')
dnl #
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
@ -23,19 +44,25 @@ FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MASQUERADE_AS(`<%= sendmail_domain %>')dnl
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
LOCAL_DOMAIN`localhost.localdomain')dnl
MASQUERADE_AS(`<%= mail_domain %>')dnl
FEATURE(masquerade_envelope)dnl
FEATURE(allmasquerade)dnl
define(`confMATCH_GECOS')dnl
define(`confDOMAIN_NAME', `<%= sendmail_domain %>')dnl
define(`confDONT_BLAME_SENDMAIL', `GroupWritableDirpathSafe,GroupWritableIncludeFileSafe,GroupWritableForwardFile,ForwardFileInGroupWritableDirPath')dnl
FEATURE(masquerade_entire_domain)dnl
FEATURE(`accept_unresolvable_domains')dnl
dnl #
define(`confMATCH_GECOS')dnl
define(`confDOMAIN_NAME', `<%= mail_domain %>')dnl
define(`confDONT_BLAME_SENDMAIL', `GroupWritableDirpathSafe,GroupWritableIncludeFileSafe,GroupWritableForwardFile,ForwardFileInGroupWritableDirPath')dnl
dnl #
MAILER(smtp)dnl
MAILER(procmail)dnl