# Postfix configuration:
# Global configurations
+postfix::alias_maps: "hash:/etc/postfix/maps/aliases ldap:/etc/postfix/ldap/alias.cf"
+postfix::inet_interfaces: 'all'
+postfix::manage_mailx: false
+postfix::mastercf_source: 'puppet:///postfix_dir/master.cf'
+postfix::myorigin: 'pixelpark.com'
+
+#infra::profile::postfix::config_directory: '/etc/postfix'
infra::profile::postfix::aliases_file: '/etc/postfix/maps/aliases'
infra::profile::postfix::aliases_source: 'puppet:///postfix_dir/maps/aliases'
+#infra::profile::postfix::myorigin: "%{hiera('postfix::myorigin')}"
+#infra::profile::postfix::relayhost: ~
+#infra::profile::postfix::tls: true
+#infra::profile::postfix::tls_cert: ~
+#infra::profile::postfix::tls_key: ~
+#infra::profile::postfix::tls_chain: ~
+#infra::profile::postfix::tls_loglevel: 1
+#infra::profile::postfix::tls_received_header: true
+#infra::profile::postfix::tls_security_level: 'may'
+#infra::profile::postfix::tls_auth_only: false
+#infra::profile::postfix::cert_servername: 'wildcard.pixelpark.com'
+#infra::profile::postfix::cert_customer: 'pixelpark'
+infra::profile::postfix::has_map_smtp_tls_peers: true
+#infra::profile::postfix::map_smtp_tls_peers: '/etc/postfix/maps/smtp-tls-peers'
+infra::profile::postfix::is_relay: true
+#infra::profile::postfix::unverified_recipient_reject_code: '550'
+#infra::profile::postfix::transport_maps_source: ~
+#infra::profile::postfix::virtual_aliases_source: ~
+infra::profile::postfix::has_default_generic: false
+#infra::profile::postfix::virtual_regex: ~
-ldap_server: 'ldap.pixelpark.com'
-ldap_port: '389'
-ldap_timeout: '5'
-ldap_search_base: 'o=isp'
-#ldap_bind_dn: 'uid=Solaris_NSS,ou=Unix NSS,ou=Applications,o=pixelpark,o=isp'
-#ldap_bind_pw: >
-# ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw
-# DQYJKoZIhvcNAQEBBQAEggEAiDDL0RGJsOj7Nz9hIkqiDi5/EcFW/GBCzjGP
-# P2QLHG79sX4peUhlw6nNk9Krtzh9G283pvg0ldJ9EOaC+6r6CMxe0V0K0AQ+
-# pcFbn/W1Vi/rrjvjeweZGpIqBaYatMzNI4KlJmKTgUeq26E48RIXkyagd+gm
-# d4QHk1+KsrTBytvbdIKcpWgnfUJx8Q10QiYIQHyRHyXRRtUEgNERMiKZsxRt
-# zGyo1O0XXsYJ23+qnqawrV25whwFgDv9A16eXqFm/3bVP0JBgWKN+u5f+3Fc
-# cN+gbU7zWDyfgjkoll7VXt1ciTmtl3zvqP/WPInPqab5vcR+MSDD+J7XYqp/
-# P1KyqTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBBQH0PgyfGgShdRw3s
-# SPGwgBBpfrJXgOfQa21UINdzHMjR]
-ldap_bind_dn: 'cn=admin'
-ldap_bind_pw: >
+#infra::profile::postfix::ldap_server: 'ldap.pixelpark.com'
+#infra::profile::postfix::ldap_port: '389'
+#infra::profile::postfix::ldap_timeout: '5'
+#infra::profile::postfix::ldap_search_base: 'o=isp'
+#infra::profile::postfix::ldap_bind_dn: 'cn=admin'
+infra::profile::postfix::ldap_bind_pw: >
ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw
DQYJKoZIhvcNAQEBBQAEggEAkGouEnyjTBA40/lpw1BEHsDx2b2I3L2HHnm9
U9gHYhz1BrPTsyCklW8CC3BiE0W9NRS0Rod+cm6M+7OMzciXbgQMFO6Ko98V
EPXIdDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD/aCWYpB6KwUIcLp1T
EKskgBArkfXhMZNEUfrTvFILs4Ig]
-postfix::alias_maps: "hash:/etc/postfix/maps/aliases ldap:/etc/postfix/ldap/alias.cf"
-postfix::inet_interfaces: 'all'
-postfix::manage_mailx: false
-postfix::mastercf_source: 'puppet:///postfix_dir/master.cf'
-postfix::myorigin: 'pixelpark.com'
-
-# Main.cf config entries
-infra::profile::postfix::configs:
- address_verify_map:
- ensure: 'absent'
- alias_database:
- value: 'hash:/etc/postfix/maps/aliases'
- append_dot_mydomain:
- value: 'no'
- biff:
- value: 'no'
- broken_sasl_auth_clients:
- value: 'yes'
- command_directory:
- ensure: 'absent'
- daemon_directory:
- ensure: 'absent'
- data_directory:
- ensure: 'absent'
- debug_peer_level:
- ensure: 'absent'
- debugger_command:
- ensure: 'absent'
- hash_queue_depth:
- value: '3'
- html_directory:
- ensure: 'absent'
- inet_protocols:
- value: 'all'
- lmtp_tls_loglevel:
- value: '1'
- mail_owner:
- ensure: 'absent'
- mailbox_size_limit:
- value: '0'
- manpage_directory:
- ensure: 'absent'
- masquerade_domains:
- value: 'hash:/etc/postfix/maps/masquerade_domains'
- maximal_queue_lifetime:
- value: '10d'
- message_size_limit:
- value: '358400000'
- mydestination:
- value: '$myhostname, localhost.$mydomain, localhost'
- mydomain:
- value: 'pixelpark.com'
- myhostname:
- value: "%{::fqdn}"
- mynetworks:
- value: 'cidr:/etc/postfix/maps/my-networks'
- queue_directory:
- ensure: 'absent'
- readme_directory:
- value: '/usr/share/doc/postfix'
- recipient_canonical_maps:
- value: 'hash:/etc/postfix/maps/canonical-recipients ldap:/etc/postfix/ldap/mailroutingaddress.cf'
- recipient_delimiter:
- value: '+'
- relay_domains:
- value: 'hash:/etc/postfix/maps/relay_domains'
- relayhost:
- ensure: 'blank'
- sample_directory:
- ensure: 'absent'
- sender_dependent_default_transport_maps:
- ensure: 'absent'
- sender_dependent_relayhost_maps:
- ensure: 'absent'
- setgid_group:
- ensure: 'absent'
- smtp_generic_maps:
- ensure: 'absent'
- smtp_sasl_auth_enable:
- ensure: 'absent'
- smtp_tls_cert_file:
- value: '/etc/postfix/ssl/wildcard.pixelpark.com-cert.pem'
- smtp_tls_enforce_peername:
- value: 'no'
- smtp_tls_key_file:
- value: '$smtp_tls_cert_file'
- smtp_tls_loglevel:
- value: '1'
- smtp_tls_note_starttls_offer:
- ensure: 'absent'
- smtp_tls_per_site:
- value: 'hash:/etc/postfix/maps/smtp-tls-peers'
- smtp_tls_policy_maps:
- ensure: 'absent'
- smtp_tls_session_cache_database:
- value: 'btree:${data_directory}/smtp_scache'
- smtp_use_tls:
- value: 'yes'
- smtpd_banner:
- value: '$myhostname ESMTP $mail_name $mail_version'
- smtpd_client_restrictions:
- ensure: 'absent'
- smtpd_recipient_restrictions:
- ensure: 'absent'
- smtpd_relay_restrictions:
- value: "check_client_access hash:/etc/postfix/maps/access_client, check_recipient_access hash:/etc/postfix/maps/access_recipient, check_sender_access hash:/etc/postfix/maps/access_sender, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_invalid_helo_hostname, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_unauth_destination, reject_unauth_destination, reject_unverified_recipient, permit"
- smtpd_sasl_auth_enable:
- value: 'yes'
- smtpd_sasl_authenticated_header:
- value: 'yes'
- smtpd_sasl_local_domain:
- ensure: 'absent'
- smtpd_sender_restrictions:
- ensure: 'absent'
- smtpd_tls_CAfile:
- ensure: 'absent'
- smtpd_tls_auth_only:
- ensure: 'absent'
- smtpd_tls_cert_file:
- value: '$smtp_tls_cert_file'
- smtpd_tls_key_file:
- value: '$smtp_tls_cert_file'
- smtpd_tls_loglevel:
- value: '1'
- smtpd_tls_received_header:
- value: 'yes'
- smtpd_tls_session_cache_database:
- value: 'btree:${data_directory}/smtpd_scache'
- smtpd_tls_session_cache_timeout:
- ensure: 'absent'
- tls_random_prng_update_period:
- ensure: 'absent'
- tls_random_source:
- ensure: 'absent'
- smtpd_use_tls:
- value: 'yes'
- transport_maps:
- value: 'hash:/etc/postfix/maps/discarded_domains hash:/etc/postfix/maps/transport ldap:/etc/postfix/ldap/mailhost.cf'
