feat(maps): adds tls_policy map for smtp delivery

Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com>
This commit is contained in:
Felipe Zipitria 2020-05-12 15:34:24 -03:00
parent 51b269e2c3
commit d87da4adc4
3 changed files with 43 additions and 0 deletions

View File

@ -156,6 +156,7 @@ postfix:
smtp_use_tls: 'yes'
smtp_tls_cert_file: /etc/postfix/ssl/example.com-relay-client-cert.crt
smtp_tls_key_file: /etc/postfix/ssl/example.com-relay-client-cert.key
smtp_tls_policy_maps: hash:/etc/postfix/tls_policy
smtp_sasl_password_maps: hash:/etc/postfix/sasl_passwd
sender_canonical_maps: hash:/etc/postfix/sender_canonical
@ -165,6 +166,10 @@ postfix:
transport:
DOMAIN_NAME: ':[IP_ADDRESS]'
tls_policy:
example.com: encrypt
.example.com: encrypt
vmail:
user: postfix_user
password: DB_PASSWD

View File

@ -101,6 +101,27 @@ run-postmap:
- file: {{ postfix.config_path }}/transport
{% endif %}
{% if 'tls_policy' in pillar.get('postfix', '') %}
{{ postfix.config_path }}/tls_policy:
file.managed:
- source: salt://postfix/files/tls_policy
- user: root
- group: {{ postfix.root_grp }}
- mode: 644
- require:
- pkg: postfix
- watch_in:
- service: postfix
- template: jinja
run-postmap-tls-policy:
cmd.wait:
- name: {{ postfix.xbin_prefix }}/sbin/postmap {{ postfix.config_path }}/tls_policy
- cwd: /
- watch:
- file: {{ postfix.config_path }}/tls_policy
{% endif %}
{%- for domain in salt['pillar.get']('postfix:certificates', {}).keys() %}
postfix_{{ domain }}_ssl_certificate:

17
postfix/files/tls_policy Normal file
View File

@ -0,0 +1,17 @@
#
# This file is managed by salt
#
{% set config = salt['pillar.get']('postfix:tls_policy', {}) -%}
{% macro set_parameter(parameter, default=None) -%}
{% set value = config.get(parameter, default) -%}
{% if value is not none -%}
{{ parameter }} {{ value }}
{% endif -%}
{% endmacro -%}
{# Accept arbitrary parameters -#}
{% for parameter in config -%}
{{ set_parameter(parameter) }}
{% endfor -%}