Compare commits
9 Commits
65e6791166
...
64a7f9dcf7
Author | SHA1 | Date |
---|---|---|
Tobias Herre | 64a7f9dcf7 | |
Tobias Herre | 6e2bd788bf | |
Tobias Herre | ab817d8683 | |
Tobias Herre | 55164ab076 | |
Tobias Herre | 5a9e0b6735 | |
Tobias Herre | 743f75a929 | |
Tobias Herre | ab6d740b09 | |
Tobias Herre | a82cf69ab4 | |
Tobias Herre | 4c0a473bb2 |
|
@ -61,6 +61,8 @@ vars:
|
|||
"modules" data => '[
|
||||
{m:"php",f:"libphp8.2"},
|
||||
{m:"ssl",f:"mod_ssl"},
|
||||
{m:"proxy",f:"mod_proxy"},
|
||||
{m:"proxy_fcgi",f:"mod_proxy_fcgi"}
|
||||
]';
|
||||
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@ vars:
|
|||
"dovecot-core",
|
||||
"dovecot-mysql",
|
||||
"dovecot-managesieved",
|
||||
"dovecot-submissiond",
|
||||
# "dovecot-submissiond",
|
||||
"dovecot-lmtpd",
|
||||
"dovecot-imapd",
|
||||
"dovecot-pop3d"
|
||||
|
|
4
mysql.cf
4
mysql.cf
|
@ -149,11 +149,11 @@ vars:
|
|||
|
||||
files:
|
||||
!create_cron::
|
||||
"/etc/cron.d/$(cfg[db_name])"
|
||||
"/etc/cron.d/dump-mysql-db-$(cfg[db_name])"
|
||||
delete=>tidy;
|
||||
|
||||
create_cron::
|
||||
"/etc/cron.d/$(cfg[db_name])"
|
||||
"/etc/cron.d/dump-mysql-db-$(cfg[db_name])"
|
||||
perms => m("644"),
|
||||
create => "true",
|
||||
content => "
|
||||
|
|
|
@ -0,0 +1,217 @@
|
|||
#
|
||||
#
|
||||
#
|
||||
|
||||
bundle agent postfix(cfg)
|
||||
{
|
||||
vars:
|
||||
|
||||
freebsd::
|
||||
"pkgs" slist => {
|
||||
"postfix-sasl",
|
||||
};
|
||||
"db_dir" string => "/var/db";
|
||||
"service_name" string => "postfix";
|
||||
"cfg_dir" string => "/usr/local/etc/postfix";
|
||||
"master_cf" string => "/usr/local/etc/postfix/master.cf";
|
||||
"main_cf" string => "/usr/local/etc/postfix/main.cf";
|
||||
"mailer_conf" string => "/usr/local/etc/mail/mailer.conf";
|
||||
"mail_group" string => "maildrop";
|
||||
"daemon_dir" string => "/usr/local/libexec/postfix";
|
||||
"queue_dir" string => "/var/spool/postfix";
|
||||
"bin_dir" string => "/usr/local/bin";
|
||||
"sbin_dir" string => "/usr/local/sbin";
|
||||
"user" string => "postfix";
|
||||
"group" string => "wheel";
|
||||
"mail_owner" string => "postfix";
|
||||
|
||||
debian::
|
||||
"pkgs" slist => {
|
||||
"postfix",
|
||||
"postfix-mysql"
|
||||
};
|
||||
"service_name" string => "postfix";
|
||||
"cfg_dir" string => "/etc/postfix";
|
||||
"master_cf" string => "/etc/postfix/master.cf";
|
||||
"main_cf" string => "/etc/postfix/main.cf";
|
||||
"mailer_conf" string => "/usr/local/etc/mail/mailer.conf";
|
||||
"mail_group" string => "postdrop";
|
||||
"daemon_dir" string => "/usr/lib/postfix/sbin";
|
||||
"bin_dir" string => "/usr/bin";
|
||||
"sbin_dir" string => "/usr/sbin";
|
||||
"queue_dir" string => "/var/spool/postfix";
|
||||
"db_dir" string => "/var/db";
|
||||
"user" string => "postfix";
|
||||
"group" string => "postfix";
|
||||
"mail_owner" string => "postfix";
|
||||
"postmap_cmd" string => "/usr/sbin/postmap";
|
||||
any::
|
||||
"data_dir" string => "$(db_dir)/postfix";
|
||||
|
||||
users:
|
||||
debian::
|
||||
"$(postfix.user)"
|
||||
policy => "present",
|
||||
groups_secondary => { "mail","sasl" },
|
||||
classes => if_repaired(postfix_repaired);
|
||||
|
||||
methods:
|
||||
"any" usebundle => wmde_install_packages(@(pkgs),"postfix");
|
||||
"any" usebundle => wmde_service("$(service_name)","postfix_kept","postfix_repaired"),
|
||||
depends_on => {
|
||||
"postfix_pkgs_installed",
|
||||
"postfix_master_cfg_ready",
|
||||
"postfix_main_cfg_ready"
|
||||
};
|
||||
|
||||
files:
|
||||
"$(postfix.cfg_dir)/."
|
||||
create => "true",
|
||||
perms => m(755);
|
||||
|
||||
"$(postfix.db_dir)/."
|
||||
create => "true",
|
||||
perms => mog("755","root","root"),
|
||||
handle => "postfix_db_dir_created";
|
||||
|
||||
"$(postfix.data_dir)/."
|
||||
create => "true",
|
||||
depends_on => {"postfix_db_dir_created"},
|
||||
perms => mog("750","$(postfix.user)","$(postfix.group)");
|
||||
|
||||
|
||||
"$(postfix.main_cf)"
|
||||
classes => if_repaired(postfix_repaired),
|
||||
create => "true",
|
||||
perms => m("644"),
|
||||
template_method => "mustache",
|
||||
handle => "postfix_main_cfg_ready",
|
||||
depends_on => {"postfix_pkgs_installed"},
|
||||
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/postfix-main.cf.mustache";
|
||||
|
||||
vars:
|
||||
"master_cf_content" string => string_mustache(
|
||||
readfile("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/postfix-master.cf.mustache")
|
||||
),
|
||||
handle => "master_cf_content_ready";
|
||||
|
||||
files:
|
||||
|
||||
"$(postfix.master_cf)"
|
||||
create => "true",
|
||||
depends_on => {"postfix_pkgs_installed","master_cf_content_ready"},
|
||||
handle => "postfix_master_cfg_ready",
|
||||
perms => m("644"),
|
||||
classes => if_repaired(postfix_repaired),
|
||||
# content => "$(master_cf_content)";
|
||||
content => regex_replace("$(master_cf_content)", "\\\\dollar", "$", "g");
|
||||
|
||||
# "$(postfix.master_cf)"
|
||||
# create => "true",
|
||||
# template_method => "mustache",
|
||||
# depends_on => {"postfix_pkgs_installed"},
|
||||
# handle => "postfix_master_cfg_ready",
|
||||
# classes => if_repaired(postfix_repaired),
|
||||
# edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/postfix-master.cf.mustache";
|
||||
|
||||
|
||||
reports:
|
||||
|
||||
}
|
||||
|
||||
bundle agent install_postfix
|
||||
{
|
||||
|
||||
services:
|
||||
"$(postfix.service_name)"
|
||||
depends_on => {"postfix_installed"},
|
||||
service_policy => "start",
|
||||
handle => "postfix_running";
|
||||
|
||||
"postfix_changed"::
|
||||
"$(postfix.service_name)"
|
||||
service_policy => "restart",
|
||||
depends_on => {"postfix_installed","postfix_running"};
|
||||
|
||||
packages:
|
||||
freebsd::
|
||||
"$(postfix.pkgs)"
|
||||
policy => "present",
|
||||
package_module => pkg,
|
||||
classes => if_repaired(postfix_changed),
|
||||
handle=>"postfix_installed";
|
||||
|
||||
debian::
|
||||
"$(postfix.pkgs)"
|
||||
policy => "present",
|
||||
package_module => apt_get,
|
||||
classes => if_repaired(postfix_changed),
|
||||
handle=>"postfix_installed";
|
||||
|
||||
#perms => uperm("$(postfix.user)","$(postfix.group)","750");
|
||||
reports:
|
||||
"postfix_installed"::
|
||||
"Postfix was installed";
|
||||
|
||||
}
|
||||
|
||||
body perms m_rxdirs_on(mode)
|
||||
{
|
||||
inherit_from => m( $(mode) );
|
||||
rxdirs => "true";
|
||||
}
|
||||
|
||||
bundle agent postfix_vimbadmin_sql(cfg)
|
||||
{
|
||||
vars:
|
||||
"file[virtual_alias_maps]" string =>"query = SELECT goto FROM alias WHERE address = '%s' AND active = '1'";
|
||||
"file[virtual_domains_maps]" string => "query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'";
|
||||
"file[virtual_mailbox_maps]" string => "query = SELECT maildir FROM mailbox WHERE username = '%s' AND active = '1'";
|
||||
# "file[relay_domains]" string => "query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'";
|
||||
# "file[relay_recipient_maps]" string => "query = SELECT maildir FROM mailbox WHERE username = '%s' AND active = '1'";
|
||||
|
||||
"idx" slist => getindices("file");
|
||||
|
||||
"sql_dir" string => "$(postfix.cfg_dir)/sql";
|
||||
|
||||
"$(idx)" string => "$(sql_dir)/$(idx).sql";
|
||||
files:
|
||||
"$(sql_dir)/."
