WMDE
/
wmdeit-cf-wmdelib
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: WMDE:65e67911664f0ff692404690fa73effa32897976
Branches Tags
WMDE:main
...
compare: WMDE:64a7f9dcf7f93bf2ef7c8abf8a4c67b8537aadae
Branches Tags
WMDE:main

9 Commits
65e6791166 ... 64a7f9dcf7

Author SHA1 Message Date
Tobias Herre 64a7f9dcf7 Initial commit 2023-10-21 22:08:35 +02:00
Tobias Herre 6e2bd788bf Removed report 2023-10-21 22:07:39 +02:00
Tobias Herre ab817d8683 Inital commit 2023-10-20 20:05:23 +02:00
Tobias Herre 55164ab076 Inmitial commit 2023-10-20 20:04:16 +02:00
Tobias Herre 5a9e0b6735 Uses generic function to create mysql backup 2023-10-20 20:03:00 +02:00
Tobias Herre 743f75a929 Fixed file permissions 2023-10-20 20:02:18 +02:00
Tobias Herre ab6d740b09 Better name for mysql-dump cron jobs 2023-10-20 20:01:42 +02:00
Tobias Herre a82cf69ab4 Does not install submissiond 2023-10-20 20:01:07 +02:00
Tobias Herre 4c0a473bb2 Installs mod proxy 2023-10-20 20:00:35 +02:00
13 changed files with 2363 additions and 4 deletions
Show Stats Expand all files Collapse all files

2
apache.cf
View File

@ -61,6 +61,8 @@ vars:
"modules" data => '[
{m:"php",f:"libphp8.2"},
{m:"ssl",f:"mod_ssl"},
{m:"proxy",f:"mod_proxy"},
{m:"proxy_fcgi",f:"mod_proxy_fcgi"}
]';

2
dovecot.cf
View File

@ -28,7 +28,7 @@ vars:
"dovecot-core",
"dovecot-mysql",
"dovecot-managesieved",
"dovecot-submissiond",
# "dovecot-submissiond",
"dovecot-lmtpd",
"dovecot-imapd",
"dovecot-pop3d"

4
mysql.cf
View File

@ -149,11 +149,11 @@ vars:
files:
!create_cron::
"/etc/cron.d/$(cfg[db_name])"
"/etc/cron.d/dump-mysql-db-$(cfg[db_name])"
delete=>tidy;
create_cron::
"/etc/cron.d/$(cfg[db_name])"
"/etc/cron.d/dump-mysql-db-$(cfg[db_name])"
perms => m("644"),
create => "true",
content => "

217
postfix.cf Normal file
View File

@ -0,0 +1,217 @@
#
#
#
bundle agent postfix(cfg)
{
vars:
freebsd::
"pkgs" slist => {
"postfix-sasl",
};
"db_dir" string => "/var/db";
"service_name" string => "postfix";
"cfg_dir" string => "/usr/local/etc/postfix";
"master_cf" string => "/usr/local/etc/postfix/master.cf";
"main_cf" string => "/usr/local/etc/postfix/main.cf";
"mailer_conf" string => "/usr/local/etc/mail/mailer.conf";
"mail_group" string => "maildrop";
"daemon_dir" string => "/usr/local/libexec/postfix";
"queue_dir" string => "/var/spool/postfix";
"bin_dir" string => "/usr/local/bin";
"sbin_dir" string => "/usr/local/sbin";
"user" string => "postfix";
"group" string => "wheel";
"mail_owner" string => "postfix";
debian::
"pkgs" slist => {
"postfix",
"postfix-mysql"
};
"service_name" string => "postfix";
"cfg_dir" string => "/etc/postfix";
"master_cf" string => "/etc/postfix/master.cf";
"main_cf" string => "/etc/postfix/main.cf";
"mailer_conf" string => "/usr/local/etc/mail/mailer.conf";
"mail_group" string => "postdrop";
"daemon_dir" string => "/usr/lib/postfix/sbin";
"bin_dir" string => "/usr/bin";
"sbin_dir" string => "/usr/sbin";
"queue_dir" string => "/var/spool/postfix";
"db_dir" string => "/var/db";
"user" string => "postfix";
"group" string => "postfix";
"mail_owner" string => "postfix";
"postmap_cmd" string => "/usr/sbin/postmap";
any::
"data_dir" string => "$(db_dir)/postfix";
users:
debian::
"$(postfix.user)"
policy => "present",
groups_secondary => { "mail","sasl" },
classes => if_repaired(postfix_repaired);
methods:
"any" usebundle => wmde_install_packages(@(pkgs),"postfix");
"any" usebundle => wmde_service("$(service_name)","postfix_kept","postfix_repaired"),
depends_on => {
"postfix_pkgs_installed",
"postfix_master_cfg_ready",
"postfix_main_cfg_ready"
};
files:
"$(postfix.cfg_dir)/."
create => "true",
perms => m(755);
"$(postfix.db_dir)/."
create => "true",
perms => mog("755","root","root"),
handle => "postfix_db_dir_created";
"$(postfix.data_dir)/."
create => "true",
depends_on => {"postfix_db_dir_created"},
perms => mog("750","$(postfix.user)","$(postfix.group)");
"$(postfix.main_cf)"
classes => if_repaired(postfix_repaired),
create => "true",
perms => m("644"),
template_method => "mustache",
handle => "postfix_main_cfg_ready",
depends_on => {"postfix_pkgs_installed"},
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/postfix-main.cf.mustache";
vars:
"master_cf_content" string => string_mustache(
readfile("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/postfix-master.cf.mustache")
),
handle => "master_cf_content_ready";
files:
"$(postfix.master_cf)"
create => "true",
depends_on => {"postfix_pkgs_installed","master_cf_content_ready"},
handle => "postfix_master_cfg_ready",
perms => m("644"),
classes => if_repaired(postfix_repaired),
# content => "$(master_cf_content)";
content => regex_replace("$(master_cf_content)", "\\\\dollar", "$", "g");
# "$(postfix.master_cf)"
# create => "true",
# template_method => "mustache",
# depends_on => {"postfix_pkgs_installed"},
# handle => "postfix_master_cfg_ready",
# classes => if_repaired(postfix_repaired),
# edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/postfix-master.cf.mustache";
reports:
}
bundle agent install_postfix
{
services:
"$(postfix.service_name)"
depends_on => {"postfix_installed"},
service_policy => "start",
handle => "postfix_running";
"postfix_changed"::
"$(postfix.service_name)"
service_policy => "restart",
depends_on => {"postfix_installed","postfix_running"};
packages:
freebsd::
"$(postfix.pkgs)"
policy => "present",
package_module => pkg,
classes => if_repaired(postfix_changed),
handle=>"postfix_installed";
debian::
"$(postfix.pkgs)"
policy => "present",
package_module => apt_get,
classes => if_repaired(postfix_changed),
handle=>"postfix_installed";
#perms => uperm("$(postfix.user)","$(postfix.group)","750");
reports:
"postfix_installed"::
"Postfix was installed";
}
body perms m_rxdirs_on(mode)
{
inherit_from => m( $(mode) );
rxdirs => "true";
}
bundle agent postfix_vimbadmin_sql(cfg)
{
vars:
"file[virtual_alias_maps]" string =>"query = SELECT goto FROM alias WHERE address = '%s' AND active = '1'";
"file[virtual_domains_maps]" string => "query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'";
"file[virtual_mailbox_maps]" string => "query = SELECT maildir FROM mailbox WHERE username = '%s' AND active = '1'";
# "file[relay_domains]" string => "query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'";
# "file[relay_recipient_maps]" string => "query = SELECT maildir FROM mailbox WHERE username = '%s' AND active = '1'";
"idx" slist => getindices("file");
"sql_dir" string => "$(postfix.cfg_dir)/sql";
"$(idx)" string => "$(sql_dir)/$(idx).sql";
files:
"$(sql_dir)/."
create => "true",
perms => m("755");
"$(sql_dir)/$(idx).sql"
create=>"true",
perms=>m("644"),
content=>"
user = $(cfg[db_user])
password = $(cfg[db_pass])
hosts = $(cfg[db_host])
dbname = $(cfg[db_name])
$(file[$(idx)])
";
reports:
}
bundle agent postfix_copy_tsv(src_dir,dst_dir,file)
{
classes:
"run_postmap" expression => fileexists("$(dst_dir)/$(file).db");
files:
"$(dst_dir)/$(file).tsv"
copy_from => sync_cp("$(src_dir)/$(file).tsv","$(sys.policy_hub)"),
classes => if_repaired(run_postmap); #"postfix_$(file)_changed");
commands:
run_postmap::
"$(postfix.postmap_cmd)"
args => "$(dst_dir)/$(file).tsv";
reports:
}

