From e882f1a4d16134a2b1174b0a03ef70c01745a825 Mon Sep 17 00:00:00 2001 From: skyler Date: Tue, 19 Aug 2014 17:32:47 -0700 Subject: [PATCH 1/8] Add config state and main.cf config file --- postfix/config.sls | 43 +++++++++++++++++++++++++++++++++++++++++++ postfix/files/main.cf | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 postfix/config.sls create mode 100644 postfix/files/main.cf diff --git a/postfix/config.sls b/postfix/config.sls new file mode 100644 index 0000000..f2e83b0 --- /dev/null +++ b/postfix/config.sls @@ -0,0 +1,43 @@ +include: + - postfix + +/etc/postfix: + file.directory: + - user: root + - group: root + - dir_mode: 755 + - file_mode: 644 + - makedirs: True + +/etc/postfix/main.cf: + file.managed: + - source: salt://postfix/files/main.cf + - user: root + - group: root + - mode: 644 + - watch_in: + service: postfix + - template: jinja + - defaults: + smtpd_banner: {{ salt['pillar.get']('postfix:smtpd_banner', '$myhostname ESMTP $mail_name (Ubuntu)' )}} + biff: {{ salt['pillar.get']('postfix:biff', 'no' )}} + + append_dot_mydomain: {{ salt['pillar.get']('postfix:append_dot_mydomain', 'no' )}} + + readme_directory: {{ salt['pillar.get']('postfix:readme_directory', 'no' )}} + + smtpd_tls_cert_file: {{ salt['pillar.get']('postfix:smtpd_tls_cert_file', '/etc/ssl/certs/ssl-cert-snakeoil.pem' )}} + smtpd_tls_key_file: {{ salt['pillar.get']('postfix:smtpd_tls_key_file', '/etc/ssl/private/ssl-cert-snakeoil.key' )}} + smtpd_use_tls: {{ salt['pillar.get']('postfix:smtpd_use_tls', 'yes' )}} + smtpd_tls_session_cache_database: {{ salt['pillar.get']('postfix:smtpd_tls_session_cache_database', 'btree:${data_directory}/smtpd_scache' )}} + smtp_tls_session_cache_database: {{ salt['pillar.get']('postfix:smtp_tls_session_cache_database', 'btree:${data_directory}/smtp_scache' )}} + + myhostname: {{ salt['pillar.get']('postfix:myhostname', 'localhost' )}} + alias_maps: {{ salt['pillar.get']('postfix:alias_maps', 'hash:/etc/aliases' )}} + alias_database: {{ salt['pillar.get']('postfix:alias_database', 'hash:/etc/aliases' )}} + mydestination: {{ salt['pillar.get']('postfix:mydestination', 'localhost, localhost.localdomain, , localhost' )}} + relayhost: {{ salt['pillar.get']('postfix:relayhost', '' )}} + mynetworks: {{ salt['pillar.get']('postfix:mynetworks', '127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128' )}} + mailbox_size_limit: {{ salt['pillar.get']('postfix:mailbox_size_limit', '0' )}} + recipient_delimiter: {{ salt['pillar.get']('postfix:recipient_delimiter', '+' )}} + inet_interfaces: {{ salt['pillar.get']('postfix:inet_interfaces', 'all' )}} diff --git a/postfix/files/main.cf b/postfix/files/main.cf new file mode 100644 index 0000000..fc73480 --- /dev/null +++ b/postfix/files/main.cf @@ -0,0 +1,38 @@ +# See /usr/share/postfix/main.cf.dist for a commented, more complete version + + +# Debian specific: Specifying a file name will cause the first +# line of that file to be used as the name. The Debian default +# is /etc/mailname. +#myorigin = /etc/mailname + +smtpd_banner = {{ smtpd_banner }} +biff = {{ biff }} + +# appending .domain is the MUA's job. +append_dot_mydomain = {{ append_dot_mydomain }} + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = {{ readme_directory }} + +# TLS parameters +smtpd_tls_cert_file = {{ smtpd_tls_cert_file }} +smtpd_tls_key_file = {{ smtpd_tls_key_file }} +smtpd_use_tls = {{ smtpd_use_tls }} +smtpd_tls_session_cache_database = {{ smtpd_tls_session_cache_database }} +smtp_tls_session_cache_database = {{ smtp_tls_session_cache_database }} + +# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for +# information on enabling SSL in the smtp client. + +myhostname = {{ myhostname }} +alias_maps = {{ alias_maps }} +alias_database = {{ alias_database }} +mydestination = {{ mydestination }} +relayhost = {{ relayhost }} +mynetworks = {{ mynetworks }} +mailbox_size_limit = {{ mailbox_size_limit }} +recipient_delimiter = {{ recipient_delimiter }} +inet_interfaces = {{ inet_interfaces }} From 46bd93f91f45c5b7fb90a82c3d29961620c377ce Mon Sep 17 00:00:00 2001 From: skyler Date: Tue, 19 Aug 2014 17:33:16 -0700 Subject: [PATCH 2/8] Update pillar.example to have settings for config file --- pillar.example | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/pillar.example b/pillar.example index e69de29..cc42a19 100644 --- a/pillar.example +++ b/pillar.example @@ -0,0 +1,23 @@ +postfix: + smtpd_banner: $myhostname ESMTP $mail_name (Ubuntu) + biff: no + + append_dot_mydomain: no + + readme_directory: no + + smtpd_tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem + smtpd_tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key + smtpd_use_tls: yes + smtpd_tls_session_cache_database: btree:${data_directory}/smtpd_scache + smtp_tls_session_cache_database: btree:${data_directory}/smtp_scache + + myhostname: localhost + alias_maps: hash:/etc/aliases + alias_database: hash:/etc/aliases + mydestination: localhost, localhost.localdomain, , localhost + relayhost: + mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 + mailbox_size_limit: 0 + recipient_delimiter: + + inet_interfaces: all From 734529541f7e385240444aa1f0c87eb473ff9d4c Mon Sep 17 00:00:00 2001 From: skyler Date: Tue, 19 Aug 2014 17:33:41 -0700 Subject: [PATCH 3/8] Update readme to show both available states --- README.rst | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/README.rst b/README.rst index 381849c..dcf846e 100644 --- a/README.rst +++ b/README.rst @@ -1,7 +1,26 @@ postfix ======= -postfix -------- +Formulas to set up and configure the Postfix mail transfer agent. -Install and start postfix +.. note:: + + See the full `Salt Formulas installation and usage instructions + `_. + +Available states +================ + +.. contents:: + :local: + + +``postfix`` +----------- + +Installs and starts postfix SMTP server + +``postfix.config`` +------------------ + +Manages postfix main.cf configuration file From 755c7b64ba1873edf1178cfc28fe7500dda08060 Mon Sep 17 00:00:00 2001 From: skyler Date: Tue, 19 Aug 2014 18:42:08 -0700 Subject: [PATCH 4/8] Make postfix.config state work with latest changes --- postfix/config.sls | 6 ++++-- postfix/files/main.cf | 8 ++++++++ postfix/init.sls | 12 ------------ postfix/main.cf | 45 ------------------------------------------- 4 files changed, 12 insertions(+), 59 deletions(-) delete mode 100644 postfix/main.cf diff --git a/postfix/config.sls b/postfix/config.sls index f2e83b0..b52f270 100644 --- a/postfix/config.sls +++ b/postfix/config.sls @@ -15,6 +15,8 @@ include: - user: root - group: root - mode: 644 + - require: + - pkg: postfix - watch_in: service: postfix - template: jinja @@ -32,10 +34,10 @@ include: smtpd_tls_session_cache_database: {{ salt['pillar.get']('postfix:smtpd_tls_session_cache_database', 'btree:${data_directory}/smtpd_scache' )}} smtp_tls_session_cache_database: {{ salt['pillar.get']('postfix:smtp_tls_session_cache_database', 'btree:${data_directory}/smtp_scache' )}} - myhostname: {{ salt['pillar.get']('postfix:myhostname', 'localhost' )}} + myhostname: {{ salt['pillar.get']('postfix:myhostname', grains['fqdn'] )}} alias_maps: {{ salt['pillar.get']('postfix:alias_maps', 'hash:/etc/aliases' )}} alias_database: {{ salt['pillar.get']('postfix:alias_database', 'hash:/etc/aliases' )}} - mydestination: {{ salt['pillar.get']('postfix:mydestination', 'localhost, localhost.localdomain, , localhost' )}} + mydestination: {{ salt['pillar.get']('postfix:mydestination', grains['fqdn'] + ', localhost.localdomain, ' + grains['domain'] )}} relayhost: {{ salt['pillar.get']('postfix:relayhost', '' )}} mynetworks: {{ salt['pillar.get']('postfix:mynetworks', '127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128' )}} mailbox_size_limit: {{ salt['pillar.get']('postfix:mailbox_size_limit', '0' )}} diff --git a/postfix/files/main.cf b/postfix/files/main.cf index fc73480..7a093ca 100644 --- a/postfix/files/main.cf +++ b/postfix/files/main.cf @@ -1,3 +1,4 @@ +# Managed by config management # See /usr/share/postfix/main.cf.dist for a commented, more complete version @@ -36,3 +37,10 @@ mynetworks = {{ mynetworks }} mailbox_size_limit = {{ mailbox_size_limit }} recipient_delimiter = {{ recipient_delimiter }} inet_interfaces = {{ inet_interfaces }} + +{% if 'virtual' in pillar.get('postfix','') %} +virtual_alias_maps = hash:/etc/postfix/virtual +{% endif %} + +#TODO: move into a pillar +message_size_limit = 41943040 diff --git a/postfix/init.sls b/postfix/init.sls index d154361..e5e4ae5 100644 --- a/postfix/init.sls +++ b/postfix/init.sls @@ -7,18 +7,6 @@ postfix: - pkg: postfix - watch: - pkg: postfix - - file: /etc/postfix/main.cf - -# postfix main configuration file -/etc/postfix/main.cf: - file.managed: - - source: salt://postfix/main.cf - - user: root - - group: root - - mode: 644 - - template: jinja - - require: - - pkg: postfix # manage /etc/aliases if data found in pillar {% if 'aliases' in pillar.get('postfix', '') %} diff --git a/postfix/main.cf b/postfix/main.cf deleted file mode 100644 index d2885db..0000000 --- a/postfix/main.cf +++ /dev/null @@ -1,45 +0,0 @@ -# Managed by config management -# See /usr/share/postfix/main.cf.dist for a commented, more complete version - -# Debian specific: Specifying a file name will cause the first -# line of that file to be used as the name. The Debian default -# is /etc/mailname. -#myorigin = /etc/mailname - -smtpd_banner = $myhostname ESMTP $mail_name -biff = no - -# appending .domain is the MUA's job. -append_dot_mydomain = no - -# Uncomment the next line to generate "delayed mail" warnings -#delay_warning_time = 4h - -readme_directory = no - -# TLS parameters -smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key -smtpd_use_tls=yes -smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache -smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache - -# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for -# information on enabling SSL in the smtp client. - -myhostname = {{ grains['fqdn'] }} -alias_maps = hash:/etc/aliases -alias_database = hash:/etc/aliases -mydestination = {{ grains['fqdn'] }}, localhost, {{ grains['domain'] }} -relayhost = -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 -mailbox_size_limit = 0 -recipient_delimiter = + -inet_interfaces = all - -{% if 'virtual' in pillar.get('postfix','') %} -virtual_alias_maps = hash:/etc/postfix/virtual -{% endif %} - -#TODO: move into a pillar -message_size_limit = 41943040 From ce1c234023ad608c80198f9144467a0dfa3c7107 Mon Sep 17 00:00:00 2001 From: skyler Date: Tue, 19 Aug 2014 18:46:15 -0700 Subject: [PATCH 5/8] Change watch_in to be followed by a list --- postfix/config.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/postfix/config.sls b/postfix/config.sls index b52f270..8e633ca 100644 --- a/postfix/config.sls +++ b/postfix/config.sls @@ -18,7 +18,7 @@ include: - require: - pkg: postfix - watch_in: - service: postfix + - service: postfix - template: jinja - defaults: smtpd_banner: {{ salt['pillar.get']('postfix:smtpd_banner', '$myhostname ESMTP $mail_name (Ubuntu)' )}} From 4237556a6fb39b07114046bbe2d692191ee7b6d4 Mon Sep 17 00:00:00 2001 From: skyler Date: Tue, 19 Aug 2014 19:11:20 -0700 Subject: [PATCH 6/8] Add extra quotes to prevent 'yes' and 'no' from becoming 'True' and 'False' --- pillar.example | 8 ++++---- postfix/config.sls | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pillar.example b/pillar.example index cc42a19..d3070f6 100644 --- a/pillar.example +++ b/pillar.example @@ -1,14 +1,14 @@ postfix: smtpd_banner: $myhostname ESMTP $mail_name (Ubuntu) - biff: no + biff: "'no'" - append_dot_mydomain: no + append_dot_mydomain: "'no'" - readme_directory: no + readme_directory: "'no'" smtpd_tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key - smtpd_use_tls: yes + smtpd_use_tls: "'yes'" smtpd_tls_session_cache_database: btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database: btree:${data_directory}/smtp_scache diff --git a/postfix/config.sls b/postfix/config.sls index 8e633ca..7b3287a 100644 --- a/postfix/config.sls +++ b/postfix/config.sls @@ -22,15 +22,15 @@ include: - template: jinja - defaults: smtpd_banner: {{ salt['pillar.get']('postfix:smtpd_banner', '$myhostname ESMTP $mail_name (Ubuntu)' )}} - biff: {{ salt['pillar.get']('postfix:biff', 'no' )}} + biff: {{ salt['pillar.get']('postfix:biff', "'no'" )}} - append_dot_mydomain: {{ salt['pillar.get']('postfix:append_dot_mydomain', 'no' )}} + append_dot_mydomain: {{ salt['pillar.get']('postfix:append_dot_mydomain', "'no'" )}} - readme_directory: {{ salt['pillar.get']('postfix:readme_directory', 'no' )}} + readme_directory: {{ salt['pillar.get']('postfix:readme_directory', "'no'" )}} smtpd_tls_cert_file: {{ salt['pillar.get']('postfix:smtpd_tls_cert_file', '/etc/ssl/certs/ssl-cert-snakeoil.pem' )}} smtpd_tls_key_file: {{ salt['pillar.get']('postfix:smtpd_tls_key_file', '/etc/ssl/private/ssl-cert-snakeoil.key' )}} - smtpd_use_tls: {{ salt['pillar.get']('postfix:smtpd_use_tls', 'yes' )}} + smtpd_use_tls: {{ salt['pillar.get']('postfix:smtpd_use_tls', "'yes'" )}} smtpd_tls_session_cache_database: {{ salt['pillar.get']('postfix:smtpd_tls_session_cache_database', 'btree:${data_directory}/smtpd_scache' )}} smtp_tls_session_cache_database: {{ salt['pillar.get']('postfix:smtp_tls_session_cache_database', 'btree:${data_directory}/smtp_scache' )}} From 844de7cf5759fa4c9057fae933ed9035ec9d1b70 Mon Sep 17 00:00:00 2001 From: skyler Date: Tue, 19 Aug 2014 19:12:20 -0700 Subject: [PATCH 7/8] Remove Ubuntu specific defaults --- pillar.example | 2 +- postfix/config.sls | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pillar.example b/pillar.example index d3070f6..21a526d 100644 --- a/pillar.example +++ b/pillar.example @@ -1,5 +1,5 @@ postfix: - smtpd_banner: $myhostname ESMTP $mail_name (Ubuntu) + smtpd_banner: $myhostname ESMTP $mail_name biff: "'no'" append_dot_mydomain: "'no'" diff --git a/postfix/config.sls b/postfix/config.sls index 7b3287a..8fa2c6a 100644 --- a/postfix/config.sls +++ b/postfix/config.sls @@ -21,7 +21,7 @@ include: - service: postfix - template: jinja - defaults: - smtpd_banner: {{ salt['pillar.get']('postfix:smtpd_banner', '$myhostname ESMTP $mail_name (Ubuntu)' )}} + smtpd_banner: {{ salt['pillar.get']('postfix:smtpd_banner', '$myhostname ESMTP $mail_name' )}} biff: {{ salt['pillar.get']('postfix:biff', "'no'" )}} append_dot_mydomain: {{ salt['pillar.get']('postfix:append_dot_mydomain', "'no'" )}} From 6286442d75cfd3ae3e6d531d647007f79688b0d8 Mon Sep 17 00:00:00 2001 From: skyler Date: Tue, 19 Aug 2014 19:14:45 -0700 Subject: [PATCH 8/8] Use grains in pillar.example --- pillar.example | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pillar.example b/pillar.example index 21a526d..fd34add 100644 --- a/pillar.example +++ b/pillar.example @@ -12,10 +12,10 @@ postfix: smtpd_tls_session_cache_database: btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database: btree:${data_directory}/smtp_scache - myhostname: localhost + myhostname: {{ grains['fqdn'] }} alias_maps: hash:/etc/aliases alias_database: hash:/etc/aliases - mydestination: localhost, localhost.localdomain, , localhost + mydestination: {{ grains['fqdn'] }}, localhost.localdomain, {{ grains['domain'] }} relayhost: mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit: 0