Permalink
Browse files

postfix cookbook added

  • Loading branch information...
1 parent 06a7bb0 commit d68782844d771d1564dd39c31866341ea29413d2 @mdxp committed Oct 26, 2011
@@ -0,0 +1,14 @@
+default[:postfix][:mail_type] = "client"
+default[:postfix][:myhostname] = fqdn
+default[:postfix][:mydomain] = domain
+default[:postfix][:myorigin] = "$myhostname"
+default[:postfix][:relayhost] = ""
+default[:postfix][:mail_relay_networks] = "127.0.0.0/8"
+
+default[:postfix][:smtp_sasl_auth_enable] = "no"
+default[:postfix][:smtp_sasl_password_maps] = "hash:/etc/postfix/sasl_passwd"
+default[:postfix][:smtp_sasl_security_options] = "noanonymous"
+default[:postfix][:smtp_tls_cafile] = "/etc/postfix/cacert.pem"
+default[:postfix][:smtp_use_tls] = "yes"
+default[:postfix][:smtp_sasl_user_name] = ""
+default[:postfix][:smtp_sasl_passwd] = ""
View
@@ -0,0 +1,82 @@
+maintainer "Opscode, Inc."
+maintainer_email "cookbooks@opscode.com"
+license "Apache 2.0"
+description "Installs and configures postfix for client or outbound relayhost, or to do SASL auth"
+version "0.8.2"
+recipe "postfix", "Installs and configures postfix"
+recipe "postfix::sasl_auth", "Set up postfix to auth to a server with sasl"
+
+%w{ubuntu debian}.each do |os|
+ supports os
+end
+
+attribute "postfix",
+ :display_name => "Postfix",
+ :description => "Hash of Postfix attributes",
+ :type => "hash"
+
+attribute "postfix/mail_type",
+ :display_name => "Postfix Mail Type",
+ :description => "Is this node a client or server?",
+ :default => "client"
+
+attribute "postfix/myhostname",
+ :display_name => "Postfix Myhostname",
+ :description => "Sets the myhostname value in main.cf",
+ :default => "fqdn"
+
+attribute "postfix/mydomain",
+ :display_name => "Postfix Mydomain",
+ :description => "Sets the mydomain value in main.cf",
+ :default => "domain"
+
+attribute "postfix/myorigin",
+ :display_name => "Postfix Myorigin",
+ :description => "Sets the myorigin value in main.cf",
+ :default => "$myhostname"
+
+attribute "postfix/relayhost",
+ :display_name => "Postfix Relayhost",
+ :description => "Sets the relayhost value in main.cf",
+ :default => ""
+
+attribute "postfix/mail_relay_networks",
+ :display_name => "Postfix Mail Relay Networks",
+ :description => "Sets the mynetworks value in main.cf",
+ :default => "127.0.0.0/8"
+
+attribute "postfix/smtp_sasl_auth_enable",
+ :display_name => "Postfix SMTP SASL Auth Enable",
+ :description => "Enable SMTP SASL Authentication",
+ :default => "no"
+
+attribute "postfix/smtp_sasl_password_maps",
+ :display_name => "Postfix SMTP SASL Password Maps",
+ :description => "hashmap of SASL passwords",
+ :default => "hash:/etc/postfix/sasl_passwd"
+
+attribute "postfix/smtp_sasl_security_options",
+ :display_name => "Postfix SMTP SASL Security Options",
+ :description => "Sets the value of smtp_sasl_security_options in main.cf",
+ :default => "noanonymous"
+
+attribute "postfix/smtp_tls_cafile",
+ :display_name => "Postfix SMTP TLS CA File",
+ :description => "CA certificate file for SMTP over TLS",
+ :default => "/etc/postfix/cacert.pem"
+
+attribute "postfix/smtp_use_tls",
+ :display_name => "Postfix SMTP Use TLS?",
+ :description => "Whether SMTP SASL Auth should use TLS encryption",
+ :default => "yes"
+
+attribute "postfix/smtp_sasl_user_name",
+ :display_name => "Postfix SMTP SASL Username",
+ :description => "User to auth SMTP via SASL",
+ :default => ""
+
+attribute "postfix/smtp_sasl_passwd",
+ :display_name => "Postfix SMTP SASL Password",
+ :description => "Password for smtp_sasl_user_name",
+ :default => ""
+
View
@@ -0,0 +1,37 @@
+#
+# Author:: Joshua Timberman(<joshua@opscode.com>)
+# Cookbook Name:: postfix
+# Recipe:: default
+#
+# Copyright 2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+package "postfix" do
+ action :install
+end
+
+service "postfix" do
+ action :enable
+end
+
+%w{main master}.each do |cfg|
+ template "/etc/postfix/#{cfg}.cf" do
+ source "#{cfg}.cf.erb"
+ owner "root"
+ group "root"
+ mode 0644
+ notifies :restart, resources(:service => "postfix")
+ end
+end
@@ -0,0 +1,40 @@
+#
+# Author:: Joshua Timberman(<joshua@opscode.com>)
+# Cookbook Name:: postfix