|
||||
create => "true",
|
||||
perms => m("755");
|
||||
|
||||
"$(sql_dir)/$(idx).sql"
|
||||
create=>"true",
|
||||
perms=>m("644"),
|
||||
content=>"
|
||||
user = $(cfg[db_user])
|
||||
password = $(cfg[db_pass])
|
||||
hosts = $(cfg[db_host])
|
||||
dbname = $(cfg[db_name])
|
||||
$(file[$(idx)])
|
||||
";
|
||||
|
||||
reports:
|
||||
|
||||
}
|
||||
|
||||
bundle agent postfix_copy_tsv(src_dir,dst_dir,file)
|
||||
{
|
||||
|
||||
classes:
|
||||
"run_postmap" expression => fileexists("$(dst_dir)/$(file).db");
|
||||
|
||||
files:
|
||||
"$(dst_dir)/$(file).tsv"
|
||||
copy_from => sync_cp("$(src_dir)/$(file).tsv","$(sys.policy_hub)"),
|
||||
classes => if_repaired(run_postmap); #"postfix_$(file)_changed");
|
||||
commands:
|
||||
run_postmap::
|
||||
"$(postfix.postmap_cmd)"
|
||||
args => "$(dst_dir)/$(file).tsv";
|
||||
|
||||
|
||||
reports:
|
||||
|
||||
}
|
||||
|
|
@ -74,7 +74,6 @@ commands:
|
|||
|
||||
methods:
|
||||
run_backups::
|
||||
# "any" usebundle => mysql_backup_db(@(cfg),"$(cfg[backup_dir])/roundcube.sql");
|
||||
"any" usebundle => create_mysql_backup_cron_job(@(cfg),"$(cfg[backup_dir])/roundcube.sql","users","true");
|
||||
!run_backups::
|
||||
"any" usebundle => create_mysql_backup_cron_job(@(cfg),"$(cfg[backup_dir])/roundcube.sql","users","false");
|
||||
|
|
|
@ -0,0 +1,498 @@
|
|||
#
|
||||
#
|
||||
#
|
||||
|
||||
bundle agent sympa
|
||||
{
|
||||
classes:
|
||||
"sympa_b";
|
||||
|
||||
vars:
|
||||
debian&sympa_b::
|
||||
"lib_dir" string => "/usr/lib/sympa";
|
||||
"var_lib_dir" string => "/var/lib/sympa";
|
||||
"share_dir" string => "/usr/share/sympa";
|
||||
"conf_dir" string => "/etc/sympa";
|
||||
"sympa_conf" string => "$(conf_dir)/sympa/sympa.conf";
|
||||
"service_name" string => "sympa";
|
||||
"wwservice_name" string => "wwsympa";
|
||||
"wwsympa_socket" string => "/var/run/sympa/wwsympa.socket";
|
||||
"sympa_pl_cmd" string => "/usr/bin/sympa";
|
||||
|
||||
"pkgs" slist => {
|
||||
"sympa"
|
||||
};
|
||||
|
||||
|
||||
debian&sympa_s::
|
||||
"install_dir" string => "/usr/local/sympa";
|
||||
"queue_cmd" string => "$(install_dir)/bin/queue";
|
||||
"bouncequeue_cmd" string => "$(install_dir)/bin/bouncequeue";
|
||||
|
||||
"static_content_dir" string => "$(install_dir)/static_content";
|
||||
"css_dir" string => "$(static_content_dir)/css";
|
||||
"pictures_dir" string => "$(static_content_dir)/pictures";
|
||||
|
||||
any::
|
||||
|
||||
|
||||
"queue_cmd" string => "$(lib_dir)/bin/queue";
|
||||
"bouncequeue_cmd" string => "$(lib_dir)/bin/bouncequeue";
|
||||
|
||||
|
||||
"static_content_dir" string => "$(share_dir)/static_content";
|
||||
"pictures_dir" string => "$(static_content_dir)/pictures";
|
||||
"css_dir" string => "$(var_lib_dir)/css";
|
||||
|
||||
"sendmail_aliases" string => "$(conf_dir)/sympa_transport";
|
||||
|
||||
"postfix_master_cfg" string => readfile("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/sympa/postfix-master-cfg.mustache");
|
||||
|
||||
"apache_cfg" string =>
|
||||
"
|
||||
<IfModule mod_proxy_fcgi.c>
|
||||
|
||||
Alias /css-sympa $(sympa.css_dir)
|
||||
Alias /pictures-sympa $(sympa.pictures_dir)
|
||||
Alias /static-sympa $(sympa.static_content_dir)
|
||||
|
||||
<Directory $(sympa.static_content_dir)>
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
<Directory $(sympa.css_dir)>
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
<Directory $(sympa.pictures_dir)>
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
<LocationMatch \\\"^/(?!.*-sympa)\\\">
|
||||
SetHandler \\\"proxy:unix:$(sympa.wwsympa_socket)|fcgi://\\\"
|
||||
Require all granted
|
||||
</LocationMatch>
|
||||
|
||||
</IfModule>
|
||||
|
||||
";
|
||||
|
||||
|
||||
reports:
|
||||
# "MUSTACHE: $(postfix_master_cfg_m)";
|
||||
# "RF: $(sys.workdir)/inputs/$(wmde_lib)/templates/sympa-postfix-master-cfg.mustache";
|
||||
}
|
||||
|
||||
|
||||
bundle agent sympa_init_db(cfg)
|
||||
{
|
||||
classes:
|
||||
"run_backups" expression => isvariable("cfg[backup_dir]");
|
||||
|
||||
run_backups::
|
||||
"sql_backup_exists" expression => fileexists("$(cfg[backup_dir])/sympa.sql");
|
||||
|
||||
methods:
|
||||
"any" usebundle => mysql_table_exists(@(cfg[db_settings]),"user_table");
|
||||
|
||||
run_backups::
|
||||
"any" usebundle => restore_mysql_db(@(cfg[db_settings]),"$(cfg[backup_dir])/sympa.sql"),
|
||||
depends_on => {"sympa_config_updated"},
|
||||
if => "sql_backup_exists&(!mysql_sympa_user_table_exists)",
|
||||
handle => "sympa_db_initialized";
|
||||
commands:
|
||||
"!mysql_sympa_user_table_exists"::
|
||||
"$(sympa.sympa_pl_cmd)"
|
||||
args => "--health_check",
|
||||
handle => "sympa_db_initialized",
|
||||
depends_on => {"sympa_config_updated"};
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
bundle agent sympa_create_postfix_maps
|
||||
{
|
||||
classes:
|
||||
"sympa_run_postmap" expression => not(fileexists("$(sympa.sendmail_aliases).db"));
|
||||
files:
|
||||
"$(sympa.sendmail_aliases)"
|
||||
create => "true",
|
||||
classes => if_repaired("sympa_run_postmap"),
|
||||
perms => mog("644","sympa","sympa"),
|
||||
handle => "sympa_sendmail_aliases_created";
|
||||
|
||||
"$(sympa.conf_dir)/list_aliases.tt2"
|
||||
create => "true",
|
||||
copy_from => local_dcp("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/sympa/list_aliases.tt2.mustache"),
|
||||
perms => mog("644","sympa","sympa");
|
||||
|
||||
commands:
|
||||
"sympa_run_postmap"::
|
||||
"$(postfix.postmap_cmd)"
|
||||
args => "$(sympa.sendmail_aliases)",
|
||||
classes => if_repaired("postfix_repaired"),
|
||||
depends_on => {"sympa_sendmail_aliases_created"};
|
||||
reports:
|
||||
"create maps";
|
||||
"sympa_sendmail_aliases_repaired"::
|
||||
"POSTMAP CALL";
|
||||
|
||||
}
|
||||
|
||||
bundle agent sympa_postfix_sql(cfg)
|
||||
{
|
||||
vars:
|
||||
"file[sympa_virtual_mailbox_maps]" string => "query = SELECT 'present' FROM list_table WHERE name_list='%u'
|
||||
or name_list = replace('%u', '-request', '')
|
||||
or name_list = replace('%u', '-editor', '')
|
||||
or name_list = replace('%u', '-subscribe', '')
|
||||
or name_list = replace('%u', '-unsubscribe', '')
|
||||
";
|
||||
|
||||
"idx" slist => getindices("file");
|
||||
|
||||
"sql_dir" string => "$(postfix.cfg_dir)/sql";
|
||||
"$(idx)" string => "$(sql_dir)/$(idx).sql";
|
||||
files:
|
||||
"$(sql_dir)/."
|
||||
create => "true",
|
||||
perms => m("755");
|
||||
|
||||
"$(sql_dir)/$(idx).sql"
|
||||
create=>"true",
|
||||
perms=>m("644"),
|
||||
content=>"
|
||||
user = $(cfg[db_user])
|
||||
password = $(cfg[db_pass])
|
||||
hosts = $(cfg[db_host])
|
||||
dbname = $(cfg[db_name])
|
||||
$(file[$(idx)])
|
||||
";
|
||||
|
||||
reports:
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
bundle agent sympa_update_config(cfg)
|
||||
{
|
||||
vars:
|
||||
"default_settings" data => '{
|
||||
"aliases_db_type":"hash",
|
||||
"aliases_program":"$(postfix.postmap_cmd)",
|
||||
"sendmail_aliases":"$(sympa.sendmail_aliases)",
|
||||
"db_type":"$(cfg[db_settings][db_type])",
|
||||
"db_name":"$(cfg[db_settings][db_name])",
|
||||
"db_host":"$(cfg[db_settings][db_host])",
|
||||
"db_passwd":"$(cfg[db_settings][db_pass])",
|
||||
"db_user":"$(cfg[db_settings][db_user])"
|
||||
|
||||
}';
|
||||
|
||||
"settings_data" data => mergedata(@(default_settings),@(cfg[settings]));
|
||||
|
||||
"idx" slist => getindices(@(settings_data));
|
||||
"settings[$(idx)]" string => "$(settings_data[$(idx)])";
|
||||
|
||||
files:
|
||||
"$(sympa.sympa_conf)"
|
||||
edit_line => set_config_values("$(this.bundle).settings"),
|
||||
handle => "sympa_config_updated",
|
||||
classes => if_repaired("sympa_repaired"),
|
||||
depends_on => { "sympa_pkgs_installed" };
|
||||
|
||||
reports:
|
||||
}
|
||||
|
||||
|
||||
bundle agent install_sympa_domain(domain,data)
|
||||
{
|
||||
vars:
|
||||
"default_settings" data => '{
|
||||
}';
|
||||
|
||||
"settings_data" data => mergedata(@(default_settings),@(data[settings]));
|
||||
|
||||
"idx" slist => getindices(@(settings_data));
|
||||
"settings[$(idx)]" string => "$(settings_data[$(idx)])";
|
||||
"settings[domain]" string => "$(domain)";
|
||||
|
||||
files:
|
||||
"$(sympa.conf_dir)/$(domain)/."
|
||||
create => "true",
|
||||
perms => m("755");
|
||||
|
||||
"$(sympa.conf_dir)/$(domain)/robot.conf"
|
||||
perms => m("644"),
|
||||
copy_from => seed_cp("$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/sympa/robot.conf"),
|
||||
handle => "sympa_robot_$(domain)_ready";
|
||||
|
||||
"$(sympa.conf_dir)/$(domain)/robot.conf"
|
||||
create => "true",
|
||||
perms => m("644"), #"sympa","sympa"),
|
||||
edit_line => set_config_values("$(this.bundle).settings"),
|
||||
handle => "sympa_robots_created",
|
||||
classes => if_repaired("sympa_repaired"),
|
||||
depends_on => { "sympa_pkgs_installed","sympa_robot_$(domain)_ready" };
|
||||
|
||||
reports:
|
||||
# "INSTALL DOMAIN $(domain)";
|
||||
# "WWSYMuRL:$(data[settings][wwsympa_url])";
|
||||
# "OUT: $(settings)";
|
||||
# "JO: $(jo)";
|
||||
}
|
||||
|
||||
bundle agent install_sympa_domains(dl)
|
||||
{
|
||||
vars:
|
||||
"idx" slist => getindices(@(dl));
|
||||
methods:
|
||||
"any" usebundle => install_sympa_domain("$(idx)",@(dl[$(idx)]));
|
||||
|
||||
reports:
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
bundle agent install_sympa(cfg)
|
||||
{
|
||||
vars:
|
||||
# "cfg_domains" data => @(cfg[domains]);
|
||||
"domains_idx" slist => getindices(@(cfg[domains]));
|
||||
# "cfg_domains" slist => {"a","b","c"};
|
||||
methods:
|
||||
"any" usebundle => wmde_install_packages(@(sympa.pkgs),"sympa");
|
||||
"any" usebundle => sympa_update_config(@(cfg));
|
||||
"any" usebundle => sympa_init_db(@(cfg));
|
||||
|
||||
"any" usebundle => wmde_service("$(sympa.service_name)","sympa_kept","sympa_repaired"),
|
||||
depends_on => {
|
||||
"sympa_pkgs_installed",
|
||||
"sympa_config_updated"
|
||||
};
|
||||
"any" usebundle => wmde_service("$(sympa.wwservice_name)","sympa_kept","sympa_repaired"),
|
||||
depends_on => {
|
||||
"sympa_pkgs_installed",
|
||||
"sympa_config_updated",
|
||||
"sympa_robots_created"
|
||||
};
|
||||
|
||||
# "any" usebundle => install_sympa_domain("@(cfg[domains][$(domains_idx)])");
|
||||
"any" usebundle => install_sympa_domains(@(cfg[domains2]));
|
||||
reports:
|
||||
# "IDX $(domains_idx)";
|
||||
# "DOMCONF: $(cfg[$(idx)])";
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
bundle agent install_sympa_src(cfg)
|
||||
{
|
||||
classes:
|
||||
"run_backups" expression => isvariable("cfg[backup_dir]");
|
||||
|
||||
run_backups::
|
||||
"sql_backup_exists" expression => fileexists("$(cfg[backup_dir])/sympa.sql");
|
||||
|
||||
methods:
|
||||
"any" usebundle => mysql_table_exists(@(cfg),"user_table");
|
||||
|
||||
"run_backups&sql_backup_exists&(!mysql_sympa_user_table_exists)"::
|
||||
"any" usebundle => restore_mysql_db(@(cfg),"$(cfg[backup_dir])/sympa.sql");
|
||||
|
||||
|
||||
vars:
|
||||
debian::
|
||||
"pkgs" slist => {
|
||||
"clang",
|
||||
"gcc",
|
||||
"make",
|
||||
"mhonarc",
|
||||
"libdbd-mysql-perl",
|
||||
"spawn-fcgi",
|
||||
"libdbd-mysql-perl",
|
||||
"libdatetime-format-mail-perl",
|
||||
"libmime-encwords-perl",
|
||||
"libmime-lite-html-perl",
|
||||
"cpanminus"
|
||||
};
|
||||
"cfg_file" string => "/etc/sympa/sympa.conf";
|
||||
"log_file" string => "/var/log/sympa.log";
|
||||
"syslog_cfg" string => "/etc/rsyslog.d/sympa.conf";
|
||||
"syslog_service" string => "rsyslog";
|
||||
freebsd::
|
||||
"pkgs" slist => {};
|
||||
"cfg_file" string => "/usr/local/etc/sympa/sympa.conf";
|
||||
"log_file" string => "/var/log/sympa.log";
|
||||
"syslog_cfg" string => "/etc/syslog.d/sympa.conf";
|
||||
"syslog_service" string => "syslogd";
|
||||
|
||||
any::
|
||||
"src_tgz" string => "sympa-$(cfg[version]).tar.gz";
|
||||
"extract_dir" string => "$(sys.workdir)/data/agent/sympa";
|
||||
"compile_dir" string => "$(extract_dir)/sympa-$(cfg[version])";
|
||||
|
||||
"configure_options" string => "--prefix $(sympa.install_dir)";
|
||||
|
||||
"sympa_pl_cmd" string => "$(sympa.install_dir)/bin/sympa.pl";
|
||||
|
||||
classes:
|
||||
"compile_and_install" expression => not(fileexists("$(compile_dir)/installed.txt"));
|
||||
|
||||
commands:
|
||||
'if grep -q sympa /etc/group ; then echo "+sympa_group_exists"; else echo "-sympa_group_exists" ; fi'
|
||||
module => "true",
|
||||
inform => "false",
|
||||
contain => wmde_cmd_useshell;
|
||||
|
||||
|
||||
debian&(!sympa_group_exists)::
|
||||
"/usr/sbin/groupadd"
|
||||
args => "sympa",
|
||||
handle => "sympa_group_created";
|
||||
debian&sympa_group_exists::
|
||||
"/usr/bin/true"
|
||||
inform => "false",
|
||||
handle => "sympa_group_created";
|
||||
|
||||
methods:
|
||||
"any" usebundle => wmde_install_packages(@(pkgs),"sympabuild");
|
||||
|
||||
files:
|
||||
"$(extract_dir)/."