1
roundcube.cf
View File

@ -74,7 +74,6 @@ commands:
methods:
run_backups::
# "any" usebundle => mysql_backup_db(@(cfg),"$(cfg[backup_dir])/roundcube.sql");
"any" usebundle => create_mysql_backup_cron_job(@(cfg),"$(cfg[backup_dir])/roundcube.sql","users","true");
!run_backups::
"any" usebundle => create_mysql_backup_cron_job(@(cfg),"$(cfg[backup_dir])/roundcube.sql","users","false");

498
sympa.cf Normal file
View File

@ -0,0 +1,498 @@
#
#
#
bundle agent sympa
{
classes:
"sympa_b";
vars:
debian&sympa_b::
"lib_dir" string => "/usr/lib/sympa";
"var_lib_dir" string => "/var/lib/sympa";
"share_dir" string => "/usr/share/sympa";
"conf_dir" string => "/etc/sympa";
"sympa_conf" string => "$(conf_dir)/sympa/sympa.conf";
"service_name" string => "sympa";
"wwservice_name" string => "wwsympa";
"wwsympa_socket" string => "/var/run/sympa/wwsympa.socket";
"sympa_pl_cmd" string => "/usr/bin/sympa";
"pkgs" slist => {
"sympa"
};
debian&sympa_s::
"install_dir" string => "/usr/local/sympa";
"queue_cmd" string => "$(install_dir)/bin/queue";
"bouncequeue_cmd" string => "$(install_dir)/bin/bouncequeue";
"static_content_dir" string => "$(install_dir)/static_content";
"css_dir" string => "$(static_content_dir)/css";
"pictures_dir" string => "$(static_content_dir)/pictures";
any::
"queue_cmd" string => "$(lib_dir)/bin/queue";
"bouncequeue_cmd" string => "$(lib_dir)/bin/bouncequeue";
"static_content_dir" string => "$(share_dir)/static_content";
"pictures_dir" string => "$(static_content_dir)/pictures";
"css_dir" string => "$(var_lib_dir)/css";
"sendmail_aliases" string => "$(conf_dir)/sympa_transport";
"postfix_master_cfg" string => readfile("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/sympa/postfix-master-cfg.mustache");
"apache_cfg" string =>
"
<IfModule mod_proxy_fcgi.c>
Alias /css-sympa $(sympa.css_dir)
Alias /pictures-sympa $(sympa.pictures_dir)
Alias /static-sympa $(sympa.static_content_dir)
<Directory $(sympa.static_content_dir)>
Require all granted
</Directory>
<Directory $(sympa.css_dir)>
Require all granted
</Directory>
<Directory $(sympa.pictures_dir)>
Require all granted
</Directory>
<LocationMatch \\\"^/(?!.*-sympa)\\\">
SetHandler \\\"proxy:unix:$(sympa.wwsympa_socket)|fcgi://\\\"
Require all granted
</LocationMatch>
</IfModule>
";
reports:
# "MUSTACHE: $(postfix_master_cfg_m)";
# "RF: $(sys.workdir)/inputs/$(wmde_lib)/templates/sympa-postfix-master-cfg.mustache";
}
bundle agent sympa_init_db(cfg)
{
classes:
"run_backups" expression => isvariable("cfg[backup_dir]");
run_backups::
"sql_backup_exists" expression => fileexists("$(cfg[backup_dir])/sympa.sql");
methods:
"any" usebundle => mysql_table_exists(@(cfg[db_settings]),"user_table");
run_backups::
"any" usebundle => restore_mysql_db(@(cfg[db_settings]),"$(cfg[backup_dir])/sympa.sql"),
depends_on => {"sympa_config_updated"},
if => "sql_backup_exists&(!mysql_sympa_user_table_exists)",
handle => "sympa_db_initialized";
commands:
"!mysql_sympa_user_table_exists"::
"$(sympa.sympa_pl_cmd)"
args => "--health_check",
handle => "sympa_db_initialized",
depends_on => {"sympa_config_updated"};
}
bundle agent sympa_create_postfix_maps
{
classes:
"sympa_run_postmap" expression => not(fileexists("$(sympa.sendmail_aliases).db"));
files:
"$(sympa.sendmail_aliases)"
create => "true",
classes => if_repaired("sympa_run_postmap"),
perms => mog("644","sympa","sympa"),
handle => "sympa_sendmail_aliases_created";
"$(sympa.conf_dir)/list_aliases.tt2"
create => "true",
copy_from => local_dcp("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/sympa/list_aliases.tt2.mustache"),
perms => mog("644","sympa","sympa");
commands:
"sympa_run_postmap"::
"$(postfix.postmap_cmd)"
args => "$(sympa.sendmail_aliases)",
classes => if_repaired("postfix_repaired"),
depends_on => {"sympa_sendmail_aliases_created"};
reports:
"create maps";
"sympa_sendmail_aliases_repaired"::
"POSTMAP CALL";
}
bundle agent sympa_postfix_sql(cfg)
{
vars:
"file[sympa_virtual_mailbox_maps]" string => "query = SELECT 'present' FROM list_table WHERE name_list='%u'
or name_list = replace('%u', '-request', '')
or name_list = replace('%u', '-editor', '')
or name_list = replace('%u', '-subscribe', '')
or name_list = replace('%u', '-unsubscribe', '')
";
"idx" slist => getindices("file");
"sql_dir" string => "$(postfix.cfg_dir)/sql";
"$(idx)" string => "$(sql_dir)/$(idx).sql";
files:
"$(sql_dir)/."
create => "true",
perms => m("755");
"$(sql_dir)/$(idx).sql"
create=>"true",
perms=>m("644"),
content=>"
user = $(cfg[db_user])
password = $(cfg[db_pass])
hosts = $(cfg[db_host])
dbname = $(cfg[db_name])
$(file[$(idx)])
";
reports:
}
bundle agent sympa_update_config(cfg)
{
vars:
"default_settings" data => '{
"aliases_db_type":"hash",
"aliases_program":"$(postfix.postmap_cmd)",
"sendmail_aliases":"$(sympa.sendmail_aliases)",
"db_type":"$(cfg[db_settings][db_type])",
"db_name":"$(cfg[db_settings][db_name])",
"db_host":"$(cfg[db_settings][db_host])",
"db_passwd":"$(cfg[db_settings][db_pass])",
"db_user":"$(cfg[db_settings][db_user])"
}';
"settings_data" data => mergedata(@(default_settings),@(cfg[settings]));
"idx" slist => getindices(@(settings_data));
"settings[$(idx)]" string => "$(settings_data[$(idx)])";
files:
"$(sympa.sympa_conf)"
edit_line => set_config_values("$(this.bundle).settings"),
handle => "sympa_config_updated",
classes => if_repaired("sympa_repaired"),
depends_on => { "sympa_pkgs_installed" };
reports:
}
bundle agent install_sympa_domain(domain,data)
{
vars:
"default_settings" data => '{
}';
"settings_data" data => mergedata(@(default_settings),@(data[settings]));
"idx" slist => getindices(@(settings_data));
"settings[$(idx)]" string => "$(settings_data[$(idx)])";
"settings[domain]" string => "$(domain)";
files:
"$(sympa.conf_dir)/$(domain)/."
create => "true",
perms => m("755");
"$(sympa.conf_dir)/$(domain)/robot.conf"
perms => m("644"),
copy_from => seed_cp("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/sympa/robot.conf"),
