From 4c7c2a269d7ccc2f727ec9f2ea033f3cbe1ff9b6 Mon Sep 17 00:00:00 2001
From: Alexander Weidinger <aw@sz9i.net>
Date: Fri, 8 Dec 2017 13:20:01 +0100
Subject: [PATCH] master.cf: made submission configurable

---
 pillar.example          |  5 +++++
 postfix/files/master.cf | 19 +++++++++++++++++--
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/pillar.example b/pillar.example
index 6199c41..9733ba2 100644
--- a/pillar.example
+++ b/pillar.example
@@ -2,6 +2,11 @@ postfix:
   manage_master_config: True
   master_config:
     enable_submission: False
+    # To replace the defaults use this:
+    submission:
+      smtpd_tls_security_level: encrypt
+      smtpd_sasl_auth_enable: yes
+      smtpd_client_restrictions: permit_sasl_authenticated,reject
 
   enable_service: True
 
diff --git a/postfix/files/master.cf b/postfix/files/master.cf
index c993a80..39d7615 100644
--- a/postfix/files/master.cf
+++ b/postfix/files/master.cf
@@ -1,4 +1,13 @@
+{%- macro set_option(parameter, value) -%}
+  {%- if value is number or value is string -%}
+-o {{ parameter }}={{ value }}
+  {%- elif value is iterable -%}
+-o {{ parameter }}={{ value | join(', ')}}
+  {%- endif -%}
+{%- endmacro -%}
+
 {% set master_config = salt['pillar.get']('postfix:master_config', {}) -%}
+
 #
 # Postfix master process configuration file.  For details on the format
 # of the file, see the master(5) manual page (command: "man 5 master" or
@@ -15,11 +24,17 @@ smtp      inet  n       -       n       -       -       smtpd
 #smtpd     pass  -       -       n       -       -       smtpd
 #dnsblog   unix  -       -       n       -       0       dnsblog
 #tlsproxy  unix  -       -       n       -       0       tlsproxy
-{% if master_config.get('enable_submission', False) %}
+{%- if master_config.get('enable_submission', False) %}
 submission inet n       -       n       -       -       smtpd
+{%-  if master_config.get('submission', False) -%}
+{%     for parameter, value in master_config.get('submission', {}).items() %}
+  {{ set_option(parameter, value) }}
+{%-    endfor -%}
+{%   else %}
 #  -o syslog_name=postfix/submission
   -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_auth_enable=yes
+{%   endif %}
 #  -o smtpd_reject_unlisted_recipient=no
 #  -o smtpd_client_restrictions=$mua_client_restrictions
 #  -o smtpd_helo_restrictions=$mua_helo_restrictions
@@ -27,7 +42,7 @@ submission inet n       -       n       -       -       smtpd
 #  -o smtpd_recipient_restrictions=
 #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
 #  -o milter_macro_daemon_name=ORIGINATING
-{% endif %}
+{% endif -%}
 #smtps     inet  n       -       n       -       -       smtpd
 #  -o syslog_name=postfix/smtps
 #  -o smtpd_tls_wrappermode=yes