|
||||
create => "true",
|
||||
handle => "sympa_extract_dir_created";
|
||||
|
||||
users:
|
||||
"sympa"
|
||||
policy => "present",
|
||||
description => "Sympa System",
|
||||
home_dir => "$(sympa.install_dir)",
|
||||
group_primary => "sympa",
|
||||
depends_on => {"sympa_group_created"},
|
||||
shell => "/bin/bash";
|
||||
|
||||
methods:
|
||||
"any" usebundle => download_and_untar (
|
||||
"sympa",
|
||||
"$(def.hub_public_dir)/$(src_tgz)",
|
||||
"$(sys.workdir)/data/public/$(src_tgz)",
|
||||
"$(extract_dir)",
|
||||
"$(compile_dir)/configure"
|
||||
),
|
||||
depends_on => {"sympabuild_pkgs_installed","sympa_extract_dir_created"},
|
||||
handle => "sympa_downloaded";
|
||||
|
||||
commands:
|
||||
compile_and_install::
|
||||
"cd $(compile_dir) && ./configure $(configure_options) && make && make install && cpanm --installdeps --with-recommends -n . && touch installed.txt"
|
||||
contain => wmde_cmd_useshell,
|
||||
depends_on => {"sympa_downloaded"},
|
||||
handle => "sympa_installed";
|
||||
|
||||
!compile_and_install::
|
||||
"/usr/bin/true"
|
||||
inform => "false",
|
||||
handle => "sympa_installed";
|
||||
|
||||
|
||||
vars:
|
||||
"settings[domain]" string => "$(cfg[domain])";
|
||||
"settings[listmaster]" string => "$(cfg[listmaster])";
|
||||
"settings[db_type]" string => "$(cfg[db_type])";
|
||||
"settings[db_host]" string => "$(cfg[db_host])";
|
||||
"settings[db_user]" string => "$(cfg[db_user])";
|
||||
"settings[db_passwd]" string => "$(cfg[db_pass])";
|
||||
"settings[wwsympa_url]" string => "$(cfg[wwsympa_url])";
|
||||
"settings[listmaster]" string => "$(cfg[listmaster])";
|
||||
"settings[sendmail_aliases]" string=> "$(cfg[sendmail_aliases])";
|
||||
"settings[aliases_program]" string=> "$(cfg[aliases_program])";
|
||||
|
||||
|
||||
files:
|
||||
"$(cfg_file)"
|
||||
edit_line => set_config_values("$(this.bundle).settings"),
|
||||
handle => "sympa_config_edited_old",
|
||||
classes => if_repaired("sympa_config_changed"),
|
||||
depends_on => { "sympa_installed" };
|
||||
|
||||
commands:
|
||||
"sympa_config_changed|(!mysql_sympa_user_table_exists)"::
|
||||
"$(sympa.sympa_pl_cmd)"
|
||||
args => "--health_check",
|
||||
depends_on => {"sympa_config_edited_old"};
|
||||
|
||||
|
||||
# Sympa Logs
|
||||
files:
|
||||
"$(log_file)"
|
||||
create=>"true",
|
||||
perms=>m("644");
|
||||
|
||||
"$(syslog_cfg)"
|
||||
create=>"true",
|
||||
content=>"local1.* -/var/log/sympa.log
|
||||
",
|
||||
handle => "sympa_syslog_cfg_ready",
|
||||
classes => if_repaired("sympa_syslog_cfg_repaired");
|
||||
|
||||
services:
|
||||
sympa_syslog_cfg_repaired::
|
||||
"$(syslog_service)"
|
||||
depends_on => {"sympa_syslog_cfg_ready"},
|
||||
service_policy=>"restart";
|
||||
|
||||
|
||||
# Configure Backup stuff
|
||||
files:
|
||||
run_backups::
|
||||
"$(cfg[backup_dir])/."
|
||||
create => "true";
|
||||
methods:
|
||||
run_backups::
|
||||
"any" usebundle => create_mysql_backup_cron_job(@(cfg),"$(cfg[backup_dir])/sympa.sql","user_table","true");
|
||||
!run_backups::
|
||||
"any" usebundle => create_mysql_backup_cron_job(@(cfg),"$(cfg[backup_dir])/sympa.sql","user_table","false");
|
||||
|
||||
|
||||
|
||||
|
||||
reports:
|
||||
|
||||
}
|
|
@ -0,0 +1,776 @@
|
|||
#
|
||||
# Managed by CFengine
|
||||
#
|
||||
#
|
||||
|
||||
##
|
||||
## opendkim.conf -- configuration file for OpenDKIM filter
|
||||
##
|
||||
## Copyright (c) 2010-2015, The Trusted Domain Project. All rights reserved.
|
||||
##
|
||||
|
||||
##
|
||||
## For settings that refer to a "dataset", see the opendkim(8) man page.
|
||||
##
|
||||
|
||||
## DEPRECATED CONFIGURATION OPTIONS
|
||||
##
|
||||
## The following configuration options are no longer valid. They should be
|
||||
## removed from your existing configuration file to prevent potential issues.
|
||||
## Failure to do so may result in opendkim being unable to start.
|
||||
##
|
||||
## Removed in 2.10.0:
|
||||
## AddAllSignatureResults
|
||||
## ADSPAction
|
||||
## ADSPNoSuchDomain
|
||||
## BogusPolicy
|
||||
## DisableADSP
|
||||
## LDAPSoftStart
|
||||
## LocalADSP
|
||||
## NoDiscardableMailTo
|
||||
## On-PolicyError
|
||||
## SendADSPReports
|
||||
## UnprotectedPolicy
|
||||
|
||||
## CONFIGURATION OPTIONS
|
||||
|
||||
## AllowSHA1Only { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## By default, the filter will refuse to start if support for SHA256 is
|
||||
## not available since this violates the strong recommendations of
|
||||
## RFC6376 Section 3.3, which says:
|
||||
##
|
||||
## "Verifiers MUST implement both rsa-sha1 and rsa-sha256. Signers MUST
|
||||
## implement and SHOULD sign using rsa-sha256."
|
||||
##
|
||||
## This forces that violation to be explicitly selected by the administrator.
|
||||
|
||||
# AllowSHA1Only no
|
||||
|
||||
## AlwaysAddARHeader { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## Add an "Authentication-Results:" header even to unsigned messages
|
||||
## from domains with no "signs all" policy. The reported DKIM result
|
||||
## will be "none" in such cases. Normally unsigned mail from non-strict
|
||||
## domains does not cause the results header to be added.
|
||||
|
||||
# AlwaysAddARHeader no
|
||||
|
||||
## AuthservID string
|
||||
## default (local host name)
|
||||
##
|
||||
## Defines the "authserv-id" token to be used when generating
|
||||
## Authentication-Results headers after message verification.
|
||||
|
||||
# AuthservID example.com
|
||||
|
||||
## AuthservIDWithJobID
|
||||
## default "no"
|
||||
##
|
||||
## Appends a "/" followed by the MTA's job ID to the "authserv-id" token
|
||||
## when generating Authentication-Results headers after message verification.
|
||||
|
||||
# AuthservIDWithJobId no
|
||||
|
||||
## AutoRestart { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## Indicate whether or not the filter should arrange to restart automatically
