{%- from "postfix/map.jinja" import postfix with context -%} {%- set master_config = salt['pillar.get']('postfix:master_config', {}) -%} {%- from "postfix/services.jinja" import postfix_master_services_defaults, postfix_master_services_order -%} {#- # Handle the case that the pillar data does not provide any service # configuration but submission parameters are provided in the pillar.. # This is important for backwards compatibility with sites that are using # the previous enable_submission pillar settings. -#} {%- set additional_services = {} -%} {%- if master_config.get('enable_submission', False) and not salt[ 'pillar.get']('postfix:master_config:services:submission', False) -%} {%- do additional_services.update({'submission': {'chroot': False, 'command': 'smtpd', 'enable': True, 'type': 'inet', 'args': [], 'private': False}}) -%} {%- if master_config.get('submission', False) -%} {%- for parameter, value in master_config.get('submission', {}).items() -%} {%- if value is number or value is string -%} {%- do additional_services['submission']['args'].append('-o %s=%s' % ( parameter, value)) -%} {%- elif value is iterable -%} {%- do additional_services['submission']['args'].append('-o %s=%s' % ( parameter, ', '.join(value))) -%} {%- endif -%} {%- endfor -%} {%- else -%} {%- do additional_services[ 'submission']['args'].extend(['# -o syslog_name=postfix/submission', '-o smtpd_tls_security_level=encrypt', '-o smtpd_sasl_auth_enable=yes', '# -o smtpd_reject_unlisted_recipient=no', '# -o smtpd_client_restrictions=$mua_client_restrictions', '# -o smtpd_helo_restrictions=$mua_helo_restrictions', '# -o smtpd_sender_restrictions=$mua_sender_restrictions', '# -o smtpd_recipient_restrictions=', '# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject', '# -o milter_macro_daemon_name=ORIGINATING' ]) -%} {%- endif -%} {%- endif -%} {#- Format the postfix service parameters correctly -#} {%- macro service_param(service, service_name, parameter_name, default='-') -%} {#- Fetch the value from the passed service dictionary or fall back to the # service defaults by chaining .get() commands. #} {%- set value = service.get(parameter_name, postfix_master_services_defaults[service_name].get( parameter_name, default)) -%} {%- if value is sameas false -%} n {%- elif value is sameas true -%} y {%- elif value is number or value is string -%} {{ value }} {%- else -%} - {%- endif -%} {%- endmacro -%} # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== {%- for service_name in postfix_master_services_order %} {#- Try to get the service configuration from the pillar if present. # Next try if the service has been dynamically configured and is present in # the additional_services dictionary. # If absent, fall back to the defaults provided in services.jinja -#} {%- set service = salt['pillar.get']('postfix:master_config:services:%s' % ( service_name,), additional_services.get(service_name, postfix_master_services_defaults[service_name])) -%} {%- if service.get('enable', True) -%} {%- set comment = '' -%} {%- else -%} {%- set comment = '#' -%} {%- endif %} {{ "%s%-9s %-5s %-7s %-7s %-7s %-7s %-7s %s" | format(comment, service_param(service, service_name, 'service', service_name), service_param(service, service_name, 'type'), service_param(service, service_name, 'private'), service_param(service, service_name, 'unpriv'), service_param(service, service_name, 'chroot'), service_param(service, service_name, 'wakeup'), service_param(service, service_name, 'maxproc'), service_param(service, service_name, 'command', service_name)) -}} {%- if service.args is not none -%} {%- for option in service.get('args', postfix_master_services_defaults[ service_name].get('args', [])) -%} {%- if option.startswith('#') %} {{ option }} {%- else %} {{ comment }} {{ option }} {%- endif %} {%- endfor %} {%- endif %} {%- endfor %} # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # #maildrop unix - n n - - pipe # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # #uucp unix - n n - - pipe # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # ==================================================================== # # Other external delivery methods. # #ifmail unix - n n - - pipe # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) # #bsmtp unix - n n - - pipe # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient # #scalemail-backend unix - n n - 2 pipe # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store # ${nexthop} ${user} ${extension} # #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} {%- if salt['pillar.get']('postfix:policyd-spf:enabled', False) %} policy-spf unix - n n - - spawn user=nobody argv={{ xbin_prefix }}/bin/policyd-spf {%- endif %} {%- if master_config.get('enable_dovecot', False) -%} {%- set dovecot = master_config.get('dovecot', {} )%} dovecot unix - n n - - pipe flags={{ dovecot.get('flags', 'DRhu') }} user={{ dovecot.get('user', 'vmail') }}:{{ dovecot.get('group', 'vmail') }} argv={{ dovecot.get('argv', postfix.dovecot_deliver) ~ ' -d ${recipient}' }} {% endif -%}