handle => "sympa_robot_$(domain)_ready";
"$(sympa.conf_dir)/$(domain)/robot.conf"
create => "true",
perms => m("644"), #"sympa","sympa"),
edit_line => set_config_values("$(this.bundle).settings"),
handle => "sympa_robots_created",
classes => if_repaired("sympa_repaired"),
depends_on => { "sympa_pkgs_installed","sympa_robot_$(domain)_ready" };
reports:
# "INSTALL DOMAIN $(domain)";
# "WWSYMuRL:$(data[settings][wwsympa_url])";
# "OUT: $(settings)";
# "JO: $(jo)";
}
bundle agent install_sympa_domains(dl)
{
vars:
"idx" slist => getindices(@(dl));
methods:
"any" usebundle => install_sympa_domain("$(idx)",@(dl[$(idx)]));
reports:
}
bundle agent install_sympa(cfg)
{
vars:
# "cfg_domains" data => @(cfg[domains]);
"domains_idx" slist => getindices(@(cfg[domains]));
# "cfg_domains" slist => {"a","b","c"};
methods:
"any" usebundle => wmde_install_packages(@(sympa.pkgs),"sympa");
"any" usebundle => sympa_update_config(@(cfg));
"any" usebundle => sympa_init_db(@(cfg));
"any" usebundle => wmde_service("$(sympa.service_name)","sympa_kept","sympa_repaired"),
depends_on => {
"sympa_pkgs_installed",
"sympa_config_updated"
};
"any" usebundle => wmde_service("$(sympa.wwservice_name)","sympa_kept","sympa_repaired"),
depends_on => {
"sympa_pkgs_installed",
"sympa_config_updated",
"sympa_robots_created"
};
# "any" usebundle => install_sympa_domain("@(cfg[domains][$(domains_idx)])");
"any" usebundle => install_sympa_domains(@(cfg[domains2]));
reports:
# "IDX $(domains_idx)";
# "DOMCONF: $(cfg[$(idx)])";
}
bundle agent install_sympa_src(cfg)
{
classes:
"run_backups" expression => isvariable("cfg[backup_dir]");
run_backups::
"sql_backup_exists" expression => fileexists("$(cfg[backup_dir])/sympa.sql");
methods:
"any" usebundle => mysql_table_exists(@(cfg),"user_table");
"run_backups&sql_backup_exists&(!mysql_sympa_user_table_exists)"::
"any" usebundle => restore_mysql_db(@(cfg),"$(cfg[backup_dir])/sympa.sql");
vars:
debian::
"pkgs" slist => {
"clang",
"gcc",
"make",
"mhonarc",
"libdbd-mysql-perl",
"spawn-fcgi",
"libdbd-mysql-perl",
"libdatetime-format-mail-perl",
"libmime-encwords-perl",
"libmime-lite-html-perl",
"cpanminus"
};
"cfg_file" string => "/etc/sympa/sympa.conf";
"log_file" string => "/var/log/sympa.log";
"syslog_cfg" string => "/etc/rsyslog.d/sympa.conf";
"syslog_service" string => "rsyslog";
freebsd::
"pkgs" slist => {};
"cfg_file" string => "/usr/local/etc/sympa/sympa.conf";
"log_file" string => "/var/log/sympa.log";
"syslog_cfg" string => "/etc/syslog.d/sympa.conf";
"syslog_service" string => "syslogd";
any::
"src_tgz" string => "sympa-$(cfg[version]).tar.gz";
"extract_dir" string => "$(sys.workdir)/data/agent/sympa";
"compile_dir" string => "$(extract_dir)/sympa-$(cfg[version])";
"configure_options" string => "--prefix $(sympa.install_dir)";
"sympa_pl_cmd" string => "$(sympa.install_dir)/bin/sympa.pl";
classes:
"compile_and_install" expression => not(fileexists("$(compile_dir)/installed.txt"));
commands:
'if grep -q sympa /etc/group ; then echo "+sympa_group_exists"; else echo "-sympa_group_exists" ; fi'
module => "true",
inform => "false",
contain => wmde_cmd_useshell;
debian&(!sympa_group_exists)::
"/usr/sbin/groupadd"
args => "sympa",
handle => "sympa_group_created";
debian&sympa_group_exists::
"/usr/bin/true"
inform => "false",
handle => "sympa_group_created";
methods:
"any" usebundle => wmde_install_packages(@(pkgs),"sympabuild");
files:
"$(extract_dir)/."
create => "true",
handle => "sympa_extract_dir_created";
users:
"sympa"
policy => "present",
description => "Sympa System",
home_dir => "$(sympa.install_dir)",
group_primary => "sympa",
depends_on => {"sympa_group_created"},
shell => "/bin/bash";
methods:
"any" usebundle => download_and_untar (
"sympa",
"$(def.hub_public_dir)/$(src_tgz)",
"$(sys.workdir)/data/public/$(src_tgz)",
"$(extract_dir)",
"$(compile_dir)/configure"
),
depends_on => {"sympabuild_pkgs_installed","sympa_extract_dir_created"},
handle => "sympa_downloaded";
commands:
compile_and_install::
"cd $(compile_dir) && ./configure $(configure_options) && make && make install && cpanm --installdeps --with-recommends -n . && touch installed.txt"
contain => wmde_cmd_useshell,
depends_on => {"sympa_downloaded"},
handle => "sympa_installed";
!compile_and_install::
"/usr/bin/true"
inform => "false",
handle => "sympa_installed";
vars:
"settings[domain]" string => "$(cfg[domain])";
"settings[listmaster]" string => "$(cfg[listmaster])";
"settings[db_type]" string => "$(cfg[db_type])";
"settings[db_host]" string => "$(cfg[db_host])";
"settings[db_user]" string => "$(cfg[db_user])";
"settings[db_passwd]" string => "$(cfg[db_pass])";
"settings[wwsympa_url]" string => "$(cfg[wwsympa_url])";
"settings[listmaster]" string => "$(cfg[listmaster])";
"settings[sendmail_aliases]" string=> "$(cfg[sendmail_aliases])";
"settings[aliases_program]" string=> "$(cfg[aliases_program])";
files:
"$(cfg_file)"
edit_line => set_config_values("$(this.bundle).settings"),
handle => "sympa_config_edited_old",
classes => if_repaired("sympa_config_changed"),
depends_on => { "sympa_installed" };
commands:
"sympa_config_changed|(!mysql_sympa_user_table_exists)"::
"$(sympa.sympa_pl_cmd)"
args => "--health_check",
depends_on => {"sympa_config_edited_old"};
# Sympa Logs
files:
"$(log_file)"
create=>"true",
perms=>m("644");
"$(syslog_cfg)"
create=>"true",
content=>"local1.* -/var/log/sympa.log
",
handle => "sympa_syslog_cfg_ready",
classes => if_repaired("sympa_syslog_cfg_repaired");
services:
sympa_syslog_cfg_repaired::
"$(syslog_service)"
depends_on => {"sympa_syslog_cfg_ready"},
service_policy=>"restart";
# Configure Backup stuff
files:
run_backups::
"$(cfg[backup_dir])/."
create => "true";
methods:
run_backups::
"any" usebundle => create_mysql_backup_cron_job(@(cfg),"$(cfg[backup_dir])/sympa.sql","user_table","true");
!run_backups::
"any" usebundle => create_mysql_backup_cron_job(@(cfg),"$(cfg[backup_dir])/sympa.sql","user_table","false");
reports:
}