|
||||
## if it crashes.
|
||||
|
||||
# AutoRestart No
|
||||
|
||||
## AutoRestartCount n
|
||||
## default 0
|
||||
##
|
||||
## Sets the maximum automatic restart count. After this number of
|
||||
## automatic restarts, the filter will give up and terminate. A value of 0
|
||||
## implies no limit.
|
||||
|
||||
# AutoRestartCount 0
|
||||
|
||||
## AutoRestartRate n/t[u]
|
||||
## default (none)
|
||||
##
|
||||
## Sets the maximum automatic restart rate. See the opendkim.conf(5)
|
||||
## man page for the format of this parameter.
|
||||
|
||||
# AutoRestartRate n/tu
|
||||
|
||||
## Background { yes | no }
|
||||
## default "yes"
|
||||
##
|
||||
## Indicate whether or not the filter should run in the background.
|
||||
|
||||
# Background Yes
|
||||
|
||||
## BaseDirectory path
|
||||
## default (none)
|
||||
##
|
||||
## Causes the filter to change to the named directory before beginning
|
||||
## operation. Thus, cores will be dumped here and configuration files
|
||||
## are read relative to this location.
|
||||
|
||||
# BaseDirectory /var/run/opendkim
|
||||
|
||||
## BodyLengthDB dataset
|
||||
## default (none)
|
||||
##
|
||||
## A data set that is checked against envelope recipients to see if a
|
||||
## body length tag should be included in the generated signature.
|
||||
## This has security implications; see opendkim.conf(5) for details.
|
||||
|
||||
# BodyLengthDB dataset
|
||||
|
||||
## Canonicalization hdrcanon[/bodycanon]
|
||||
## default "simple/simple"
|
||||
##
|
||||
## Select canonicalizations to use when signing. If the "bodycanon" is
|
||||
## omitted, "simple" is used. Valid values for each are "simple" and
|
||||
## "relaxed".
|
||||
|
||||
# Canonicalization simple/simple
|
||||
|
||||
## ClockDrift n
|
||||
## default 300
|
||||
##
|
||||
## Specify the tolerance range for expired signatures or signatures
|
||||
## which appear to have timestamps in the future, allowing for clock
|
||||
## drift.
|
||||
|
||||
# ClockDrift 300
|
||||
|
||||
## Diagnostics { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## Specifies whether or not signatures with header diagnostic tags should
|
||||
## be generated.
|
||||
|
||||
# Diagnostics No
|
||||
|
||||
## DNSTimeout n
|
||||
## default 10
|
||||
##
|
||||
## Specify the time in seconds to wait for replies from the nameserver when
|
||||
## requesting keys or signing policies.
|
||||
|
||||
# DNSTimeout 10
|
||||
|
||||
## Domain dataset
|
||||
## default (none)
|
||||
##
|
||||
## Specify for which domain(s) signing should be done. No default; must
|
||||
## be specified for signing.
|
||||
|
||||
Domain {{#cfg.domains}} {{.}} {{/cfg.domains}}
|
||||
|
||||
## DomainKeysCompat { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## When enabled, backward compatibility with DomainKeys (RFC4870) key
|
||||
## records is enabled. Otherwise, such key records are considered to be
|
||||
## syntactically invalid.
|
||||
|
||||
# DomainKeysCompat no
|
||||
|
||||
## DontSignMailTo dataset
|
||||
## default (none)
|
||||
##
|
||||
## Gives a list of recipient addresses or address patterns whose mail should
|
||||
## not be signed.
|
||||
|
||||
# DontSignMailTo addr1,addr2,...
|
||||
|
||||
## EnableCoredumps { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## On systems which have support for such, requests that the kernel dump
|
||||
## core even though the process may change user ID during its execution.
|
||||
|
||||
# EnableCoredumps no
|
||||
|
||||
## ExemptDomains dataset
|
||||
## default (none)
|
||||
##
|
||||
## A data set of domain names that are checked against the message sender's
|
||||
## domain. If a match is found, the message is ignored by the filter.
|
||||
|
||||
# ExemptDomains domain1,domain2,...
|
||||
|
||||
## ExternalIgnoreList filename
|
||||
##
|
||||
## Names a file from which a list of externally-trusted hosts is read.
|
||||
## These are hosts which are allowed to send mail through you for signing.
|
||||
## Automatically contains 127.0.0.1. See man page for file format.
|
||||
|
||||
# ExternalIgnoreList filename
|
||||
|
||||
## FixCRLF { yes | no }
|
||||
##
|
||||
## Requests that the library convert "naked" CR and LF characters to
|
||||
## CRLFs during canonicalization. The default is "no".
|
||||
|
||||
# FixCRLF no
|
||||
|
||||
## IgnoreMalformedMail { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## Silently passes malformed messages without alteration. This includes
|
||||
## messages that fail the RequiredHeaders check, if enabled. The default is
|
||||
## to pass those messages but add an Authentication-Results field indicating
|
||||
## that they were malformed.
|
||||
|
||||
# IgnoreMalformedMail no
|
||||
|
||||
## InternalHosts dataset
|
||||
## default "127.0.0.1"
|
||||
##
|
||||
## Names a file from which a list of internal hosts is read. These are
|
||||
## hosts from which mail should be signed rather than verified.
|
||||
## Automatically contains 127.0.0.1.
|
||||
#
|
||||
InternalHosts {{mynetworks_head}} {{#mynetworks_tail}} ,{{.}}{{/mynetworks_tail}}
|
||||
|
||||
# InternalHosts dataset
|
||||
|
||||
## KeepTemporaryFiles { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## If set, causes temporary files generated during message signing or
|
||||
## verifying to be left behind for debugging use. Not for normal operation;
|
||||
## can fill your disks quite fast on busy systems.
|
||||
|
||||
# KeepTemporaryFiles no
|
||||
|
||||
## KeyFile filename
|
||||
## default (none)
|
||||
##
|
||||
## Specifies the path to the private key to use when signing. Ignored if
|
||||
## SigningTable and KeyTable are used. No default; must be specified for
|
||||
## signing if SigningTable/KeyTable are not in use.
|
||||
|
||||
#KeyFile /var/db/dkim/example.private
|
||||
KeyFile {{cfg.keyfile}}
|
||||
#/var/db/dkim/example.private
|
||||
|
||||
## KeyTable dataset
|
||||
## default (none)
|
||||
##
|
||||
## Defines a table that will be queried to convert key names to
|
||||
## sets of data of the form (signing domain, signing selector, private key).
|
||||
## The private key can either contain a PEM-formatted private key,
|
||||
## a base64-encoded DER format private key, or a path to a file containing
|
||||
## one of those.
|
||||
|
||||
# KeyTable dataset
|
||||
|
||||
## LogWhy { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## If logging is enabled (see Syslog below), issues very detailed logging
|
||||
## about the logic behind the filter's decision to either sign a message
|
||||
## or verify it. The logic behind the decision is non-trivial and can be
|
||||
## confusing to administrators not familiar with its operation. A
|
||||
## description of how the decision is made can be found in the OPERATIONS
|
||||
## section of the opendkim(8) man page. This causes a large increase
|
||||
## in the amount of log data generated for each message, so it should be
|
||||
## limited to debugging use and not enabled for general operation.
|
||||
|
||||
# LogWhy no
|
||||
|
||||
## MacroList macro[=value][,...]
|
||||
##
|
||||
## Gives a set of MTA-provided macros which should be checked to see
|
||||
## if the sender has been determined to be a local user and therefore
|
||||
## whether or not signing should be done. See opendkim.conf(5) for
|
||||
## more information.
|
||||
|
||||
# MacroList foo=bar,baz=blivit
|
||||
|
||||
## MaximumHeaders n
|
||||
##
|
||||
## Disallow messages whose header blocks are bigger than "n" bytes.
|
||||
## Intended to detect and block a denial-of-service attack. The default
|
||||
## is 65536. A value of 0 disables this test.
|
||||
|
||||
# MaximumHeaders n
|
||||
|
||||
## MaximumSignaturesToVerify n
|
||||
## (default 3)
|
||||
##
|
||||
## Verify no more than "n" signatures on an arriving message.
|
||||
## A value of 0 means "no limit".
|
||||
|
||||
# MaximumSignaturesToVerify n
|
||||
|
||||
## MaximumSignedBytes n
|
||||
##
|
||||
## Don't sign more than "n" bytes of the message. The default is to
|
||||
## sign the entire message. Setting this implies "BodyLengths".
|
||||
|
||||
# MaximumSignedBytes n
|
||||
|
||||
## MilterDebug n
|
||||
##
|
||||
## Request a debug level of "n" from the milter library. The default is 0.
|
||||
|
||||
# MilterDebug 0
|
||||
|
||||
## Minimum n[% | +]
|
||||
## default 0
|
||||
##
|
||||
## Sets a minimum signing volume; one of the following formats:
|
||||
## n at least n bytes (or the whole message, whichever is less)
|
||||
## must be signed
|
||||
## n% at least n% of the message must be signed
|
||||
## n+ if a length limit was presented in the signature, no more than
|
||||
## n bytes may have been added
|
||||
|
||||
# Minimum n
|
||||
|
||||
## MinimumKeyBits n
|
||||
## default 1024
|
||||
##
|
||||
## Causes the library not to accept signatures matching keys made of fewer
|
||||
## than the specified number of bits, even if they would otherwise pass
|
||||
## DKIM signing.
|
||||
|
||||
# MinimumKeyBits 1024
|
||||
|
||||
## Mode [sv]
|
||||
## default sv
|
||||
##
|
||||
## Indicates which mode(s) of operation should be provided. "s" means
|
||||
## "sign", "v" means "verify".
|
||||
|
||||
# Mode sv
|
||||
|
||||
## MTA dataset
|
||||
## default (none)
|
||||
##
|
||||
## Specifies a list of MTAs whos mail should always be signed rather than
|
||||
## verified. The "mtaname" is extracted from the DaemonPortOptions line
|
||||
## in effect.
|
||||
|
||||
# MTA name
|
||||
|
||||
## MultipleSignatures { yes | no }
|
||||
## default no
|
||||
##
|
||||
## Allows multiple signatures to be added. If set to "true" and a SigningTable
|
||||
## is in use, all SigningTable entries that match the candidate message will
|
||||
## cause a signature to be added. Otherwise, only the first matching
|
||||
## SigningTable entry will be added, or only the key defined by Domain,
|
||||
## Selector and KeyFile will be added.
|
||||
|
||||
# MultipleSignatures no
|
||||
|
||||
## MustBeSigned dataset
|
||||
## default (none)
|
||||
##
|
||||
## Defines a list of headers which, if present on a message, must be
|
||||
## signed for the signature to be considered acceptable.
|
||||
|
||||
# MustBeSigned header1,header2,...
|
||||
|
||||
## Nameservers addr1[,addr2[,...]]
|
||||
## default (none)
|
||||
##
|
||||
## Provides a comma-separated list of IP addresses that are to be used when
|
||||
## doing DNS queries to retrieve DKIM keys, VBR records, etc.
|
||||
## These override any local defaults built in to the resolver in use, which
|
||||
## may be defined in /etc/resolv.conf or hard-coded into the software.
|
||||
|
||||
# Nameservers addr1,addr2,...
|
||||
|
||||
## NoHeaderB { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## Suppresses addition of "header.b" tags on Authentication-Results
|
||||
## header fields.
|
||||
|
||||
# NoHeaderB no
|
||||
|
||||
## OmitHeaders dataset
|
||||
## default (none)
|
||||
##
|
||||
## Specifies a list of headers that should always be omitted when signing.
|
||||
## Header names should be separated by commas.
|
||||
|
||||
# OmitHeaders header1,header2,...
|
||||
|
||||
## On-...
|
||||
##
|
||||
## Specifies what to do when certain error conditions are encountered.
|
||||
##
|
||||
## See opendkim.conf(5) for more information.
|
||||
|
||||
# On-Default
|
||||
# On-BadSignature
|
||||
# On-DNSError
|
||||
# On-InternalError
|
||||
# On-NoSignature
|
||||
# On-Security
|
||||
# On-SignatureError
|
||||
|
||||
## OversignHeaders dataset
|
||||
## default (none)
|
||||
##
|
||||
## Specifies a set of header fields that should be included in all signature
|
||||
## header lists (the "h=" tag) once more than the number of times they were
|
||||
## actually present in the signed message. See opendkim.conf(5) for more
|
||||
## information.
|
||||
|
||||
# OverSignHeaders header1,header2,...
|
||||
|
||||
## PeerList dataset
|
||||
## default (none)
|
||||
##
|
||||
## Contains a list of IP addresses, CIDR blocks, hostnames or domain names
|
||||
## whose mail should be neither signed nor verified by this filter. See man
|
||||
## page for file format.
|
||||
|
||||
# PeerList filename
|
||||
|
||||
## PidFile filename
|
||||
## default (none)
|
||||
##
|
||||
## Name of the file where the filter should write its pid before beginning
|
||||
## normal operations.
|
||||
|
||||
# PidFile filename
|
||||
PidFile {{cfg.pid_file}}
|
||||
|
||||
## POPDBFile dataset
|
||||
## default (none)
|
||||
##
|
||||
## Names a database which should be checked for "POP before SMTP" records
|
||||
## as a form of authentication of users who may be sending mail through
|
||||
## the MTA for signing. Requires special compilation of the filter.
|
||||
## See opendkim.conf(5) for more information.
|
||||
|
||||
# POPDBFile filename
|
||||
|
||||
## Quarantine { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## Indicates whether or not the filter should arrange to quarantine mail
|
||||
## which fails verification. Intended for diagnostic use only.
|
||||
|
||||
# Quarantine No
|
||||
|
||||
## QueryCache { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## Instructs the DKIM library to maintain its own local cache of keys and
|
||||
## policies retrieved from DNS, rather than relying on the nameserver for
|
||||
## caching service. Useful if the nameserver being used by the filter is
|
||||
## not local. The filter must be compiled with the QUERY_CACHE flag to enable
|
||||
## this feature, since it adds a library dependency.
|
||||
|
||||
# QueryCache No
|
||||
|
||||
## RedirectFailuresTo address
|
||||
## default (none)
|
||||
##
|
||||
## Redirects signed messages to the specified address if none of the
|
||||
## signatures present failed to verify.
|
||||
|
||||
# RedirectFailuresTo postmaster@example.com
|
||||
|
||||
## RemoveARAll { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## Remove all Authentication-Results: headers on all arriving mail.
