diff --git a/manifests/file.pp b/manifests/file.pp index f8e489b..0738a4c 100644 --- a/manifests/file.pp +++ b/manifests/file.pp @@ -33,7 +33,7 @@ $ensure = undef ) { - include '::postfix::params' + include ::postfix::params file { "${postfixdir}/${title}": ensure => $ensure, @@ -43,8 +43,7 @@ content => $content, source => $source, notify => Service['postfix'], - require => Package[$::postfix::params::postfix_package], + require => Package[$::postfix::server::postfix_package], } } - diff --git a/manifests/params.pp b/manifests/params.pp index ac32dc3..a0c14d5 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -4,6 +4,8 @@ case $facts['os']['family'] { 'RedHat': { $postfix_version = $facts['os']['release']['major'] ? { + '9' => '3.5.25', + '8' => '3.5.8', '7' => '2.6.6', # Not correct, but let's not change existing '6' => '2.6.6', '5' => '2.3.3', diff --git a/manifests/server.pp b/manifests/server.pp index e479254..0c1164a 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -98,10 +98,14 @@ # submission should only be used for authenticated delivery, so explicitly # reject everything else. $submission_smtpd_client_restrictions = 'permit_sasl_authenticated,reject', + $submission_smtpd_recipient_restrictions = undef, + $submission_smtpd_sender_restrictions = undef, # smtps should allow unauthenticated delivery (for local or relay_domains for - # example) so no explicit reject. smtps port 465 is non-standards compliant - # anyway so no one true answer. + # example) so no explicit reject. smtps port 465 is non-standards compliant + # anyway so no one true answer. $smtps_smtpd_client_restrictions = 'permit_sasl_authenticated', + $smtps_smtpd_recipient_restrictions = undef, + $smtps_smtpd_sender_restrictions = undef, $master_services = [], # Other files $header_checks = [], diff --git a/templates/main.cf-el5.erb b/templates/main.cf-el5.erb index 95adb67..840c898 100644 --- a/templates/main.cf-el5.erb +++ b/templates/main.cf-el5.erb @@ -886,11 +886,13 @@ smtpd_recipient_restrictions = <% @smtpd_recipient_restrictions.each do |line| -%> <%= line %>, <% end -%> +<% if @postgrey -%> <% if @postgrey_policy_service -%> check_policy_service <%= @postgrey_policy_service %>, <% else -%> check_policy_service unix:postgrey/socket, <% end -%> +<% end -%> <% end -%> <% if !@smtpd_data_restrictions.empty? -%> diff --git a/templates/main.cf-el8.erb b/templates/main.cf-el8.erb index 2410b25..34ab685 100644 --- a/templates/main.cf-el8.erb +++ b/templates/main.cf-el8.erb @@ -960,11 +960,13 @@ smtpd_recipient_restrictions = <% @smtpd_recipient_restrictions.each do |line| -%> <%= line %>, <% end -%> +<% if @postgrey -%> <% if @postgrey_policy_service -%> check_policy_service <%= @postgrey_policy_service %>, <% else -%> check_policy_service unix:postgrey/socket, <% end -%> +<% end -%> <% end -%> <% if !@smtpd_data_restrictions.empty? -%> diff --git a/templates/main.cf.erb b/templates/main.cf.erb index 2e0beb0..76abcc7 100644 --- a/templates/main.cf.erb +++ b/templates/main.cf.erb @@ -908,11 +908,13 @@ smtpd_recipient_restrictions = <% @smtpd_recipient_restrictions.each do |line| -%> <%= line %>, <% end -%> +<% if @postgrey -%> <% if @postgrey_policy_service -%> check_policy_service <%= @postgrey_policy_service %>, <% else -%> check_policy_service unix:postgrey/socket, <% end -%> +<% end -%> <% end -%> <% if !@smtpd_data_restrictions.empty? -%> diff --git a/templates/master.cf-el5.erb b/templates/master.cf-el5.erb index 760041e..1a5a5ca 100644 --- a/templates/master.cf-el5.erb +++ b/templates/master.cf-el5.erb @@ -15,12 +15,24 @@ submission inet n - n - - smtpd -o smtpd_enforce_tls=<%= @submission_smtpd_enforce_tls %> -o smtpd_sasl_auth_enable=<%= @submission_smtpd_sasl_auth_enable %> -o smtpd_client_restrictions=<%= @submission_smtpd_client_restrictions %> +<% if @submission_smtpd_recipient_restrictions -%> + -o smtpd_recipient_restrictions=<%= @submission_smtpd_recipient_restrictions %> +<% end -%> +<% if @submission_smtpd_sender_restrictions -%> + -o smtpd_sender_restrictions=<%= @submission_smtpd_sender_restrictions %> +<% end -%> <% end -%> <% if @ssl -%> smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject +<% if @smtps_smtpd_recipient_restrictions -%> + -o smtpd_recipient_restrictions=<%= @smtps_smtpd_recipient_restrictions %> +<% end -%> +<% if @smtps_smtpd_sender_restrictions -%> + -o smtpd_sender_restrictions=<%= @smtps_smtpd_sender_restrictions %> +<% end -%> <% @smtp_content_filter.each do |content_filter| -%> -o content_filter=<%= content_filter %> <% end -%> diff --git a/templates/master.cf.erb b/templates/master.cf.erb index 248face..1201065 100644 --- a/templates/master.cf.erb +++ b/templates/master.cf.erb @@ -24,6 +24,12 @@ submission inet n - n - - smtpd -o smtpd_tls_security_level=<%= @submission_smtpd_tls_security_level %> -o smtpd_sasl_auth_enable=<%= @submission_smtpd_sasl_auth_enable %> -o smtpd_client_restrictions=<%= @submission_smtpd_client_restrictions %> +<% if @submission_smtpd_recipient_restrictions -%> + -o smtpd_recipient_restrictions=<%= @submission_smtpd_recipient_restrictions %> +<% end -%> +<% if @submission_smtpd_sender_restrictions -%> + -o smtpd_sender_restrictions=<%= @submission_smtpd_sender_restrictions %> +<% end -%> -o milter_macro_daemon_name=ORIGINATING <% end -%> <% if @ssl -%> @@ -31,6 +37,12 @@ smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=<%= @smtps_smtpd_sasl_auth_enable %> -o smtpd_client_restrictions=<%= @smtps_smtpd_client_restrictions %> +<% if @smtps_smtpd_recipient_restrictions -%> + -o smtpd_recipient_restrictions=<%= @smtps_smtpd_recipient_restrictions %> +<% end -%> +<% if @smtps_smtpd_sender_restrictions -%> + -o smtpd_sender_restrictions=<%= @smtps_smtpd_sender_restrictions %> +<% end -%> -o milter_macro_daemon_name=ORIGINATING <% @smtps_content_filter.each do |content_filter| -%> -o content_filter=<%= content_filter %>