From 1fa5b49a10f0cb17b605f6cba561374ea0b34e70 Mon Sep 17 00:00:00 2001
From: "David J. M. Karlsen" <david@davidkarlsen.com>
Date: Wed, 23 Apr 2014 21:02:09 +0200
Subject: [PATCH 1/5] extend template, shamelessly stolen from:
 http://russell.ballestrini.net/postfix-salt-state-formula/

---
 postfix/aliases  |  3 +++
 postfix/init.sls | 54 ++++++++++++++++++++++++++++++++++++++++++++++++
 postfix/main.cf  | 43 ++++++++++++++++++++++++++++++++++++++
 postfix/virtual  |  2 ++
 4 files changed, 102 insertions(+)
 create mode 100644 postfix/aliases
 create mode 100644 postfix/main.cf
 create mode 100644 postfix/virtual

diff --git a/postfix/aliases b/postfix/aliases
new file mode 100644
index 0000000..d02055c
--- /dev/null
+++ b/postfix/aliases
@@ -0,0 +1,3 @@
+# Managed by config management
+# See man 5 aliases for format
+{{pillar['postfix']['aliases']}}
diff --git a/postfix/init.sls b/postfix/init.sls
index 754b795..d154361 100644
--- a/postfix/init.sls
+++ b/postfix/init.sls
@@ -5,3 +5,57 @@ postfix:
     - enable: True
     - require:
       - pkg: postfix
+    - watch:
+      - pkg: postfix
+      - file: /etc/postfix/main.cf
+
+# postfix main configuration file
+/etc/postfix/main.cf:
+  file.managed:
+    - source: salt://postfix/main.cf
+    - user: root
+    - group: root
+    - mode: 644
+    - template: jinja
+    - require:
+      - pkg: postfix
+
+# manage /etc/aliases if data found in pillar
+{% if 'aliases' in pillar.get('postfix', '') %}
+/etc/aliases:
+  file.managed:
+    - source: salt://postfix/aliases
+    - user: root
+    - group: root
+    - mode: 644
+    - template: jinja
+    - require:
+      - pkg: postfix
+
+run-newaliases:
+  cmd.wait:
+    - name: newaliases
+    - cwd: /
+    - watch:
+      - file: /etc/aliases
+{% endif %}
+
+# manage /etc/postfix/virtual if data found in pillar
+{% if 'virtual' in pillar.get('postfix', '') %}
+/etc/postfix/virtual:
+  file.managed:
+    - source: salt://postfix/virtual
+    - user: root
+    - group: root
+    - mode: 644
+    - template: jinja
+    - require:
+      - pkg: postfix
+
+run-postmap:
+  cmd.wait:
+    - name: /usr/sbin/postmap /etc/postfix/virtual
+    - cwd: /
+    - watch:
+      - file: /etc/postfix/virtual
+{% endif %}
diff --git a/postfix/main.cf b/postfix/main.cf
new file mode 100644
index 0000000..acdfda4
--- /dev/null
+++ b/postfix/main.cf
@@ -0,0 +1,43 @@
+# Managed by config management
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = {{ grains['fqdn'] }}
+alias_maps = hash:/etc/aliases   
+alias_database = hash:/etc/aliases
+mydestination = {{ grains['fqdn'] }}, localhost
+relayhost = 
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+
+{% if 'virtual' in pillar.get('postfix','') %}
+virtual_alias_maps = hash:/etc/postfix/virtual
+{% endif %}
+
diff --git a/postfix/virtual b/postfix/virtual
new file mode 100644
index 0000000..e26b401
--- /dev/null
+++ b/postfix/virtual
@@ -0,0 +1,2 @@
+# Managed by config management
+{{pillar['postfix']['virtual']}}

From 58012cdc3594fcb5874bb030a843ffb446d65dcd Mon Sep 17 00:00:00 2001
From: "David J. M. Karlsen" <david@davidkarlsen.com>
Date: Wed, 23 Apr 2014 21:06:36 +0200
Subject: [PATCH 2/5] relay for the domain

---
 postfix/main.cf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/postfix/main.cf b/postfix/main.cf
index acdfda4..49ed281 100644
--- a/postfix/main.cf
+++ b/postfix/main.cf
@@ -30,7 +30,7 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 myhostname = {{ grains['fqdn'] }}
 alias_maps = hash:/etc/aliases   
 alias_database = hash:/etc/aliases
-mydestination = {{ grains['fqdn'] }}, localhost
+mydestination = {{ grains['fqdn'] }}, localhost, {{ grains['domain'] }}
 relayhost = 
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 mailbox_size_limit = 0

From 102e666a35452cf60469d1196c87b97e37dcc678 Mon Sep 17 00:00:00 2001
From: "David J. M. Karlsen" <david@davidkarlsen.com>
Date: Wed, 23 Apr 2014 21:50:54 +0200
Subject: [PATCH 3/5] add inbound iptables rule

---
 postfix/iptables-input.sls | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 postfix/iptables-input.sls

diff --git a/postfix/iptables-input.sls b/postfix/iptables-input.sls
new file mode 100644
index 0000000..9510c6c
--- /dev/null
+++ b/postfix/iptables-input.sls
@@ -0,0 +1,24 @@
+smtp.input:
+  iptables.chain_present:
+    -
+
+tcp:
+  iptables.insert:
+    - table: filter
+    - position: 1
+    - chain: smtp.input
+    - jump: ACCEPT
+    - match: state
+    - connstate: NEW,ESTABLISHED
+    - dport: 25
+    - proto: tcp
+    - save: True
+
+filter:
+  iptables.insert:
+    - table: filter
+    - position: 1
+    - chain: INPUT
+    - jump: smtp.input
+    - save: True
+

From c7e986e12e77a21a51407ed39085ddcc79af35a0 Mon Sep 17 00:00:00 2001
From: "David J. M. Karlsen" <david@davidkarlsen.com>
Date: Wed, 23 Apr 2014 21:55:01 +0200
Subject: [PATCH 4/5] have unique names

---
 postfix/iptables-input.sls | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/postfix/iptables-input.sls b/postfix/iptables-input.sls
index 9510c6c..a51434f 100644
--- a/postfix/iptables-input.sls
+++ b/postfix/iptables-input.sls
@@ -2,7 +2,7 @@ smtp.input:
   iptables.chain_present:
     -
 
-tcp:
+smtp.iptables.tcp:
   iptables.insert:
     - table: filter
     - position: 1
@@ -14,7 +14,7 @@ tcp:
     - proto: tcp
     - save: True
 
-filter:
+smtp.iptables.filter:
   iptables.insert:
     - table: filter
     - position: 1

From d9bd389dd3f7212bb30d7e6e78ac0e2abede742c Mon Sep 17 00:00:00 2001
From: david <david@davidkarlsen.com>
Date: Thu, 12 Jun 2014 20:27:18 +0200
Subject: [PATCH 5/5] increas message size limit

---
 postfix/main.cf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/postfix/main.cf b/postfix/main.cf
index 49ed281..d2885db 100644
--- a/postfix/main.cf
+++ b/postfix/main.cf
@@ -41,3 +41,5 @@ inet_interfaces = all
 virtual_alias_maps = hash:/etc/postfix/virtual
 {% endif %}
 
+#TODO: move into a pillar
+message_size_limit = 41943040