|
||||
|
||||
# RemoveARAll No
|
||||
|
||||
## RemoveARFrom dataset
|
||||
## default (none)
|
||||
##
|
||||
## Remove all Authentication-Results: headers on all arriving mail that
|
||||
## claim to have been added by hosts listed in this parameter. The list
|
||||
## should be comma-separated. Entire domains may be specified by preceding
|
||||
## the dopmain name by a single dot (".") character.
|
||||
|
||||
# RemoveARFrom host1,host2,.domain1,.domain2,...
|
||||
|
||||
## RemoveOldSignatures { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## Remove old signatures on messages, if any, when generating a signature.
|
||||
|
||||
# RemoveOldSignatures No
|
||||
|
||||
## ReportAddress addr
|
||||
## default (executing user)@(hostname)
|
||||
##
|
||||
## Specifies the sending address to be used on From: headers of outgoing
|
||||
## failure reports. By default, the e-mail address of the user executing
|
||||
## the filter is used.
|
||||
|
||||
# ReportAddress "DKIM Error Postmaster" <postmaster@example.com>
|
||||
|
||||
## ReportBccAddress addr
|
||||
## default (none)
|
||||
##
|
||||
## Specifies additional recipient address(es) to receive outgoing failure
|
||||
## reports.
|
||||
|
||||
# ReportBccAddress postmaster@example.com, john@example.com
|
||||
|
||||
## RequiredHeaders { yes | no }
|
||||
## default no
|
||||
##
|
||||
## Rejects messages which don't conform to RFC5322 header count requirements.
|
||||
|
||||
# RequiredHeaders No
|
||||
|
||||
## RequireSafeKeys { yes | no }
|
||||
## default yes
|
||||
##
|
||||
## Refuses to use key files that appear to have unsafe permissions.
|
||||
|
||||
# RequireSafeKeys Yes
|
||||
|
||||
## ResignAll { yes | no }
|
||||
## default no
|
||||
##
|
||||
## Where ResignMailTo triggers a re-signing action, this flag indicates
|
||||
## whether or not all mail should be signed (if set) versus only verified
|
||||
## mail being signed (if not set).
|
||||
|
||||
# ResignAll No
|
||||
|
||||
## ResignMailTo dataset
|
||||
## default (none)
|
||||
##
|
||||
## Checks each message recipient against the specified dataset for a
|
||||
## matching record. The full address is checked in each case, then the
|
||||
## hostname, then each domain preceded by ".". If there is a match, the
|
||||
## value returned is presumed to be the name of a key in the KeyTable
|
||||
## (if defined) to be used to re-sign the message in addition to
|
||||
## verifying it. If there is a match without a KeyTable, the default key
|
||||
## is applied.
|
||||
|
||||
# ResignMailTo dataset
|
||||
|
||||
## ResolverConfiguration string
|
||||
##
|
||||
## Passes arbitrary configuration data to the resolver. For the stock UNIX
|
||||
## resolver, this is ignored; for Unbound, it names a resolv.conf(5)-style
|
||||
## file that should be read for configuration information.
|
||||
|
||||
# ResolverConfiguration string
|
||||
|
||||
## ResolverTracing { yes | no }
|
||||
##
|
||||
## Requests enabling of resolver trace features, if available. The effect
|
||||
## of setting this flag depends on how trace features, if any, are implemented
|
||||
## in the resolver in use. Currently only effective when used with the
|
||||
## OpenDKIM asynchronous resolver.
|
||||
|
||||
# ResolverTracing no
|
||||
|
||||
## Selector name
|
||||
##
|
||||
## The name of the selector to use when signing. No default; must be
|
||||
## specified for signing.
|
||||
|
||||
Selector {{cfg.selector}}
|
||||
#my-selector-name
|
||||
|
||||
## SenderHeaders dataset
|
||||
## default (none)
|
||||
##
|
||||
## Overrides the default list of headers that will be used to determine
|
||||
## the sending domain when deciding whether to sign the message and with
|
||||
## with which key(s). See opendkim.conf(5) for details.
|
||||
|
||||
# SenderHeaders From
|
||||
|
||||
## SendReports { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## Specifies whether or not the filter should generate report mail back
|
||||
## to senders when verification fails and an address for such a purpose
|
||||
## is provided. See opendkim.conf(5) for details.
|
||||
|
||||
# SendReports No
|
||||
|
||||
## SignatureAlgorithm signalg
|
||||
## default "rsa-sha256"
|
||||
##
|
||||
## Signature algorithm to use when generating signatures. Must be either
|
||||
## "rsa-sha1" or "rsa-sha256".
|
||||
|
||||
# SignatureAlgorithm rsa-sha256
|
||||
|
||||
## SignatureTTL seconds
|
||||
## default "0"
|
||||
##
|
||||
## Specifies the lifetime in seconds of signatures generated by the
|
||||
## filter. A value of 0 means no expiration time is included in the
|
||||
## signature.
|
||||
|
||||
# SignatureTTL 0
|
||||
|
||||
## SignHeaders dataset
|
||||
## default (none)
|
||||
##
|
||||
## Specifies the list of headers which should be included when generating
|
||||
## signatures. The string should be a comma-separated list of header names.
|
||||
## See the opendkim.conf(5) man page for more information.
|
||||
|
||||
# SignHeaders header1,header2,...
|
||||
|
||||
## SigningTable dataset
|
||||
## default (none)
|
||||
##
|
||||
## Defines a dataset that will be queried for the message sender's address
|
||||
## to determine which private key(s) (if any) should be used to sign the
|
||||
## message. The sender is determined from the value of the sender
|
||||
## header fields as described with SenderHeaders above. The key for this
|
||||
## lookup should be an address or address pattern that matches senders;
|
||||
## see the opendkim.conf(5) man page for more information. The value
|
||||
## of the lookup should return the name of a key found in the KeyTable
|
||||
## that should be used to sign the message. If MultipleSignatures
|
||||
## is set, all possible lookup keys will be attempted which may result
|
||||
## in multiple signatures being applied.
|
||||
|
||||
# SigningTable filename
|
||||
|
||||
## SingleAuthResult { yes | no}
|
||||
## default "no"
|
||||
##
|
||||
## When DomainKeys verification is enabled, multiple Authentication-Results
|
||||
## will be added, one for DK and one for DKIM. With this enabled, only
|
||||
## a DKIM result will be reported unless DKIM failed but DK passed, in which
|
||||
## case only a DK result will be reported.
|
||||
|
||||
# SingleAuthResult no
|
||||
|
||||
## SMTPURI uri
|
||||
##
|
||||
## Specifies a URI (e.g., "smtp://localhost") to which mail should be sent
|
||||
## via SMTP when notifications are generated.
|
||||
|
||||
# Socket smtp://localhost
|
||||
|
||||
## Socket socketspec
|
||||
##
|
||||
## Names the socket where this filter should listen for milter connections
|
||||
## from the MTA. Required. Should be in one of these forms:
|
||||
##
|
||||
## inet:port@address to listen on a specific interface
|
||||
## inet:port to listen on all interfaces
|
||||
## local:/path/to/socket to listen on a UNIX domain socket
|
||||
|
||||
# Socket inet:port@localhost
|
||||
Socket {{cfg..milter_sock}}
|
||||
|
||||
## SoftwareHeader { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## Add a DKIM-Filter header field to messages passing through this filter
|
||||
## to identify messages it has processed.
|
||||
|
||||
# SoftwareHeader no
|
||||
|
||||
## StrictHeaders { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## Requests that the DKIM library refuse to process a message whose
|
||||
## header fields do not conform to the standards, in particular Section 3.6
|
||||
## of RFC5322.
|
||||
|
||||
# StrictHeaders no
|
||||
|
||||
## StrictTestMode { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## Selects strict CRLF mode during testing (see the "-t" command line
