From 81e9a4894ad4fb6f7cf89aba36bbe11b16030c92 Mon Sep 17 00:00:00 2001
From: Gilles Dartiguelongue <eva@gentoo.org>
Date: Tue, 29 Dec 2015 11:28:35 +0100
Subject: [PATCH] Do not leak passwords

---
 postfix/init.sls | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/postfix/init.sls b/postfix/init.sls
index dae0c89..167f8fb 100644
--- a/postfix/init.sls
+++ b/postfix/init.sls
@@ -12,7 +12,7 @@ postfix:
     - watch:
       - pkg: postfix
 
-{%- macro postmap_file(filename) %}
+{%- macro postmap_file(filename, mode=644) %}
 {%- set file_path = '/etc/postfix/' ~ filename %}
 postmap_{{ filename }}:
   file.managed:
@@ -20,7 +20,7 @@ postmap_{{ filename }}:
     - source: salt://postfix/{{ filename }}
     - user: root
     - group: root
-    - mode: 644
+    - mode: {{ mode }}
     - template: jinja
     - require:
       - pkg: postfix
@@ -58,7 +58,7 @@ run-newaliases:
 
 # manage /etc/postfix/sasl_passwd if data found in pillar
 {% if 'sasl_passwd' in pillar.get('postfix', '') %}
-{{ postmap_file('sasl_passwd') }}
+{{ postmap_file('sasl_passwd', 600) }}
 {% endif %}
 
 # manage /etc/postfix/sender_canonical if data found in pillar