- unknown_local_recipient_reject_code:
- ensure: 'absent'
- unverified_recipient_reject_code:
- value: '550'
- virtual_alias_maps:
- value: 'pcre:/etc/postfix/maps/virtual-regex hash:/etc/postfix/maps/virtual-aliases'
-
-# All postfix hash databases
-infra::profile::postfix::hashes:
- '/etc/postfix/maps/access_client':
- ensure: 'present'
- source: 'puppet:///postfix_dir/maps/access_client'
- '/etc/postfix/maps/access_recipient':
- ensure: 'present'
- source: 'puppet:///postfix_dir/maps/access_recipient'
- '/etc/postfix/maps/access_sender':
- ensure: 'present'
- source: 'puppet:///postfix_dir/maps/access_sender'
- '/etc/postfix/maps/discarded_domains':
- ensure: 'present'
- source: 'puppet:///postfix_dir/maps/discarded_domains'
- '/etc/postfix/maps/masquerade_domains':
- ensure: 'present'
- source: 'puppet:///postfix_dir/maps/masquerade_domains'
- '/etc/postfix/maps/relay_domains':
- ensure: 'present'
- source: 'puppet:///postfix_dir/maps/relay_domains'
- '/etc/postfix/maps/smtp-tls-peers':
- ensure: 'present'
- source: 'puppet:///postfix_dir/maps/smtp-tls-peers'
- '/etc/postfix/maps/transport':
- ensure: 'present'
- source: 'puppet:///postfix_dir/maps/transport'
- '/etc/postfix/maps/canonical-recipients':
- ensure: 'present'
- source: 'puppet:///postfix_dir/maps/canonical-recipients'
- '/etc/postfix/maps/virtual-aliases':
- ensure: 'present'
- source: 'puppet:///postfix_dir/maps/virtual-aliases'
-
-# All other postfix configuration files
-infra::profile::postfix::conffiles:
- my-networks:
- ensure: 'present'
- path: '/etc/postfix/maps/my-networks'
- source: 'puppet:///postfix_dir/maps/my-networks'
- virtual-regex:
- ensure: 'present'
- path: '/etc/postfix/maps/virtual-regex'
- source: 'puppet:///postfix_dir/maps/virtual-regex'
- ldap-alias:
- ensure: 'present'
- path: '/etc/postfix/ldap/alias.cf'
- options:
- server_host: "%{hiera('ldap_server')}"
- server_port: "%{hiera('ldap_port')}"
- timeout: "%{hiera('ldap_timeout')}"
- search_base: "%{hiera('ldap_search_base')}"
- query_filter: '(mailAlternateAddress=%u@pixelpark.com)'
- result_attribute: 'mail'
- bind: 'yes'
- bind_dn: "%{hiera('ldap_bind_dn')}"
- bind_pw: "%{hiera('ldap_bind_pw')}"
- ldap-mailhost:
- ensure: 'present'
- path: '/etc/postfix/ldap/mailhost.cf'
- options:
- server_host: "%{hiera('ldap_server')}"
- server_port: "%{hiera('ldap_port')}"
- timeout: "%{hiera('ldap_timeout')}"
- search_base: "%{hiera('ldap_search_base')}"
- query_filter: '(&(objectclass=inetLocalMailRecipient)(|(mail=%s)(mailAlternateAddress=%s)(mailEquivalentAddress=%s))(|(inetMailGroupStatus=active)(mailUserStatus=active)(mailUserStatus=hold)))'
- result_attribute: 'mailhost'
- result_format: 'smtp:[%s]'
- bind: 'yes'
- bind_dn: "%{hiera('ldap_bind_dn')}"
- bind_pw: "%{hiera('ldap_bind_pw')}"
- ldap-mailroutingaddress:
- ensure: 'present'
- path: '/etc/postfix/ldap/mailroutingaddress.cf'
- options:
- server_host: "%{hiera('ldap_server')}"
- server_port: "%{hiera('ldap_port')}"
- timeout: "%{hiera('ldap_timeout')}"
- search_base: "%{hiera('ldap_search_base')}"
- query_filter: '(&(objectclass=inetLocalMailRecipient)(|(mail=%s)(mailAlternateAddress=%s)(mailEquivalentAddress=%s))(|(inetMailGroupStatus=active)(mailUserStatus=active)(mailUserStatus=hold)))'
- result_attribute: 'mailroutingaddress'
- bind: 'yes'
- bind_dn: "%{hiera('ldap_bind_dn')}"
- bind_pw: "%{hiera('ldap_bind_pw')}"
projects / pixelpark / hiera.git / commitdiff