776
templates/opendkim.conf.mustache Normal file
View File

@ -0,0 +1,776 @@
#
# Managed by CFengine
#
#
##
## opendkim.conf -- configuration file for OpenDKIM filter
##
## Copyright (c) 2010-2015, The Trusted Domain Project. All rights reserved.
##
##
## For settings that refer to a "dataset", see the opendkim(8) man page.
##
## DEPRECATED CONFIGURATION OPTIONS
##
## The following configuration options are no longer valid. They should be
## removed from your existing configuration file to prevent potential issues.
## Failure to do so may result in opendkim being unable to start.
##
## Removed in 2.10.0:
## AddAllSignatureResults
## ADSPAction
## ADSPNoSuchDomain
## BogusPolicy
## DisableADSP
## LDAPSoftStart
## LocalADSP
## NoDiscardableMailTo
## On-PolicyError
## SendADSPReports
## UnprotectedPolicy
## CONFIGURATION OPTIONS
## AllowSHA1Only { yes | no }
## default "no"
##
## By default, the filter will refuse to start if support for SHA256 is
## not available since this violates the strong recommendations of
## RFC6376 Section 3.3, which says:
##
## "Verifiers MUST implement both rsa-sha1 and rsa-sha256. Signers MUST
## implement and SHOULD sign using rsa-sha256."
##
## This forces that violation to be explicitly selected by the administrator.
# AllowSHA1Only no
## AlwaysAddARHeader { yes | no }
## default "no"
##
## Add an "Authentication-Results:" header even to unsigned messages
## from domains with no "signs all" policy. The reported DKIM result
## will be "none" in such cases. Normally unsigned mail from non-strict
## domains does not cause the results header to be added.
# AlwaysAddARHeader no
## AuthservID string
## default (local host name)
##
## Defines the "authserv-id" token to be used when generating
## Authentication-Results headers after message verification.
# AuthservID example.com
## AuthservIDWithJobID
## default "no"
##
## Appends a "/" followed by the MTA's job ID to the "authserv-id" token
## when generating Authentication-Results headers after message verification.
# AuthservIDWithJobId no
## AutoRestart { yes | no }
## default "no"
##
## Indicate whether or not the filter should arrange to restart automatically
## if it crashes.
# AutoRestart No
## AutoRestartCount n
## default 0
##
## Sets the maximum automatic restart count. After this number of
## automatic restarts, the filter will give up and terminate. A value of 0
## implies no limit.
# AutoRestartCount 0
## AutoRestartRate n/t[u]
## default (none)
##
## Sets the maximum automatic restart rate. See the opendkim.conf(5)
## man page for the format of this parameter.
# AutoRestartRate n/tu
## Background { yes | no }
## default "yes"
##
## Indicate whether or not the filter should run in the background.
# Background Yes
## BaseDirectory path
## default (none)
##
## Causes the filter to change to the named directory before beginning
## operation. Thus, cores will be dumped here and configuration files
## are read relative to this location.
# BaseDirectory /var/run/opendkim
## BodyLengthDB dataset
## default (none)
##
## A data set that is checked against envelope recipients to see if a
## body length tag should be included in the generated signature.
## This has security implications; see opendkim.conf(5) for details.
# BodyLengthDB dataset
## Canonicalization hdrcanon[/bodycanon]
## default "simple/simple"
##
## Select canonicalizations to use when signing. If the "bodycanon" is
## omitted, "simple" is used. Valid values for each are "simple" and
## "relaxed".
# Canonicalization simple/simple
## ClockDrift n
## default 300
##
## Specify the tolerance range for expired signatures or signatures
## which appear to have timestamps in the future, allowing for clock
## drift.
# ClockDrift 300
## Diagnostics { yes | no }
## default "no"
##
## Specifies whether or not signatures with header diagnostic tags should
## be generated.
# Diagnostics No
## DNSTimeout n
## default 10
##
## Specify the time in seconds to wait for replies from the nameserver when
## requesting keys or signing policies.
# DNSTimeout 10
## Domain dataset
## default (none)
##
## Specify for which domain(s) signing should be done. No default; must
## be specified for signing.
Domain {{#cfg.domains}} {{.}} {{/cfg.domains}}
## DomainKeysCompat { yes | no }
## default "no"
##
## When enabled, backward compatibility with DomainKeys (RFC4870) key
## records is enabled. Otherwise, such key records are considered to be
## syntactically invalid.
# DomainKeysCompat no
## DontSignMailTo dataset
## default (none)
##
## Gives a list of recipient addresses or address patterns whose mail should
## not be signed.
# DontSignMailTo addr1,addr2,...
## EnableCoredumps { yes | no }
## default "no"
##
## On systems which have support for such, requests that the kernel dump
## core even though the process may change user ID during its execution.
# EnableCoredumps no
## ExemptDomains dataset
## default (none)
##
## A data set of domain names that are checked against the message sender's
## domain. If a match is found, the message is ignored by the filter.
# ExemptDomains domain1,domain2,...
## ExternalIgnoreList filename
##
## Names a file from which a list of externally-trusted hosts is read.
## These are hosts which are allowed to send mail through you for signing.
## Automatically contains 127.0.0.1. See man page for file format.
# ExternalIgnoreList filename
## FixCRLF { yes | no }
##
## Requests that the library convert "naked" CR and LF characters to
## CRLFs during canonicalization. The default is "no".
# FixCRLF no
## IgnoreMalformedMail { yes | no }
## default "no"
##
## Silently passes malformed messages without alteration. This includes
## messages that fail the RequiredHeaders check, if enabled. The default is
## to pass those messages but add an Authentication-Results field indicating
## that they were malformed.
# IgnoreMalformedMail no
## InternalHosts dataset
## default "127.0.0.1"
##
## Names a file from which a list of internal hosts is read. These are
## hosts from which mail should be signed rather than verified.
## Automatically contains 127.0.0.1.
#
InternalHosts {{mynetworks_head}} {{#mynetworks_tail}} ,{{.}}{{/mynetworks_tail}}
# InternalHosts dataset
## KeepTemporaryFiles { yes | no }
## default "no"
##
## If set, causes temporary files generated during message signing or
## verifying to be left behind for debugging use. Not for normal operation;
## can fill your disks quite fast on busy systems.
# KeepTemporaryFiles no
## KeyFile filename
## default (none)
##
## Specifies the path to the private key to use when signing. Ignored if
## SigningTable and KeyTable are used. No default; must be specified for
## signing if SigningTable/KeyTable are not in use.
#KeyFile /var/db/dkim/example.private
KeyFile {{cfg.keyfile}}
#/var/db/dkim/example.private