+# Recipe:: sasl_auth
+#
+# Copyright 2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+%w{ libsasl2-2 ca-certificates}.each do |pkg|
+ package pkg do
+ action :install
+ end
+end
+
+execute "postmap-sasl_passwd" do
+ command "postmap /etc/postfix/sasl_passwd"
+ action :nothing
+end
+
+template "/etc/postfix/sasl_passwd" do
+ source "sasl_passwd.erb"
+ owner "root"
+ group "root"
+ mode 0400
+ notifies :run, resources(:execute => "postmap-sasl_passwd"), :immediately
+ notifies :restart, resources(:service => "postfix")
+end
+
@@ -0,0 +1,37 @@
+###
+# Generated by Chef for <%= node[:fqdn] %>
+# Configured as <%= node[:postfix][:mail_type] %>
+###
+
+biff = no
+append_dot_mydomain = no
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
+smtp_sasl_auth_enable = <%= node[:postfix][:smtp_sasl_auth_enable] %>
+<% if node[:postfix][:smtp_sasl_auth_enable] == "yes" -%>
+smtp_sasl_password_maps = <%= node[:postfix][:smtp_sasl_password_maps] %>
+smtp_sasl_security_options = <%= node[:postfix][:smtp_sasl_security_options] %>
+smtp_tls_CAfile = <%= node[:postfix][:smtp_tls_cafile] %>
+smtp_use_tls = <%= node[:postfix][:smtp_use_tls] %>
+<% end -%>
+myhostname = <%= node[:postfix][:myhostname] %>
+mydomain = <%= node[:postfix][:mydomain] %>
+myorigin = <%= node[:postfix][:myorigin] %>
+smtpd_banner = $myhostname ESMTP $mail_name
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+mydestination = <%= node[:postfix][:myhostname] %>, <%= node[:hostname] %>, localhost.localdomain, localhost
+<% if node[:postfix][:mail_type] == "master" -%>
+relayhost =
+mynetworks = <%= node[:postfix][:mail_relay_networks] %>
+inet_interfaces = all
+<% else -%>
+relayhost = <%= node[:postfix][:relayhost] %>
+mynetworks = <%= node[:postfix][:mail_relay_networks] %>
+inet_interfaces = loopback-only
+<% end -%>
+mailbox_size_limit = 0
+recipient_delimiter = +
@@ -0,0 +1,79 @@
+#
+# Postfix master process configuration file. For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master").
+#
+# ==========================================================================
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (yes) (never) (100)
+# ==========================================================================
+smtp inet n - n - - smtpd
+#submission inet n - n - - smtpd
+# -o smtpd_enforce_tls=yes
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#smtps inet n - n - - smtpd
+# -o smtpd_tls_wrappermode=yes
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#628 inet n - n - - qmqpd
+pickup fifo n - n 60 1 pickup
+cleanup unix n - n - 0 cleanup
+qmgr fifo n - n 300 1 qmgr
+#qmgr fifo n - n 300 1 oqmgr
+tlsmgr unix - - n 1000? 1 tlsmgr
+rewrite unix - - n - - trivial-rewrite
+bounce unix - - n - 0 bounce
+defer unix - - n - 0 bounce
+trace unix - - n - 0 bounce
+verify unix - - n - 1 verify
+flush unix n - n 1000? 0 flush
+proxymap unix - - n - - proxymap
+smtp unix - - n - 500 smtp
+# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
+relay unix - - n - - smtp
+ -o fallback_relay=
+# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq unix n - n - - showq
+error unix - - n - - error
+discard unix - - n - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - n - - lmtp
+anvil unix - - n - 1 anvil
+scache unix - - n - 1 scache
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent. See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop unix - n n - - pipe
+ flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
+#
+# The Cyrus deliver program has changed incompatibly, multiple times.
+#
+old-cyrus unix - n n - - pipe
+ flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+cyrus unix - n n - - pipe
+ user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp unix - n n - - pipe
+ flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail unix - n n - - pipe
+ flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp unix - n n - - pipe
+ flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
@@ -0,0 +1 @@
+<%= node[:postfix][:relayhost] %> <%= node[:postfix][:smtp_sasl_user_name] %>:<%= node[:postfix][:smtp_sasl_passwd] %>

0 comments on commit d687828

Please sign in to comment.