From d24262fb1e3eced78c42f1e0c0f929226b5b18d1 Mon Sep 17 00:00:00 2001 From: Andrew Teixeira Date: Wed, 25 May 2016 16:28:13 -0400 Subject: [PATCH 1/4] * Add new selectable options for submission and smtps in master.cf --- manifests/server.pp | 8 ++++++-- templates/master.cf-el5.erb | 12 ++++++++++++ templates/master.cf.erb | 12 ++++++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/manifests/server.pp b/manifests/server.pp index e479254..0c1164a 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -98,10 +98,14 @@ # submission should only be used for authenticated delivery, so explicitly # reject everything else. $submission_smtpd_client_restrictions = 'permit_sasl_authenticated,reject', + $submission_smtpd_recipient_restrictions = undef, + $submission_smtpd_sender_restrictions = undef, # smtps should allow unauthenticated delivery (for local or relay_domains for - # example) so no explicit reject. smtps port 465 is non-standards compliant - # anyway so no one true answer. + # example) so no explicit reject. smtps port 465 is non-standards compliant + # anyway so no one true answer. $smtps_smtpd_client_restrictions = 'permit_sasl_authenticated', + $smtps_smtpd_recipient_restrictions = undef, + $smtps_smtpd_sender_restrictions = undef, $master_services = [], # Other files $header_checks = [], diff --git a/templates/master.cf-el5.erb b/templates/master.cf-el5.erb index 760041e..1a5a5ca 100644 --- a/templates/master.cf-el5.erb +++ b/templates/master.cf-el5.erb @@ -15,12 +15,24 @@ submission inet n - n - - smtpd -o smtpd_enforce_tls=<%= @submission_smtpd_enforce_tls %> -o smtpd_sasl_auth_enable=<%= @submission_smtpd_sasl_auth_enable %> -o smtpd_client_restrictions=<%= @submission_smtpd_client_restrictions %> +<% if @submission_smtpd_recipient_restrictions -%> + -o smtpd_recipient_restrictions=<%= @submission_smtpd_recipient_restrictions %> +<% end -%> +<% if @submission_smtpd_sender_restrictions -%> + -o smtpd_sender_restrictions=<%= @submission_smtpd_sender_restrictions %> +<% end -%> <% end -%> <% if @ssl -%> smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject +<% if @smtps_smtpd_recipient_restrictions -%> + -o smtpd_recipient_restrictions=<%= @smtps_smtpd_recipient_restrictions %> +<% end -%> +<% if @smtps_smtpd_sender_restrictions -%> + -o smtpd_sender_restrictions=<%= @smtps_smtpd_sender_restrictions %> +<% end -%> <% @smtp_content_filter.each do |content_filter| -%> -o content_filter=<%= content_filter %> <% end -%> diff --git a/templates/master.cf.erb b/templates/master.cf.erb index 248face..1201065 100644 --- a/templates/master.cf.erb +++ b/templates/master.cf.erb @@ -24,6 +24,12 @@ submission inet n - n - - smtpd -o smtpd_tls_security_level=<%= @submission_smtpd_tls_security_level %> -o smtpd_sasl_auth_enable=<%= @submission_smtpd_sasl_auth_enable %> -o smtpd_client_restrictions=<%= @submission_smtpd_client_restrictions %> +<% if @submission_smtpd_recipient_restrictions -%> + -o smtpd_recipient_restrictions=<%= @submission_smtpd_recipient_restrictions %> +<% end -%> +<% if @submission_smtpd_sender_restrictions -%> + -o smtpd_sender_restrictions=<%= @submission_smtpd_sender_restrictions %> +<% end -%> -o milter_macro_daemon_name=ORIGINATING <% end -%> <% if @ssl -%> @@ -31,6 +37,12 @@ smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=<%= @smtps_smtpd_sasl_auth_enable %> -o smtpd_client_restrictions=<%= @smtps_smtpd_client_restrictions %> +<% if @smtps_smtpd_recipient_restrictions -%> + -o smtpd_recipient_restrictions=<%= @smtps_smtpd_recipient_restrictions %> +<% end -%> +<% if @smtps_smtpd_sender_restrictions -%> + -o smtpd_sender_restrictions=<%= @smtps_smtpd_sender_restrictions %> +<% end -%> -o milter_macro_daemon_name=ORIGINATING <% @smtps_content_filter.each do |content_filter| -%> -o content_filter=<%= content_filter %> From b3fdab0945d54ea90c486ccc66d53ce4b1c3f22d Mon Sep 17 00:00:00 2001 From: Andrew Teixeira Date: Wed, 5 Oct 2016 11:27:21 -0400 Subject: [PATCH 2/4] Don't do anything with postgrey if 'postgrey' is set to false --- templates/main.cf-el5.erb | 2 ++ templates/main.cf.erb | 2 ++ 2 files changed, 4 insertions(+) diff --git a/templates/main.cf-el5.erb b/templates/main.cf-el5.erb index 95adb67..840c898 100644 --- a/templates/main.cf-el5.erb +++ b/templates/main.cf-el5.erb @@ -886,11 +886,13 @@ smtpd_recipient_restrictions = <% @smtpd_recipient_restrictions.each do |line| -%> <%= line %>, <% end -%> +<% if @postgrey -%> <% if @postgrey_policy_service -%> check_policy_service <%= @postgrey_policy_service %>, <% else -%> check_policy_service unix:postgrey/socket, <% end -%> +<% end -%> <% end -%> <% if !@smtpd_data_restrictions.empty? -%> diff --git a/templates/main.cf.erb b/templates/main.cf.erb index 2e0beb0..76abcc7 100644 --- a/templates/main.cf.erb +++ b/templates/main.cf.erb @@ -908,11 +908,13 @@ smtpd_recipient_restrictions = <% @smtpd_recipient_restrictions.each do |line| -%> <%= line %>, <% end -%> +<% if @postgrey -%> <% if @postgrey_policy_service -%> check_policy_service <%= @postgrey_policy_service %>, <% else -%> check_policy_service unix:postgrey/socket, <% end -%> +<% end -%> <% end -%> <% if !@smtpd_data_restrictions.empty? -%> From f4a10e1f3c71d6e17ceb4675342815da078acde9 Mon Sep 17 00:00:00 2001 From: Andrew Teixeira Date: Mon, 20 Sep 2021 12:46:30 -0400 Subject: [PATCH 3/4] Fix bugs in postfix::file --- manifests/file.pp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/manifests/file.pp b/manifests/file.pp index f8e489b..0738a4c 100644 --- a/manifests/file.pp +++ b/manifests/file.pp @@ -33,7 +33,7 @@ $ensure = undef ) { - include '::postfix::params' + include ::postfix::params file { "${postfixdir}/${title}": ensure => $ensure, @@ -43,8 +43,7 @@ content => $content, source => $source, notify => Service['postfix'], - require => Package[$::postfix::params::postfix_package], + require => Package[$::postfix::server::postfix_package], } } - From 6e7aefe400e6e9aa23628270cbf12e3b49a98404 Mon Sep 17 00:00:00 2001 From: Lui Date: Thu, 3 Apr 2025 10:05:46 -0400 Subject: [PATCH 4/4] feat: adding default version for rhel 8 and 9 that jive with the template (#1) --- manifests/params.pp | 2 ++ templates/main.cf-el8.erb | 2 ++ 2 files changed, 4 insertions(+) diff --git a/manifests/params.pp b/manifests/params.pp index ac32dc3..a0c14d5 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -4,6 +4,8 @@ case $facts['os']['family'] { 'RedHat': { $postfix_version = $facts['os']['release']['major'] ? { + '9' => '3.5.25', + '8' => '3.5.8', '7' => '2.6.6', # Not correct, but let's not change existing '6' => '2.6.6', '5' => '2.3.3', diff --git a/templates/main.cf-el8.erb b/templates/main.cf-el8.erb index 2410b25..34ab685 100644 --- a/templates/main.cf-el8.erb +++ b/templates/main.cf-el8.erb @@ -960,11 +960,13 @@ smtpd_recipient_restrictions = <% @smtpd_recipient_restrictions.each do |line| -%> <%= line %>, <% end -%> +<% if @postgrey -%> <% if @postgrey_policy_service -%> check_policy_service <%= @postgrey_policy_service %>, <% else -%> check_policy_service unix:postgrey/socket, <% end -%> +<% end -%> <% end -%> <% if !@smtpd_data_restrictions.empty? -%>