## KeyTable dataset
## default (none)
##
## Defines a table that will be queried to convert key names to
## sets of data of the form (signing domain, signing selector, private key).
## The private key can either contain a PEM-formatted private key,
## a base64-encoded DER format private key, or a path to a file containing
## one of those.
# KeyTable dataset
## LogWhy { yes | no }
## default "no"
##
## If logging is enabled (see Syslog below), issues very detailed logging
## about the logic behind the filter's decision to either sign a message
## or verify it. The logic behind the decision is non-trivial and can be
## confusing to administrators not familiar with its operation. A
## description of how the decision is made can be found in the OPERATIONS
## section of the opendkim(8) man page. This causes a large increase
## in the amount of log data generated for each message, so it should be
## limited to debugging use and not enabled for general operation.
# LogWhy no
## MacroList macro[=value][,...]
##
## Gives a set of MTA-provided macros which should be checked to see
## if the sender has been determined to be a local user and therefore
## whether or not signing should be done. See opendkim.conf(5) for
## more information.
# MacroList foo=bar,baz=blivit
## MaximumHeaders n
##
## Disallow messages whose header blocks are bigger than "n" bytes.
## Intended to detect and block a denial-of-service attack. The default
## is 65536. A value of 0 disables this test.
# MaximumHeaders n
## MaximumSignaturesToVerify n
## (default 3)
##
## Verify no more than "n" signatures on an arriving message.
## A value of 0 means "no limit".
# MaximumSignaturesToVerify n
## MaximumSignedBytes n
##
## Don't sign more than "n" bytes of the message. The default is to
## sign the entire message. Setting this implies "BodyLengths".
# MaximumSignedBytes n
## MilterDebug n
##
## Request a debug level of "n" from the milter library. The default is 0.
# MilterDebug 0
## Minimum n[% | +]
## default 0
##
## Sets a minimum signing volume; one of the following formats:
## n at least n bytes (or the whole message, whichever is less)
## must be signed
## n% at least n% of the message must be signed
## n+ if a length limit was presented in the signature, no more than
## n bytes may have been added
# Minimum n
## MinimumKeyBits n
## default 1024
##
## Causes the library not to accept signatures matching keys made of fewer
## than the specified number of bits, even if they would otherwise pass
## DKIM signing.
# MinimumKeyBits 1024
## Mode [sv]
## default sv
##
## Indicates which mode(s) of operation should be provided. "s" means
## "sign", "v" means "verify".
# Mode sv
## MTA dataset
## default (none)
##
## Specifies a list of MTAs whos mail should always be signed rather than
## verified. The "mtaname" is extracted from the DaemonPortOptions line
## in effect.
# MTA name
## MultipleSignatures { yes | no }
## default no
##
## Allows multiple signatures to be added. If set to "true" and a SigningTable
## is in use, all SigningTable entries that match the candidate message will
## cause a signature to be added. Otherwise, only the first matching
## SigningTable entry will be added, or only the key defined by Domain,
## Selector and KeyFile will be added.
# MultipleSignatures no
## MustBeSigned dataset
## default (none)
##
## Defines a list of headers which, if present on a message, must be
## signed for the signature to be considered acceptable.
# MustBeSigned header1,header2,...
## Nameservers addr1[,addr2[,...]]
## default (none)
##
## Provides a comma-separated list of IP addresses that are to be used when
## doing DNS queries to retrieve DKIM keys, VBR records, etc.
## These override any local defaults built in to the resolver in use, which
## may be defined in /etc/resolv.conf or hard-coded into the software.
# Nameservers addr1,addr2,...
## NoHeaderB { yes | no }
## default "no"
##
## Suppresses addition of "header.b" tags on Authentication-Results
## header fields.
# NoHeaderB no
## OmitHeaders dataset
## default (none)
##
## Specifies a list of headers that should always be omitted when signing.
## Header names should be separated by commas.
# OmitHeaders header1,header2,...
## On-...
##
## Specifies what to do when certain error conditions are encountered.
##
## See opendkim.conf(5) for more information.
# On-Default
# On-BadSignature
# On-DNSError
# On-InternalError
# On-NoSignature
# On-Security
# On-SignatureError
## OversignHeaders dataset
## default (none)
##
## Specifies a set of header fields that should be included in all signature
## header lists (the "h=" tag) once more than the number of times they were
## actually present in the signed message. See opendkim.conf(5) for more
## information.
# OverSignHeaders header1,header2,...
## PeerList dataset
## default (none)
##
## Contains a list of IP addresses, CIDR blocks, hostnames or domain names
## whose mail should be neither signed nor verified by this filter. See man
## page for file format.
# PeerList filename
## PidFile filename
## default (none)
##
## Name of the file where the filter should write its pid before beginning
## normal operations.
# PidFile filename
PidFile {{cfg.pid_file}}
## POPDBFile dataset
## default (none)
##
## Names a database which should be checked for "POP before SMTP" records
## as a form of authentication of users who may be sending mail through
## the MTA for signing. Requires special compilation of the filter.
## See opendkim.conf(5) for more information.
# POPDBFile filename
## Quarantine { yes | no }
## default "no"
##
## Indicates whether or not the filter should arrange to quarantine mail
## which fails verification. Intended for diagnostic use only.
# Quarantine No
## QueryCache { yes | no }
## default "no"
##
## Instructs the DKIM library to maintain its own local cache of keys and
## policies retrieved from DNS, rather than relying on the nameserver for
## caching service. Useful if the nameserver being used by the filter is
## not local. The filter must be compiled with the QUERY_CACHE flag to enable
## this feature, since it adds a library dependency.
# QueryCache No
## RedirectFailuresTo address
## default (none)
##
## Redirects signed messages to the specified address if none of the
## signatures present failed to verify.
# RedirectFailuresTo postmaster@example.com
## RemoveARAll { yes | no }
## default "no"
##
## Remove all Authentication-Results: headers on all arriving mail.
# RemoveARAll No
## RemoveARFrom dataset
## default (none)
##
## Remove all Authentication-Results: headers on all arriving mail that
## claim to have been added by hosts listed in this parameter. The list
## should be comma-separated. Entire domains may be specified by preceding
## the dopmain name by a single dot (".") character.
# RemoveARFrom host1,host2,.domain1,.domain2,...
## RemoveOldSignatures { yes | no }
## default "no"
##
## Remove old signatures on messages, if any, when generating a signature.
# RemoveOldSignatures No
## ReportAddress addr
## default (executing user)@(hostname)
##
## Specifies the sending address to be used on From: headers of outgoing
## failure reports. By default, the e-mail address of the user executing
## the filter is used.
# ReportAddress "DKIM Error Postmaster" <postmaster@example.com>
## ReportBccAddress addr
## default (none)
##
## Specifies additional recipient address(es) to receive outgoing failure
## reports.