|
||||
## flag in the opendkim(8) man page). Messages for which all header
|
||||
## fields and body lines are not CRLF-terminated are considered malformed
|
||||
## and will produce an error.
|
||||
|
||||
# StrictTestMode no
|
||||
|
||||
## SubDomains { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## Sign for subdomains as well?
|
||||
|
||||
# SubDomains No
|
||||
|
||||
## Syslog { yes | no }
|
||||
## default "yes"
|
||||
##
|
||||
## Log informational and error activity to syslog?
|
||||
|
||||
Syslog Yes
|
||||
|
||||
## SyslogFacility facility
|
||||
## default "mail"
|
||||
##
|
||||
## Valid values are :
|
||||
## auth cron daemon kern lpr mail news security syslog user uucp
|
||||
## local0 local1 local2 local3 local4 local5 local6 local7
|
||||
##
|
||||
## syslog facility to be used
|
||||
|
||||
# SyslogFacility mail
|
||||
|
||||
## SyslogSuccess { yes | no }
|
||||
## default "no"
|
||||
##
|
||||
## Log success activity to syslog?
|
||||
|
||||
# SyslogSuccess No
|
||||
|
||||
## TemporaryDirectory path
|
||||
## default /tmp
|
||||
##
|
||||
## Specifies which directory will be used for creating temporary files
|
||||
## during message processing.
|
||||
|
||||
# TemporaryDirectory /tmp
|
||||
|
||||
## TestPublicKeys filename
|
||||
## default (none)
|
||||
##
|
||||
## Names a file from which public keys should be read. Intended for use
|
||||
## only during automated testing.
|
||||
|
||||
# TestPublicKeys /tmp/testkeys
|
||||
|
||||
## TrustAnchorFile filename
|
||||
## default (none)
|
||||
##
|
||||
## Specifies a file from which trust anchor data should be read when doing
|
||||
## DNS queries and applying the DNSSEC protocol. See the Unbound documentation
|
||||
## at http://unbound.net for the expected format of this file.
|
||||
|
||||
# TrustAnchorFile /var/named/trustanchor
|
||||
|
||||
## UMask mask
|
||||
## default (none)
|
||||
##
|
||||
## Change the process umask for file creation to the specified value.
|
||||
## The system has its own default which will be used (usually 022).
|
||||
## See the umask(2) man page for more information.
|
||||
|
||||
# UMask 022
|
||||
#UMask 022
|
||||
|
||||
|
||||
# UnboundConfigFile /var/named/unbound.conf
|
||||
|
||||
## Userid userid
|
||||
## default (none)
|
||||
##
|
||||
## Change to user "userid" before starting normal operation? May include
|
||||
## a group ID as well, separated from the userid by a colon.
|
||||
UserID {{cfg.uid }}:{{cfg.gid}}
|
|
@ -0,0 +1,709 @@
|
|||
#
|
||||
# Managed by CFEngine
|
||||
#
|
||||
|
||||
|
||||
# Global Postfix configuration file. This file lists only a subset
|
||||
# of all parameters. For the syntax, and for a complete parameter
|
||||
# list, see the postconf(5) manual page (command: "man 5 postconf").
|
||||
#
|
||||
# TIP: use the command "postconf -n" to view main.cf parameter
|
||||
# settings, "postconf parametername" to view a specific parameter,
|
||||
# and "postconf 'parametername=value'" to set a specific parameter.
|
||||
#
|
||||
# For common configuration examples, see BASIC_CONFIGURATION_README
|
||||
# and STANDARD_CONFIGURATION_README. To find these documents, use
|
||||
# the command "postconf html_directory readme_directory", or go to
|
||||
# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
|
||||
#
|
||||
# For best results, change no more than 2-3 parameters at a time,
|
||||
# and test if Postfix still works after every change.
|
||||
|
||||
# COMPATIBILITY
|
||||
#
|
||||
# The compatibility_level determines what default settings Postfix
|
||||
# will use for main.cf and master.cf settings. These defaults will
|
||||
# change over time.
|
||||
#
|
||||
# To avoid breaking things, Postfix will use backwards-compatible
|
||||
# default settings and log where it uses those old backwards-compatible
|
||||
# default settings, until the system administrator has determined
|
||||
# if any backwards-compatible default settings need to be made
|
||||
# permanent in main.cf or master.cf.
|
||||
#
|
||||
# When this review is complete, update the compatibility_level setting
|
||||
# below as recommended in the RELEASE_NOTES file.
|
||||
#
|
||||
# The level below is what should be used with new (not upgrade) installs.
|
||||
#
|
||||
#compatibility_level = 3.4
|
||||
|
||||
# SOFT BOUNCE
|
||||
#
|
||||
# The soft_bounce parameter provides a limited safety net for
|
||||
# testing. When soft_bounce is enabled, mail will remain queued that
|
||||
# would otherwise bounce. This parameter disables locally-generated
|
||||
# bounces, and prevents the SMTP server from rejecting mail permanently
|
||||
# (by changing 5xx replies into 4xx replies). However, soft_bounce
|
||||
# is no cure for address rewriting mistakes or mail routing mistakes.
|
||||
#
|
||||
#soft_bounce = no
|
||||
|
||||
# LOCAL PATHNAME INFORMATION
|
||||
#
|
||||
# The queue_directory specifies the location of the Postfix queue.
|
||||
# This is also the root directory of Postfix daemons that run chrooted.
|
||||
# See the files in examples/chroot-setup for setting up Postfix chroot
|
||||
# environments on different UNIX systems.
|
||||
#
|
||||
queue_directory = {{vars.postfix.queue_dir}}
|
||||
|
||||
# The command_directory parameter specifies the location of all
|
||||
# postXXX commands.
|
||||
#
|
||||
command_directory = {{vars.postfix.sbin_dir}}
|
||||
|
||||
# The daemon_directory parameter specifies the location of all Postfix
|
||||
# daemon programs (i.e. programs listed in the master.cf file). This
|
||||
# directory must be owned by root.
|
||||
#
|
||||
daemon_directory = {{vars.postfix.daemon_dir}}
|
||||
|
||||
# The data_directory parameter specifies the location of Postfix-writable
|
||||
# data files (caches, random numbers). This directory must be owned
|
||||
# by the mail_owner account (see below).
|
||||
#
|
||||
data_directory = {{vars.postfix.data_dir}}
|
||||
|
||||
# QUEUE AND PROCESS OWNERSHIP
|
||||
#
|
||||
# The mail_owner parameter specifies the owner of the Postfix queue
|
||||
# and of most Postfix daemon processes. Specify the name of a user
|
||||
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
|
||||
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
|
||||
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
|
||||
# USER.
|
||||
#
|
||||
mail_owner = {{vars.postfix.mail_owner}}
|
||||
|
||||
# The default_privs parameter specifies the default rights used by
|
||||
# the local delivery agent for delivery to external file or command.
|
||||
# These rights are used in the absence of a recipient user context.
|
||||
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
|
||||
#
|
||||
#default_privs = nobody
|
||||
|
||||
# INTERNET HOST AND DOMAIN NAMES
|
||||
#
|
||||
# The myhostname parameter specifies the internet hostname of this
|
||||
# mail system. The default is to use the fully-qualified domain name
|
||||
# from gethostname(). $myhostname is used as a default value for many
|
||||
# other configuration parameters.
|
||||
#
|
||||
#myhostname = host.domain.tld
|
||||
#myhostname = virtual.domain.tld
|
||||
|
||||
# The mydomain parameter specifies the local internet domain name.
|
||||
# The default is to use $myhostname minus the first component.
|
||||
# $mydomain is used as a default value for many other configuration
|
||||
# parameters.
|
||||
#
|
||||
#mydomain = domain.tld
|
||||
|
||||
# SENDING MAIL
|
||||
#
|
||||
# The myorigin parameter specifies the domain that locally-posted
|
||||
# mail appears to come from. The default is to append $myhostname,
|
||||
# which is fine for small sites. If you run a domain with multiple
|
||||
# machines, you should (1) change this to $mydomain and (2) set up
|
||||
# a domain-wide alias database that aliases each user to
|
||||
# user@that.users.mailhost.
|
||||
#
|
||||
# For the sake of consistency between sender and recipient addresses,
|
||||
# myorigin also specifies the default domain name that is appended
|
||||
# to recipient addresses that have no @domain part.
|
||||
#
|
||||
#myorigin = $myhostname
|
||||
#myorigin = $mydomain
|
||||
|
||||
# RECEIVING MAIL
|
||||
|
||||
# The inet_interfaces parameter specifies the network interface
|
||||
# addresses that this mail system receives mail on. By default,
|
||||
# the software claims all active interfaces on the machine. The
|
||||
# parameter also controls delivery of mail to user@[ip.address].
|
||||
#
|
||||
# See also the proxy_interfaces parameter, for network addresses that
|
||||
# are forwarded to us via a proxy or network address translator.
|
||||
#
|
||||
# Note: you need to stop/start Postfix when this parameter changes.
|
||||
#
|
||||
#inet_interfaces = all
|
||||
#inet_interfaces = $myhostname
|
||||
#inet_interfaces = $myhostname, localhost
|
||||
|
||||
# The proxy_interfaces parameter specifies the network interface
|
||||
# addresses that this mail system receives mail on by way of a
|
||||
# proxy or network address translation unit. This setting extends
|
||||
# the address list specified with the inet_interfaces parameter.
|
||||
#
|
||||
# You must specify your proxy/NAT addresses when your system is a
|
||||
# backup MX host for other domains, otherwise mail delivery loops
|
||||
# will happen when the primary MX host is down.
|
||||
#
|
||||
#proxy_interfaces =
|
||||
#proxy_interfaces = 1.2.3.4
|
||||
|
||||
# The mydestination parameter specifies the list of domains that this
|
||||
# machine considers itself the final destination for.
|
||||
#
|
||||
# These domains are routed to the delivery agent specified with the
|
||||
# local_transport parameter setting. By default, that is the UNIX
|
||||
# compatible delivery agent that lookups all recipients in /etc/passwd
|
||||
# and /etc/aliases or their equivalent.
|
||||
#
|
||||
# The default is $myhostname + localhost.$mydomain + localhost. On
|
||||
# a mail domain gateway, you should also include $mydomain.
|
||||
#
|
||||
# Do not specify the names of virtual domains - those domains are
|
||||
# specified elsewhere (see VIRTUAL_README).
|
||||
#
|
||||
# Do not specify the names of domains that this machine is backup MX
|
||||
# host for. Specify those names via the relay_domains settings for
|
||||
# the SMTP server, or use permit_mx_backup if you are lazy (see
|
||||
# STANDARD_CONFIGURATION_README).
|
||||
#
|
||||
# The local machine is always the final destination for mail addressed
|
||||
# to user@[the.net.work.address] of an interface that the mail system
|
||||
# receives mail on (see the inet_interfaces parameter).
|
||||
#
|
||||
# Specify a list of host or domain names, /file/name or type:table
|
||||
# patterns, separated by commas and/or whitespace. A /file/name
|
||||
# pattern is replaced by its contents; a type:table is matched when
|
||||
# a name matches a lookup key (the right-hand side is ignored).
|
||||
# Continue long lines by starting the next line with whitespace.
|
||||
#
|
||||
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
|
||||
#
|
||||
#mydestination = $myhostname, localhost.$mydomain, localhost
|
||||
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
|
||||
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
|
||||
# mail.$mydomain, www.$mydomain, ftp.$mydomain
|
||||
|
||||
mydestination = {{#vars.postfix.cfg.mydestination}} {{.}} {{/vars.postfix.cfg.mydestination}}
