Merge pull request #105 from Perceptyx/add-tls-poliy-map

feat(maps): adds tls_policy map for smtp delivery
This commit is contained in:
Imran Iqbal 2020-05-23 14:38:44 +01:00 committed by GitHub
commit e61eb5a685
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 43 additions and 0 deletions

View File

@ -156,6 +156,7 @@ postfix:
smtp_use_tls: 'yes'
smtp_tls_cert_file: /etc/postfix/ssl/example.com-relay-client-cert.crt
smtp_tls_key_file: /etc/postfix/ssl/example.com-relay-client-cert.key
smtp_tls_policy_maps: hash:/etc/postfix/tls_policy
smtp_sasl_password_maps: hash:/etc/postfix/sasl_passwd
sender_canonical_maps: hash:/etc/postfix/sender_canonical
@ -165,6 +166,10 @@ postfix:
transport:
DOMAIN_NAME: ':[IP_ADDRESS]'
tls_policy:
example.com: encrypt
.example.com: encrypt
vmail:
user: postfix_user
password: DB_PASSWD

View File

@ -101,6 +101,27 @@ run-postmap:
- file: {{ postfix.config_path }}/transport
{% endif %}
{% if 'tls_policy' in pillar.get('postfix', '') %}
{{ postfix.config_path }}/tls_policy:
file.managed:
- source: salt://postfix/files/tls_policy
- user: root
- group: {{ postfix.root_grp }}
- mode: 644
- require:
- pkg: postfix
- watch_in:
- service: postfix
- template: jinja
run-postmap-tls-policy:
cmd.wait:
- name: {{ postfix.xbin_prefix }}/sbin/postmap {{ postfix.config_path }}/tls_policy
- cwd: /
- watch:
- file: {{ postfix.config_path }}/tls_policy
{% endif %}
{%- for domain in salt['pillar.get']('postfix:certificates', {}).keys() %}
postfix_{{ domain }}_ssl_certificate:

17
postfix/files/tls_policy Normal file
View File

@ -0,0 +1,17 @@
#
# This file is managed by salt
#
{% set config = salt['pillar.get']('postfix:tls_policy', {}) -%}
{% macro set_parameter(parameter, default=None) -%}
{% set value = config.get(parameter, default) -%}
{% if value is not none -%}
{{ parameter }} {{ value }}
{% endif -%}
{% endmacro -%}
{# Accept arbitrary parameters -#}
{% for parameter in config -%}
{{ set_parameter(parameter) }}
{% endfor -%}