# ReportBccAddress postmaster@example.com, john@example.com
## RequiredHeaders { yes | no }
## default no
##
## Rejects messages which don't conform to RFC5322 header count requirements.
# RequiredHeaders No
## RequireSafeKeys { yes | no }
## default yes
##
## Refuses to use key files that appear to have unsafe permissions.
# RequireSafeKeys Yes
## ResignAll { yes | no }
## default no
##
## Where ResignMailTo triggers a re-signing action, this flag indicates
## whether or not all mail should be signed (if set) versus only verified
## mail being signed (if not set).
# ResignAll No
## ResignMailTo dataset
## default (none)
##
## Checks each message recipient against the specified dataset for a
## matching record. The full address is checked in each case, then the
## hostname, then each domain preceded by ".". If there is a match, the
## value returned is presumed to be the name of a key in the KeyTable
## (if defined) to be used to re-sign the message in addition to
## verifying it. If there is a match without a KeyTable, the default key
## is applied.
# ResignMailTo dataset
## ResolverConfiguration string
##
## Passes arbitrary configuration data to the resolver. For the stock UNIX
## resolver, this is ignored; for Unbound, it names a resolv.conf(5)-style
## file that should be read for configuration information.
# ResolverConfiguration string
## ResolverTracing { yes | no }
##
## Requests enabling of resolver trace features, if available. The effect
## of setting this flag depends on how trace features, if any, are implemented
## in the resolver in use. Currently only effective when used with the
## OpenDKIM asynchronous resolver.
# ResolverTracing no
## Selector name
##
## The name of the selector to use when signing. No default; must be
## specified for signing.
Selector {{cfg.selector}}
#my-selector-name
## SenderHeaders dataset
## default (none)
##
## Overrides the default list of headers that will be used to determine
## the sending domain when deciding whether to sign the message and with
## with which key(s). See opendkim.conf(5) for details.
# SenderHeaders From
## SendReports { yes | no }
## default "no"
##
## Specifies whether or not the filter should generate report mail back
## to senders when verification fails and an address for such a purpose
## is provided. See opendkim.conf(5) for details.
# SendReports No
## SignatureAlgorithm signalg
## default "rsa-sha256"
##
## Signature algorithm to use when generating signatures. Must be either
## "rsa-sha1" or "rsa-sha256".
# SignatureAlgorithm rsa-sha256
## SignatureTTL seconds
## default "0"
##
## Specifies the lifetime in seconds of signatures generated by the
## filter. A value of 0 means no expiration time is included in the
## signature.
# SignatureTTL 0
## SignHeaders dataset
## default (none)
##
## Specifies the list of headers which should be included when generating
## signatures. The string should be a comma-separated list of header names.
## See the opendkim.conf(5) man page for more information.
# SignHeaders header1,header2,...
## SigningTable dataset
## default (none)
##
## Defines a dataset that will be queried for the message sender's address
## to determine which private key(s) (if any) should be used to sign the
## message. The sender is determined from the value of the sender
## header fields as described with SenderHeaders above. The key for this
## lookup should be an address or address pattern that matches senders;
## see the opendkim.conf(5) man page for more information. The value
## of the lookup should return the name of a key found in the KeyTable
## that should be used to sign the message. If MultipleSignatures
## is set, all possible lookup keys will be attempted which may result
## in multiple signatures being applied.
# SigningTable filename
## SingleAuthResult { yes | no}
## default "no"
##
## When DomainKeys verification is enabled, multiple Authentication-Results
## will be added, one for DK and one for DKIM. With this enabled, only
## a DKIM result will be reported unless DKIM failed but DK passed, in which
## case only a DK result will be reported.
# SingleAuthResult no
## SMTPURI uri
##
## Specifies a URI (e.g., "smtp://localhost") to which mail should be sent
## via SMTP when notifications are generated.
# Socket smtp://localhost
## Socket socketspec
##
## Names the socket where this filter should listen for milter connections
## from the MTA. Required. Should be in one of these forms:
##
## inet:port@address to listen on a specific interface
## inet:port to listen on all interfaces
## local:/path/to/socket to listen on a UNIX domain socket
# Socket inet:port@localhost
Socket {{cfg..milter_sock}}
## SoftwareHeader { yes | no }
## default "no"
##
## Add a DKIM-Filter header field to messages passing through this filter
## to identify messages it has processed.
# SoftwareHeader no
## StrictHeaders { yes | no }
## default "no"
##
## Requests that the DKIM library refuse to process a message whose
## header fields do not conform to the standards, in particular Section 3.6
## of RFC5322.
# StrictHeaders no
## StrictTestMode { yes | no }
## default "no"
##
## Selects strict CRLF mode during testing (see the "-t" command line
## flag in the opendkim(8) man page). Messages for which all header
## fields and body lines are not CRLF-terminated are considered malformed
## and will produce an error.
# StrictTestMode no
## SubDomains { yes | no }
## default "no"
##
## Sign for subdomains as well?
# SubDomains No
## Syslog { yes | no }
## default "yes"
##
## Log informational and error activity to syslog?
Syslog Yes
## SyslogFacility facility
## default "mail"
##
## Valid values are :
## auth cron daemon kern lpr mail news security syslog user uucp
## local0 local1 local2 local3 local4 local5 local6 local7
##
## syslog facility to be used
# SyslogFacility mail
## SyslogSuccess { yes | no }
## default "no"
##
## Log success activity to syslog?
# SyslogSuccess No
## TemporaryDirectory path
## default /tmp
##
## Specifies which directory will be used for creating temporary files
## during message processing.
# TemporaryDirectory /tmp
## TestPublicKeys filename
## default (none)
##
## Names a file from which public keys should be read. Intended for use
## only during automated testing.
# TestPublicKeys /tmp/testkeys
## TrustAnchorFile filename
## default (none)
##
## Specifies a file from which trust anchor data should be read when doing
## DNS queries and applying the DNSSEC protocol. See the Unbound documentation
## at http://unbound.net for the expected format of this file.
# TrustAnchorFile /var/named/trustanchor
## UMask mask
## default (none)
##
## Change the process umask for file creation to the specified value.
## The system has its own default which will be used (usually 022).
## See the umask(2) man page for more information.
# UMask 022
#UMask 022
# UnboundConfigFile /var/named/unbound.conf
## Userid userid
## default (none)
##
## Change to user "userid" before starting normal operation? May include
## a group ID as well, separated from the userid by a colon.
UserID {{cfg.uid }}:{{cfg.gid}}