|
||||
|
||||
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
|
||||
#
|
||||
# The local_recipient_maps parameter specifies optional lookup tables
|
||||
# with all names or addresses of users that are local with respect
|
||||
# to $mydestination, $inet_interfaces or $proxy_interfaces.
|
||||
#
|
||||
# If this parameter is defined, then the SMTP server will reject
|
||||
# mail for unknown local users. This parameter is defined by default.
|
||||
#
|
||||
# To turn off local recipient checking in the SMTP server, specify
|
||||
# local_recipient_maps = (i.e. empty).
|
||||
#
|
||||
# The default setting assumes that you use the default Postfix local
|
||||
# delivery agent for local delivery. You need to update the
|
||||
# local_recipient_maps setting if:
|
||||
#
|
||||
# - You define $mydestination domain recipients in files other than
|
||||
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
|
||||
# For example, you define $mydestination domain recipients in
|
||||
# the $virtual_mailbox_maps files.
|
||||
#
|
||||
# - You redefine the local delivery agent in master.cf.
|
||||
#
|
||||
# - You redefine the "local_transport" setting in main.cf.
|
||||
#
|
||||
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
|
||||
# feature of the Postfix local delivery agent (see local(8)).
|
||||
#
|
||||
# Details are described in the LOCAL_RECIPIENT_README file.
|
||||
#
|
||||
# Beware: if the Postfix SMTP server runs chrooted, you probably have
|
||||
# to access the passwd file via the proxymap service, in order to
|
||||
# overcome chroot restrictions. The alternative, having a copy of
|
||||
# the system passwd file in the chroot jail is just not practical.
|
||||
#
|
||||
# The right-hand side of the lookup tables is conveniently ignored.
|
||||
# In the left-hand side, specify a bare username, an @domain.tld
|
||||
# wild-card, or specify a user@domain.tld address.
|
||||
#
|
||||
#local_recipient_maps = unix:passwd.byname $alias_maps
|
||||
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
|
||||
#local_recipient_maps =
|
||||
|
||||
# The unknown_local_recipient_reject_code specifies the SMTP server
|
||||
# response code when a recipient domain matches $mydestination or
|
||||
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
|
||||
# and the recipient address or address local-part is not found.
|
||||
#
|
||||
# The default setting is 550 (reject mail) but it is safer to start
|
||||
# with 450 (try again later) until you are certain that your
|
||||
# local_recipient_maps settings are OK.
|
||||
#
|
||||
unknown_local_recipient_reject_code = 550
|
||||
|
||||
# TRUST AND RELAY CONTROL
|
||||
|
||||
# The mynetworks parameter specifies the list of "trusted" SMTP
|
||||
# clients that have more privileges than "strangers".
|
||||
#
|
||||
# In particular, "trusted" SMTP clients are allowed to relay mail
|
||||
# through Postfix. See the smtpd_recipient_restrictions parameter
|
||||
# in postconf(5).
|
||||
#
|
||||
# You can specify the list of "trusted" network addresses by hand
|
||||
# or you can let Postfix do it for you (which is the default).
|
||||
#
|
||||
# By default (mynetworks_style = host), Postfix "trusts" only
|
||||
# the local machine.
|
||||
#
|
||||
# Specify "mynetworks_style = subnet" when Postfix should "trust"
|
||||
# SMTP clients in the same IP subnetworks as the local machine.
|
||||
# On Linux, this works correctly only with interfaces specified
|
||||
# with the "ifconfig" or "ip" command.
|
||||
#
|
||||
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
|
||||
# clients in the same IP class A/B/C networks as the local machine.
|
||||
# Don't do this with a dialup site - it would cause Postfix to "trust"
|
||||
# your entire provider's network. Instead, specify an explicit
|
||||
# mynetworks list by hand, as described below.
|
||||
#
|
||||
# Specify "mynetworks_style = host" when Postfix should "trust"
|
||||
# only the local machine.
|
||||
#
|
||||
#mynetworks_style = class
|
||||
#mynetworks_style = subnet
|
||||
mynetworks_style = host
|
||||
|
||||
# Alternatively, you can specify the mynetworks list by hand, in
|
||||
# which case Postfix ignores the mynetworks_style setting.
|
||||
#
|
||||
# Specify an explicit list of network/netmask patterns, where the
|
||||
# mask specifies the number of bits in the network part of a host
|
||||
# address.
|
||||
#
|
||||
# You can also specify the absolute pathname of a pattern file instead
|
||||
# of listing the patterns here. Specify type:table for table-based lookups
|
||||
# (the value on the table right-hand side is not used).
|
||||
#
|
||||
#mynetworks = 168.100.3.0/28, 127.0.0.0/8
|
||||
#mynetworks = $config_directory/mynetworks
|
||||
#mynetworks = hash:$config_directory/network_table
|
||||
|
||||
# The relay_domains parameter restricts what destinations this system will
|
||||
# relay mail to. See the smtpd_relay_restrictions and
|
||||
# smtpd_recipient_restrictions descriptions in postconf(5) for detailed
|
||||
# information.
|
||||
#
|
||||
# By default, Postfix relays mail
|
||||
# - from "trusted" clients (IP address matches $mynetworks, or is
|
||||
# SASL authenticated) to any destination,
|
||||
# - from "untrusted" clients to destinations that match $relay_domains or
|
||||
# subdomains thereof, except addresses with sender-specified routing.
|
||||
# The default relay_domains value is empty.
|
||||
#
|
||||
# In addition to the above, the Postfix SMTP server by default accepts mail
|
||||
# that Postfix is final destination for:
|
||||
# - destinations that match $inet_interfaces or $proxy_interfaces,
|
||||
# - destinations that match $mydestination
|
||||
# - destinations that match $virtual_alias_domains,
|
||||
# - destinations that match $virtual_mailbox_domains.
|
||||
# These destinations do not need to be listed in $relay_domains.
|
||||
#
|
||||
# Specify a list of hosts or domains, /file/name patterns or type:name
|
||||
# lookup tables, separated by commas and/or whitespace. Continue
|
||||
# long lines by starting the next line with whitespace. A file name
|
||||
# is replaced by its contents; a type:name table is matched when a
|
||||
# (parent) domain appears as lookup key.
|
||||
#
|
||||
# NOTE: Postfix will not automatically forward mail for domains that
|
||||
# list this system as their primary or backup MX host. See the
|
||||
# permit_mx_backup restriction description in postconf(5).
|
||||
#
|
||||
#relay_domains =
|
||||
|
||||
# INTERNET OR INTRANET
|
||||
|
||||
# The relayhost parameter specifies the default host to send mail to
|
||||
# when no entry is matched in the optional transport(5) table. When
|
||||
# no relayhost is given, mail is routed directly to the destination.
|
||||
#
|
||||
# On an intranet, specify the organizational domain name. If your
|
||||
# internal DNS uses no MX records, specify the name of the intranet
|
||||
# gateway host instead.
|
||||
#
|
||||
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
|
||||
# [address] or [address]:port; the form [host] turns off MX lookups.
|
||||
#
|
||||
# If you're connected via UUCP, see also the default_transport parameter.
|
||||
#
|
||||
#relayhost = $mydomain
|
||||
#relayhost = [gateway.my.domain]
|
||||
#relayhost = [mailserver.isp.tld]
|
||||
#relayhost = uucphost
|
||||
#relayhost = [an.ip.add.ress]
|
||||
|
||||
# REJECTING UNKNOWN RELAY USERS
|
||||
#
|
||||
# The relay_recipient_maps parameter specifies optional lookup tables
|
||||
# with all addresses in the domains that match $relay_domains.
|
||||
#
|
||||
# If this parameter is defined, then the SMTP server will reject
|
||||
# mail for unknown relay users. This feature is off by default.
|
||||
#
|
||||
# The right-hand side of the lookup tables is conveniently ignored.
|
||||
# In the left-hand side, specify an @domain.tld wild-card, or specify
|
||||
# a user@domain.tld address.
|
||||
#
|
||||
#relay_recipient_maps = hash:$config_directory/relay_recipients
|
||||
|
||||
# INPUT RATE CONTROL
|
||||
#
|
||||
# The in_flow_delay configuration parameter implements mail input
|
||||
# flow control. This feature is turned on by default, although it
|
||||
# still needs further development (it's disabled on SCO UNIX due
|
||||
# to an SCO bug).
|
||||
#
|
||||
# A Postfix process will pause for $in_flow_delay seconds before
|
||||
# accepting a new message, when the message arrival rate exceeds the
|
||||
# message delivery rate. With the default 100 SMTP server process
|
||||
# limit, this limits the mail inflow to 100 messages a second more
|
||||
# than the number of messages delivered per second.
|
||||
#
|
||||
# Specify 0 to disable the feature. Valid delays are 0..10.
|
||||
#
|
||||
#in_flow_delay = 1s
|
||||
|
||||
# ADDRESS REWRITING
|
||||
#
|
||||
# The ADDRESS_REWRITING_README document gives information about
|
||||
# address masquerading or other forms of address rewriting including
|
||||
# username->Firstname.Lastname mapping.
|
||||
|
||||
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
|
||||
#
|
||||
# The VIRTUAL_README document gives information about the many forms
|
||||
# of domain hosting that Postfix supports.
|
||||
|
||||
# "USER HAS MOVED" BOUNCE MESSAGES
|
||||
#
|
||||
# See the discussion in the ADDRESS_REWRITING_README document.
|
||||
|
||||
# TRANSPORT MAP
|
||||
#
|
||||
# See the discussion in the ADDRESS_REWRITING_README document.
|
||||
|
||||
# ALIAS DATABASE
|
||||
#
|
||||
# The alias_maps parameter specifies the list of alias databases used
|
||||
# by the local delivery agent. The default list is system dependent.
|
||||
#
|
||||
# On systems with NIS, the default is to search the local alias
|
||||
# database, then the NIS alias database. See aliases(5) for syntax
|
||||
# details.
|
||||
#
|
||||
# If you change the alias database, run "postalias /etc/aliases" (or
|
||||
# wherever your system stores the mail alias file), or simply run
|
||||
# "newaliases" to build the necessary DBM or DB file.
|
||||
#
|
||||
# It will take a minute or so before changes become visible. Use
|
||||
# "postfix reload" to eliminate the delay.
|
||||
#
|
||||
#alias_maps = dbm:/etc/aliases
|
||||
#alias_maps = hash:/etc/mail/aliases
|
||||
#alias_maps = hash:/etc/aliases, nis:mail.aliases
|
||||
#alias_maps = netinfo:/aliases
|
||||
|
||||
# The alias_database parameter specifies the alias database(s) that
|
||||
# are built with "newaliases" or "sendmail -bi". This is a separate
|
||||
# configuration parameter, because alias_maps (see above) may specify
|
||||
# tables that are not necessarily all under control by Postfix.
|
||||
#
|
||||
#alias_database = dbm:/etc/aliases
|
||||
#alias_database = hash:/etc/mail/aliases
|
||||
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
|
||||
|
||||
# ADDRESS EXTENSIONS (e.g., user+foo)
|
||||
#
|
||||
# The recipient_delimiter parameter specifies the separator between
|
||||
# user names and address extensions (user+foo). See canonical(5),
|
||||
# local(8), relocated(5) and virtual(5) for the effects this has on
|
||||
# aliases, canonical, virtual, relocated and .forward file lookups.
|
||||
# Basically, the software tries user+foo and .forward+foo before
|
||||
# trying user and .forward.
|
||||
#
|
||||
#recipient_delimiter = +
|
||||
|
||||
# DELIVERY TO MAILBOX
|
||||
#
|
||||
# The home_mailbox parameter specifies the optional pathname of a
|
||||
# mailbox file relative to a user's home directory. The default
|
||||
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
|
||||
# "Maildir/" for qmail-style delivery (the / is required).
|
||||
#
|
||||
#home_mailbox = Mailbox
|
||||
#home_mailbox = Maildir/
|
||||
|
||||
# The mail_spool_directory parameter specifies the directory where
|
||||
# UNIX-style mailboxes are kept. The default setting depends on the
|
||||
# system type.
|
||||
#
|
||||
#mail_spool_directory = /var/mail
|
||||
#mail_spool_directory = /var/spool/mail
|
||||
|
||||
# The mailbox_command parameter specifies the optional external
|
||||
# command to use instead of mailbox delivery. The command is run as
|
||||
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
|
||||
# Exception: delivery for root is done as $default_user.
|
||||
#
|
||||
# Other environment variables of interest: USER (recipient username),
|
||||
# EXTENSION (address extension), DOMAIN (domain part of address),
|
||||
# and LOCAL (the address localpart).
|
||||
#
|
||||
# Unlike other Postfix configuration parameters, the mailbox_command
|
||||
# parameter is not subjected to $parameter substitutions. This is to
|
||||
# make it easier to specify shell syntax (see example below).
|
||||
#
|
||||
# Avoid shell meta characters because they will force Postfix to run
|
||||
# an expensive shell process. Procmail alone is expensive enough.
|
||||
#
|
||||
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
|
||||
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
|
||||
#
|
||||
#mailbox_command = /some/where/procmail
|
||||
#mailbox_command = /some/where/procmail -a "$EXTENSION"
