saltstack-formulas/postfix-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e40c589cd5
postfix-formula/postfix/services.jinja
Andreas Thienemann b6b7ab4cca Allow for full managed master.cf services 
Currently master.cf only allows for _very_ limited configuration
options mainly focussed on SMTP submission settings.

This is rather limited and does not scale very well for managing
the other services defined in master.cf.

This patch has moved all the service definitions into a jinja file
and generates the master.cf service definition on the fly based on
these defaults.

Defaults can be overridden in a pillar to customize the rendered
master.cf file accordingly to local needs.
Undefined values will be filled with the postfix defaults.

Care has been taken that the previous ways of managing the submission
configuration options are still supported for backwards compatibility
to prevent breakage for existing users of the formula.
2018-03-11 19:22:12 +01:00

262 lines
5.9 KiB
Django/Jinja
Raw Blame History

{#-
# Default Postfix master processes as defined by postfix
#
# The dictionary is keyed off the service name ("smtp", "smtpd", etc.) except
# for the few cases the service name is repeated to illustrate alternative
# options in the file.
# In such a case the second entry has a unique identifier appended, e.g.
# "smtp-unix". The 'service' attribute is used to provide the service name
# that will be rendered by jinja thus overriding the usual key to prevent
# clashes.
-#}
{% set postfix_master_services_defaults = {
'smtp': {
'type': 'inet',
'private': False,
'chroot': False,
'command': 'smtpd'
},
'smtp-postscreen': {
'service': 'smtp',
'enable': False,
'type': 'inet',
'maxproc': 1,
'private': False,
'chroot': False,
'command': 'postscreen'
},
'smtpd': {
'enable': False,
'type': 'pass',
'chroot': False
},
'dnsblog': {
'maxproc': 0,
'enable': False,
'type': 'unix',
'chroot': False
},
'tlsproxy': {
'maxproc': 0,
'enable': False,
'type': 'unix',
'chroot': False
},
'submission': {
'chroot': False,
'command': 'smtpd',
'enable': False,
'args': [
'-o syslog_name=postfix/submission',
'-o smtpd_tls_security_level=encrypt',
'-o smtpd_sasl_auth_enable=yes',
'-o smtpd_reject_unlisted_recipient=no',
'-o smtpd_client_restrictions=$mua_client_restrictions',
'-o smtpd_helo_restrictions=$mua_helo_restrictions',
'-o smtpd_sender_restrictions=$mua_sender_restrictions',
'-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject',
'-o milter_macro_daemon_name=ORIGINATING'
],
'type': 'inet',
'private': False
},
'smtps': {
'chroot': False,
'command': 'smtpd',
'enable': False,
'args': [
'-o syslog_name=postfix/smtps',
'-o smtpd_tls_wrappermode=yes',
'-o smtpd_sasl_auth_enable=yes',
'-o smtpd_reject_unlisted_recipient=no',
'-o smtpd_client_restrictions=$mua_client_restrictions',
'-o smtpd_helo_restrictions=$mua_helo_restrictions',
'-o smtpd_sender_restrictions=$mua_sender_restrictions',
'-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject',
'-o milter_macro_daemon_name=ORIGINATING'
],
'type': 'inet',
'private': False
},
'628': {
'enable': False,
'command': 'qmqpd',
'type': 'inet',
'chroot': False,
'private': False
},
'pickup': {
'maxproc': 1,
'chroot': False,
'wakeup': 60,
'type': 'unix',
'private': False,
},
'cleanup': {
'maxproc': 0,
'chroot': False,
'type': 'unix',
'private': False
},
'qmgr': {
'chroot': False,
'private': False,
'maxproc': 1,
'wakeup': 300,
'type': 'unix'
},
'qmgr-oqmgr': {
'service': 'qmgr',
'chroot': False,
'private': False,
'maxproc': 1,
'enable': False,
'command': 'oqmgr',
'wakeup': 300,
'type': 'unix'
},
'tlsmgr': {
'wakeup': '1000?',
'chroot': False,
'type': 'unix',
'maxproc': 1
},
'rewrite': {
'type': 'unix',
'chroot': False,
'command': 'trivial-rewrite'
},
'bounce': {
'maxproc': 0,
'chroot': False,
'type': 'unix'
},
'defer': {
'maxproc': 0,
'chroot': False,
'type': 'unix',
'command': 'bounce'
},
'trace': {
'maxproc': 0,
'chroot': False,
'type': 'unix',
'command': 'bounce'
},
'smtp-unix': {
'service': 'smtp',
'chroot': False,
'type': 'unix',
'command': 'smtp'
},
'verify': {
'maxproc': 1,
'chroot': False,
'type': 'unix'
},
'flush': {
'maxproc': 0,
'chroot': False,
'wakeup': '1000?',
'type': 'unix',
'private': False
},
'proxymap': {
'chroot': False,
'type': 'unix'
},
'proxywrite': {
'maxproc': 1,
'chroot': False,
'type': 'unix',
'command': 'proxymap'
},
'relay': {
'type': 'unix',
'chroot': False,
'args': [
'# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5'
],
'command': 'smtp'
},
'showq': {
'chroot': False,
'type': 'unix',
'private': False
},
'error': {
'chroot': False,
'type': 'unix'
},
'retry': {
'type': 'unix',
'chroot': False,
'command': 'error'
},
'discard': {
'chroot': False,
'type': 'unix'
},
'local': {
'unpriv': False,
'chroot': False,
'type': 'unix'
},
'virtual': {
'unpriv': False,
'chroot': False,
'type': 'unix'
},
'lmtp': {
'chroot': False,
'type': 'unix'
},
'anvil': {
'maxproc': 1,
'chroot': False,
'type': 'unix'
},
'scache': {
'maxproc': 1,
'chroot': False,
'type': 'unix'
}
} %}
{# Service order inside the master.cf file #}
{% set postfix_master_services_order = [
'smtp',
'smtp-postscreen',
'smtpd',
'dnsblog',
'tlsproxy',
'submission',
'smtps',
'628',
'pickup',
'cleanup',
'qmgr',
'qmgr-oqmgr',
'tlsmgr',
'rewrite',
'bounce',
'defer',
'trace',
'verify',
'flush',
'proxymap',
'proxywrite',
'smtp-unix',
'relay',
'showq',
'error',
'retry',
'discard',
'local',
'virtual',
'lmtp',
'anvil',
'scache'
] %}
Reference in New Issue View Git Blame Copy Permalink