feat(maps): adds tls_policy map for smtp delivery

Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com>

pillar.example

@@ -156,6 +156,7 @@ postfix:
     smtp_use_tls: 'yes'
     smtp_tls_cert_file: /etc/postfix/ssl/example.com-relay-client-cert.crt
     smtp_tls_key_file: /etc/postfix/ssl/example.com-relay-client-cert.key
+    smtp_tls_policy_maps: hash:/etc/postfix/tls_policy
 
     smtp_sasl_password_maps: hash:/etc/postfix/sasl_passwd
     sender_canonical_maps: hash:/etc/postfix/sender_canonical
@@ -165,6 +166,10 @@ postfix:
   transport:
     DOMAIN_NAME: ':[IP_ADDRESS]'
 
+  tls_policy:
+    example.com: encrypt
+    .example.com: encrypt
+
   vmail:
     user: postfix_user
     password: DB_PASSWD

postfix/config.sls

@@ -101,6 +101,27 @@ run-postmap:
       - file: {{ postfix.config_path }}/transport
 {% endif %}
 
+{% if 'tls_policy' in pillar.get('postfix', '') %}
+{{ postfix.config_path }}/tls_policy:
+  file.managed:
+    - source: salt://postfix/files/tls_policy
+    - user: root
+    - group: {{ postfix.root_grp }}
+    - mode: 644
+    - require:
+      - pkg: postfix
+    - watch_in:
+      - service: postfix
+    - template: jinja
+
+run-postmap-tls-policy:
+  cmd.wait:
+    - name: {{ postfix.xbin_prefix }}/sbin/postmap {{ postfix.config_path }}/tls_policy
+    - cwd: /
+    - watch:
+      - file: {{ postfix.config_path }}/tls_policy
+{% endif %}
+
 {%- for domain in salt['pillar.get']('postfix:certificates', {}).keys() %}
 
 postfix_{{ domain }}_ssl_certificate:

postfix/files/tls_policy

@@ -0,0 +1,17 @@
+#
+# This file is managed by salt
+#
+
+{% set config = salt['pillar.get']('postfix:tls_policy', {}) -%}
+{% macro set_parameter(parameter, default=None) -%}
+{% set value = config.get(parameter, default) -%}
+{% if value is not none -%}
+{{ parameter }} {{ value }}
+{% endif -%}
+{% endmacro -%}
+
+{# Accept arbitrary parameters -#}
+{% for parameter in config -%}
+{{ set_parameter(parameter) }}
+{% endfor -%}
+