709
templates/postfix-main.cf.mustache Normal file
View File

@ -0,0 +1,709 @@
#
# Managed by CFEngine
#
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
#
# TIP: use the command "postconf -n" to view main.cf parameter
# settings, "postconf parametername" to view a specific parameter,
# and "postconf 'parametername=value'" to set a specific parameter.
#
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
# COMPATIBILITY
#
# The compatibility_level determines what default settings Postfix
# will use for main.cf and master.cf settings. These defaults will
# change over time.
#
# To avoid breaking things, Postfix will use backwards-compatible
# default settings and log where it uses those old backwards-compatible
# default settings, until the system administrator has determined
# if any backwards-compatible default settings need to be made
# permanent in main.cf or master.cf.
#
# When this review is complete, update the compatibility_level setting
# below as recommended in the RELEASE_NOTES file.
#
# The level below is what should be used with new (not upgrade) installs.
#
#compatibility_level = 3.4
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = {{vars.postfix.queue_dir}}
# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = {{vars.postfix.sbin_dir}}
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
daemon_directory = {{vars.postfix.daemon_dir}}
# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
#
data_directory = {{vars.postfix.data_dir}}
# QUEUE AND PROCESS OWNERSHIP
#
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
mail_owner = {{vars.postfix.mail_owner}}
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
#myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
#
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain + localhost. On
# a mail domain gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
mydestination = {{#vars.postfix.cfg.mydestination}} {{.}} {{/vars.postfix.cfg.mydestination}}
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
#
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
#
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
#
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
#
# - You redefine the local delivery agent in master.cf.
#
# - You redefine the "local_transport" setting in main.cf.
#
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see local(8)).
#
# Details are described in the LOCAL_RECIPIENT_README file.
#
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a user@domain.tld address.
#
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
# and the recipient address or address local-part is not found.
#
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
#
unknown_local_recipient_reject_code = 550
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in postconf(5).
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = host), Postfix "trusts" only
# the local machine.
#
# Specify "mynetworks_style = subnet" when Postfix should "trust"
# SMTP clients in the same IP subnetworks as the local machine.
# On Linux, this works correctly only with interfaces specified
# with the "ifconfig" or "ip" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
#
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#
#mynetworks_style = class
#mynetworks_style = subnet
mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
#mynetworks = 168.100.3.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:$config_directory/network_table
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_relay_restrictions and
# smtpd_recipient_restrictions descriptions in postconf(5) for detailed
# information.
#
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks, or is
# SASL authenticated) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is empty.
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#
#relay_domains =
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
#
# If you're connected via UUCP, see also the default_transport parameter.
#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
# REJECTING UNKNOWN RELAY USERS
#
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users. This feature is off by default.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a user@domain.tld address.
#
#relay_recipient_maps = hash:$config_directory/relay_recipients
# INPUT RATE CONTROL
#
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
#
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 100 SMTP server process
# limit, this limits the mail inflow to 100 messages a second more
# than the number of messages delivered per second.
#
# Specify 0 to disable the feature. Valid delays are 0..10.
#
#in_flow_delay = 1s
# ADDRESS REWRITING
#
# The ADDRESS_REWRITING_README document gives information about
# address masquerading or other forms of address rewriting including
# username->Firstname.Lastname mapping.
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
#
# The VIRTUAL_README document gives information about the many forms
# of domain hosting that Postfix supports.
# "USER HAS MOVED" BOUNCE MESSAGES
#
# See the discussion in the ADDRESS_REWRITING_README document.
# TRANSPORT MAP
#
# See the discussion in the ADDRESS_REWRITING_README document.
# ALIAS DATABASE
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
#
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
#alias_maps = hash:/etc/mail/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi". This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
#
#alias_database = dbm:/etc/aliases
#alias_database = hash:/etc/mail/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
#
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#
#recipient_delimiter = +
# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
#
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
#
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# make it easier to specify shell syntax (see example below).
#
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
#
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# luser_relay parameters.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
#
# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
# subsequent line in master.cf.
#mailbox_transport = cyrus
# The fallback_transport specifies the optional transport in master.cf
# to use for recipients that are not found in the UNIX passwd database.
# This parameter has precedence over the luser_relay parameter.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
# for unknown recipients. By default, mail for unknown@$mydestination,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
# as undeliverable.
#
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
