diff --git a/postfix/aliases b/postfix/aliases new file mode 100644 index 0000000..d02055c --- /dev/null +++ b/postfix/aliases @@ -0,0 +1,3 @@ +# Managed by config management +# See man 5 aliases for format +{{pillar['postfix']['aliases']}} diff --git a/postfix/init.sls b/postfix/init.sls index 754b795..d154361 100644 --- a/postfix/init.sls +++ b/postfix/init.sls @@ -5,3 +5,57 @@ postfix: - enable: True - require: - pkg: postfix + - watch: + - pkg: postfix + - file: /etc/postfix/main.cf + +# postfix main configuration file +/etc/postfix/main.cf: + file.managed: + - source: salt://postfix/main.cf + - user: root + - group: root + - mode: 644 + - template: jinja + - require: + - pkg: postfix + +# manage /etc/aliases if data found in pillar +{% if 'aliases' in pillar.get('postfix', '') %} +/etc/aliases: + file.managed: + - source: salt://postfix/aliases + - user: root + - group: root + - mode: 644 + - template: jinja + - require: + - pkg: postfix + +run-newaliases: + cmd.wait: + - name: newaliases + - cwd: / + - watch: + - file: /etc/aliases +{% endif %} + +# manage /etc/postfix/virtual if data found in pillar +{% if 'virtual' in pillar.get('postfix', '') %} +/etc/postfix/virtual: + file.managed: + - source: salt://postfix/virtual + - user: root + - group: root + - mode: 644 + - template: jinja + - require: + - pkg: postfix + +run-postmap: + cmd.wait: + - name: /usr/sbin/postmap /etc/postfix/virtual + - cwd: / + - watch: + - file: /etc/postfix/virtual +{% endif %} diff --git a/postfix/iptables-input.sls b/postfix/iptables-input.sls new file mode 100644 index 0000000..a51434f --- /dev/null +++ b/postfix/iptables-input.sls @@ -0,0 +1,24 @@ +smtp.input: + iptables.chain_present: + - + +smtp.iptables.tcp: + iptables.insert: + - table: filter + - position: 1 + - chain: smtp.input + - jump: ACCEPT + - match: state + - connstate: NEW,ESTABLISHED + - dport: 25 + - proto: tcp + - save: True + +smtp.iptables.filter: + iptables.insert: + - table: filter + - position: 1 + - chain: INPUT + - jump: smtp.input + - save: True + diff --git a/postfix/main.cf b/postfix/main.cf new file mode 100644 index 0000000..d2885db --- /dev/null +++ b/postfix/main.cf @@ -0,0 +1,45 @@ +# Managed by config management +# See /usr/share/postfix/main.cf.dist for a commented, more complete version + +# Debian specific: Specifying a file name will cause the first +# line of that file to be used as the name. The Debian default +# is /etc/mailname. +#myorigin = /etc/mailname + +smtpd_banner = $myhostname ESMTP $mail_name +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# TLS parameters +smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem +smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key +smtpd_use_tls=yes +smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache +smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache + +# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for +# information on enabling SSL in the smtp client. + +myhostname = {{ grains['fqdn'] }} +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases +mydestination = {{ grains['fqdn'] }}, localhost, {{ grains['domain'] }} +relayhost = +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +mailbox_size_limit = 0 +recipient_delimiter = + +inet_interfaces = all + +{% if 'virtual' in pillar.get('postfix','') %} +virtual_alias_maps = hash:/etc/postfix/virtual +{% endif %} + +#TODO: move into a pillar +message_size_limit = 41943040 diff --git a/postfix/virtual b/postfix/virtual new file mode 100644 index 0000000..e26b401 --- /dev/null +++ b/postfix/virtual @@ -0,0 +1,2 @@ +# Managed by config management +{{pillar['postfix']['virtual']}}