# $recipient (full recipient address), $extension (recipient address
# extension), $domain (recipient domain), $local (entire recipient
# localpart), $recipient_delimiter. Specify ${name?value} or
# ${name:value} to expand value only when $name does (does not) exist.
#
# luser_relay works only for the default Postfix local delivery agent.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
#
# The controls listed here are only a very small subset. The file
# SMTPD_ACCESS_README provides an overview.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
#
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
#
# For details, see "man header_checks".
#
#header_checks = regexp:$config_directory/header_checks
# FAST ETRN SERVICE
#
# Postfix maintains per-destination logfiles with information about
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# See the ETRN_README document for a detailed description.
#
# The fast_flush_domains parameter controls what destinations are
# eligible for this service. By default, they are all domains that
# this server is willing to relay mail to.
#
#fast_flush_domains = $relay_domains
# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
# How many parallel deliveries to the same user or domain? With local
# delivery, it does not make sense to do massively parallel delivery
# to the same user, because mailbox updates must happen sequentially,
# and expensive pipelines in .forward files can cause disasters when
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
#
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20
# DEBUGGING CONTROL
#
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
#
debug_peer_level = 2
# The debug_peer_list parameter specifies an optional list of domain
# or network patterns, /file/name patterns or type:name tables. When
# an SMTP client or server host name or address matches a pattern,
# increase the verbose logging level by the amount specified in the
# debug_peer_level parameter.
#
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
#
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
# If you can't use X, use this to capture the call stack when a
# daemon crashes. The result is in a file in the configuration
# directory, and is named after the process name and the process ID.
#
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
# >$config_directory/$process_name.$process_id.log & sleep 5
#
# Another possibility is to run gdb under a detached screen session.
# To attach to the screen session, su root and run "screen -r
# <id_string>" where <id_string> uniquely matches one of the detached
# sessions (from "screen -list").
#
# debugger_command =
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id & sleep 1
# INSTALL-TIME CONFIGURATION INFORMATION
#
# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path = {{vars.postfix.sbin_dir}}/sendmail
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = {{vars.postfix.bin_dir}}/newaliases
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
#
mailq_path = {{vars.postfix.bin_dir}}/mailq
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group = {{vars.postfix.mail_group}}
# html_directory: The location of the Postfix HTML documentation.
#
#html_directory = /usr/local/share/doc/postfix
# manpage_directory: The location of the Postfix on-line manual pages.
#
#manpage_directory = /usr/local/man
# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
#sample_directory = /usr/local/etc/postfix
# readme_directory: The location of the Postfix README files.
#
#readme_directory = /usr/local/share/doc/postfix
inet_protocols = all
# smtp CA path (default to system-wide location)
smtp_tls_CApath = /etc/ssl/certs
#meta_directory = /usr/local/libexec/postfix
#shlib_directory = /usr/local/lib/postfix
#
#
milter_default_action = reject
#cyrus_sasl_config_path = /usr/local/lib/sasl2
#
#
#
#
non_smtpd_milters = {{#vars.postfix.cfg.non_smtpd_milters}} {{.}}{{/vars.postfix.cfg.non_smtpd_milters}}
{{vars.postfix.cfg.main_raw}}

132
templates/postfix-master.cf.mustache Normal file
View File

@ -0,0 +1,132 @@
#
# Managed by CFEngine
#
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
#smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
{{#vars.postfix.cfg.services}}
#
# {{comment}}
#
{{@}} {{type}} {{private}} {{unpriv}} {{chroot}} {{wakeup}} {{maxproc}} {{command}}
{{#args}}
{{{.}}}
{{/args}}
{{/vars.postfix.cfg.services}}
# CFEngine Raw Start
{{{vars.postfix.cfg.master_raw}}}
# CFEngine Raw End
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about \dollar{recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d \dollar{recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
# cyrus unix - n n - - pipe
# flags=DRX user=cyrus argv=/usr/local/cyrus/bin/deliver -e -r \dollar{sender} -m \dollar{extension} \dollar{user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m \dollar{extension} \dollar{user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# \dollar{nexthop} \dollar{user} \dollar{extension}
#
#mailman unix - n n - - pipe
# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# \dollar{nexthop} \dollar{user}

8
templates/sympa/list_aliases.tt2.mustache Normal file
View File

@ -0,0 +1,8 @@
#--- [% list.name %]@[% list.domain %]: list transport map created at [% date %]
[% list.name %]@[% list.domain %] sympa:[% list.name %]@[% list.domain %]
[% list.name %]-request@[% list.domain %] sympa:[% list.name %]-request@[% list.domain %]
[% list.name %]-editor@[% list.domain %] sympa:[% list.name %]-editor@[% list.domain %]
#[% list.name %]-subscribe@[% list.domain %] sympa:[% list.name %]-subscribe@[%list.domain %]
[% list.name %]-unsubscribe@[% list.domain %] sympa:[% list.name %]-unsubscribe@[% list.domain %]
[% list.name %][% return_path_suffix %]@[% list.domain %] sympabounce:[% list.name %]@[% list.domain %]

6
templates/sympa/postfix-master-cfg.mustache Normal file
View File

@ -0,0 +1,6 @@
sympa unix - n n - - pipe
flags=hqRu null_sender= user=sympa argv=$(queue_cmd) \dollar{recipient}
sympabounce unix - n n - - pipe
flags=hqRu null_sender= user=sympa argv=$(bouncequeue_cmd) \dollar{user}@\dollar{domain}

9
templates/sympa/postfix-virtual-mailbox-maps-sql.cf.mustache Normal file
View File

@ -0,0 +1,9 @@
user = {{db_user}}
password = {{db_pass}}
hosts = {{db_host}}
dbname = {{db_name}}
query = SELECT 'present' FROM list_table WHERE name_list='%u'
or name_list = replace('%u', '-request', '')
or name_list = replace('%u', '-editor', '')
or name_list = replace('%u', '-subscribe', '')
or name_list = replace('%u', '-unsubscribe', '')

3
templates/sympa/robot.conf Normal file
View File

@ -0,0 +1,3 @@
#
# Managed by CFEngine
#