|
||||
|
||||
# The mailbox_transport specifies the optional transport in master.cf
|
||||
# to use after processing aliases and .forward files. This parameter
|
||||
# has precedence over the mailbox_command, fallback_transport and
|
||||
# luser_relay parameters.
|
||||
#
|
||||
# Specify a string of the form transport:nexthop, where transport is
|
||||
# the name of a mail delivery transport defined in master.cf. The
|
||||
# :nexthop part is optional. For more details see the sample transport
|
||||
# configuration file.
|
||||
#
|
||||
# NOTE: if you use this feature for accounts not in the UNIX password
|
||||
# file, then you must update the "local_recipient_maps" setting in
|
||||
# the main.cf file, otherwise the SMTP server will reject mail for
|
||||
# non-UNIX accounts with "User unknown in local recipient table".
|
||||
#
|
||||
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
|
||||
# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
|
||||
#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
|
||||
#
|
||||
# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
|
||||
# subsequent line in master.cf.
|
||||
#mailbox_transport = cyrus
|
||||
|
||||
# The fallback_transport specifies the optional transport in master.cf
|
||||
# to use for recipients that are not found in the UNIX passwd database.
|
||||
# This parameter has precedence over the luser_relay parameter.
|
||||
#
|
||||
# Specify a string of the form transport:nexthop, where transport is
|
||||
# the name of a mail delivery transport defined in master.cf. The
|
||||
# :nexthop part is optional. For more details see the sample transport
|
||||
# configuration file.
|
||||
#
|
||||
# NOTE: if you use this feature for accounts not in the UNIX password
|
||||
# file, then you must update the "local_recipient_maps" setting in
|
||||
# the main.cf file, otherwise the SMTP server will reject mail for
|
||||
# non-UNIX accounts with "User unknown in local recipient table".
|
||||
#
|
||||
#fallback_transport = lmtp:unix:/file/name
|
||||
#fallback_transport = cyrus
|
||||
#fallback_transport =
|
||||
|
||||
# The luser_relay parameter specifies an optional destination address
|
||||
# for unknown recipients. By default, mail for unknown@$mydestination,
|
||||
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
|
||||
# as undeliverable.
|
||||
#
|
||||
# The following expansions are done on luser_relay: $user (recipient
|
||||
# username), $shell (recipient shell), $home (recipient home directory),
|
||||
# $recipient (full recipient address), $extension (recipient address
|
||||
# extension), $domain (recipient domain), $local (entire recipient
|
||||
# localpart), $recipient_delimiter. Specify ${name?value} or
|
||||
# ${name:value} to expand value only when $name does (does not) exist.
|
||||
#
|
||||
# luser_relay works only for the default Postfix local delivery agent.
|
||||
#
|
||||
# NOTE: if you use this feature for accounts not in the UNIX password
|
||||
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
|
||||
# the main.cf file, otherwise the SMTP server will reject mail for
|
||||
# non-UNIX accounts with "User unknown in local recipient table".
|
||||
#
|
||||
#luser_relay = $user@other.host
|
||||
#luser_relay = $local@other.host
|
||||
#luser_relay = admin+$local
|
||||
|
||||
# JUNK MAIL CONTROLS
|
||||
#
|
||||
# The controls listed here are only a very small subset. The file
|
||||
# SMTPD_ACCESS_README provides an overview.
|
||||
|
||||
# The header_checks parameter specifies an optional table with patterns
|
||||
# that each logical message header is matched against, including
|
||||
# headers that span multiple physical lines.
|
||||
#
|
||||
# By default, these patterns also apply to MIME headers and to the
|
||||
# headers of attached messages. With older Postfix versions, MIME and
|
||||
# attached message headers were treated as body text.
|
||||
#
|
||||
# For details, see "man header_checks".
|
||||
#
|
||||
#header_checks = regexp:$config_directory/header_checks
|
||||
|
||||
# FAST ETRN SERVICE
|
||||
#
|
||||
# Postfix maintains per-destination logfiles with information about
|
||||
# deferred mail, so that mail can be flushed quickly with the SMTP
|
||||
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
|
||||
# See the ETRN_README document for a detailed description.
|
||||
#
|
||||
# The fast_flush_domains parameter controls what destinations are
|
||||
# eligible for this service. By default, they are all domains that
|
||||
# this server is willing to relay mail to.
|
||||
#
|
||||
#fast_flush_domains = $relay_domains
|
||||
|
||||
# SHOW SOFTWARE VERSION OR NOT
|
||||
#
|
||||
# The smtpd_banner parameter specifies the text that follows the 220
|
||||
# code in the SMTP server's greeting banner. Some people like to see
|
||||
# the mail version advertised. By default, Postfix shows no version.
|
||||
#
|
||||
# You MUST specify $myhostname at the start of the text. That is an
|
||||
# RFC requirement. Postfix itself does not care.
|
||||
#
|
||||
#smtpd_banner = $myhostname ESMTP $mail_name
|
||||
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
|
||||
|
||||
# PARALLEL DELIVERY TO THE SAME DESTINATION
|
||||
#
|
||||
# How many parallel deliveries to the same user or domain? With local
|
||||
# delivery, it does not make sense to do massively parallel delivery
|
||||
# to the same user, because mailbox updates must happen sequentially,
|
||||
# and expensive pipelines in .forward files can cause disasters when
|
||||
# too many are run at the same time. With SMTP deliveries, 10
|
||||
# simultaneous connections to the same domain could be sufficient to
|
||||
# raise eyebrows.
|
||||
#
|
||||
# Each message delivery transport has its XXX_destination_concurrency_limit
|
||||
# parameter. The default is $default_destination_concurrency_limit for
|
||||
# most delivery transports. For the local delivery agent the default is 2.
|
||||
|
||||
#local_destination_concurrency_limit = 2
|
||||
#default_destination_concurrency_limit = 20
|
||||
|
||||
# DEBUGGING CONTROL
|
||||
#
|
||||
# The debug_peer_level parameter specifies the increment in verbose
|
||||
# logging level when an SMTP client or server host name or address
|
||||
# matches a pattern in the debug_peer_list parameter.
|
||||
#
|
||||
debug_peer_level = 2
|
||||
|
||||
# The debug_peer_list parameter specifies an optional list of domain
|
||||
# or network patterns, /file/name patterns or type:name tables. When
|
||||
# an SMTP client or server host name or address matches a pattern,
|
||||
# increase the verbose logging level by the amount specified in the
|
||||
# debug_peer_level parameter.
|
||||
#
|
||||
#debug_peer_list = 127.0.0.1
|
||||
#debug_peer_list = some.domain
|
||||
|
||||
# The debugger_command specifies the external command that is executed
|
||||
# when a Postfix daemon program is run with the -D option.
|
||||
#
|
||||
# Use "command .. & sleep 5" so that the debugger can attach before
|
||||
# the process marches on. If you use an X-based debugger, be sure to
|
||||
# set up your XAUTHORITY environment variable before starting Postfix.
|
||||
#
|
||||
debugger_command =
|
||||
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
|
||||
ddd $daemon_directory/$process_name $process_id & sleep 5
|
||||
|
||||
# If you can't use X, use this to capture the call stack when a
|
||||
# daemon crashes. The result is in a file in the configuration
|
||||
# directory, and is named after the process name and the process ID.
|
||||
#
|
||||
# debugger_command =
|
||||
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
|
||||
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
|
||||
# >$config_directory/$process_name.$process_id.log & sleep 5
|
||||
#
|
||||
# Another possibility is to run gdb under a detached screen session.
|
||||
# To attach to the screen session, su root and run "screen -r
|
||||
# <id_string>" where <id_string> uniquely matches one of the detached
|
||||
# sessions (from "screen -list").
|
||||
#
|
||||
# debugger_command =
|
||||
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
|
||||
# -dmS $process_name gdb $daemon_directory/$process_name
|
||||
# $process_id & sleep 1
|
||||
|
||||
# INSTALL-TIME CONFIGURATION INFORMATION
|
||||
#
|
||||
# The following parameters are used when installing a new Postfix version.
|
||||
#
|
||||
# sendmail_path: The full pathname of the Postfix sendmail command.
|
||||
# This is the Sendmail-compatible mail posting interface.
|
||||
#
|
||||
sendmail_path = {{vars.postfix.sbin_dir}}/sendmail
|
||||
|
||||
# newaliases_path: The full pathname of the Postfix newaliases command.
|
||||
# This is the Sendmail-compatible command to build alias databases.
|
||||
#
|
||||
newaliases_path = {{vars.postfix.bin_dir}}/newaliases
|
||||
|
||||
# mailq_path: The full pathname of the Postfix mailq command. This
|
||||
# is the Sendmail-compatible mail queue listing command.
|
||||
#
|
||||
mailq_path = {{vars.postfix.bin_dir}}/mailq
|
||||
|
||||
# setgid_group: The group for mail submission and queue management
|
||||
# commands. This must be a group name with a numerical group ID that
|
||||
# is not shared with other accounts, not even with the Postfix account.
|
||||
#
|
||||
setgid_group = {{vars.postfix.mail_group}}
|
||||
|
||||
# html_directory: The location of the Postfix HTML documentation.
|
||||
#
|
||||
#html_directory = /usr/local/share/doc/postfix
|
||||
|
||||
# manpage_directory: The location of the Postfix on-line manual pages.
|
||||
#
|
||||
#manpage_directory = /usr/local/man
|
||||
|
||||
# sample_directory: The location of the Postfix sample configuration files.
|
||||
# This parameter is obsolete as of Postfix 2.1.
|
||||
#
|
||||
#sample_directory = /usr/local/etc/postfix
|
||||
|
||||
# readme_directory: The location of the Postfix README files.
|
||||
#
|
||||
#readme_directory = /usr/local/share/doc/postfix
|
||||
inet_protocols = all
|
||||
|
||||
# smtp CA path (default to system-wide location)
|
||||
smtp_tls_CApath = /etc/ssl/certs
|
||||
#meta_directory = /usr/local/libexec/postfix
|
||||
#shlib_directory = /usr/local/lib/postfix
|
||||
#
|
||||
#
|
||||
milter_default_action = reject
|
||||
|
||||
#cyrus_sasl_config_path = /usr/local/lib/sasl2
|
||||
#
|
||||
#
|
||||
#
|
||||
#
|
||||
non_smtpd_milters = {{#vars.postfix.cfg.non_smtpd_milters}} {{.}}{{/vars.postfix.cfg.non_smtpd_milters}}
|
||||
|
||||
{{vars.postfix.cfg.main_raw}}
|
||||
|
|
@ -0,0 +1,132 @@
|
|||
#
|
||||
# Managed by CFEngine
|
||||
#
|
||||
|
||||
#
|
||||
# Postfix master process configuration file. For details on the format
|
||||
# of the file, see the master(5) manual page (command: "man 5 master" or
|
||||
# on-line: http://www.postfix.org/master.5.html).
|
||||
#
|
||||
# Do not forget to execute "postfix reload" after editing this file.
|
||||
#
|
||||
# ==========================================================================
|
||||
# service type private unpriv chroot wakeup maxproc command + args
|
||||
# (yes) (yes) (no) (never) (100)
|
||||
# ==========================================================================
|
||||
#smtp inet n - n - - smtpd
|
||||
#smtp inet n - n - 1 postscreen
|
||||
#smtpd pass - - n - - smtpd
|
||||
#
|
||||
|
||||
#628 inet n - n - - qmqpd
|
||||
pickup unix n - n 60 1 pickup
|
||||
cleanup unix n - n - 0 cleanup
|
||||
qmgr unix n - n 300 1 qmgr
|
||||
#qmgr unix n - n 300 1 oqmgr
|
||||
tlsmgr unix - - n 1000? 1 tlsmgr
|
||||
rewrite unix - - n - - trivial-rewrite
|
||||
bounce unix - - n - 0 bounce
|
||||
defer unix - - n - 0 bounce
|
||||
trace unix - - n - 0 bounce
|
||||
verify unix - - n - 1 verify
|
||||
flush unix n - n 1000? 0 flush
|
||||
proxymap unix - - n - - proxymap
|
||||
proxywrite unix - - n - 1 proxymap
|
||||
smtp unix - - n - - smtp
|
||||
relay unix - - n - - smtp
|
||||
-o syslog_name=postfix/$service_name
|
||||
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
|
||||
showq unix n - n - - showq
|
||||
error unix - - n - - error
|
||||
retry unix - - n - - error
|
||||
discard unix - - n - - discard
|
||||
local unix - n n - - local
|
||||
virtual unix - n n - - virtual
|
||||
lmtp unix - - n - - lmtp
|
||||
anvil unix - - n - 1 anvil
|
||||
scache unix - - n - 1 scache
|
||||
postlog unix-dgram n - n - 1 postlogd
|
||||
|
||||
{{#vars.postfix.cfg.services}}
|
||||
#
|
||||
# {{comment}}
|
||||
#
|
||||
{{@}} {{type}} {{private}} {{unpriv}} {{chroot}} {{wakeup}} {{maxproc}} {{command}}
|
||||
{{#args}}
|
||||
{{{.}}}
|
||||
{{/args}}
|
||||
{{/vars.postfix.cfg.services}}
|
||||
|
||||
# CFEngine Raw Start
|
||||
{{{vars.postfix.cfg.master_raw}}}
|
||||
# CFEngine Raw End
|
||||
|
||||
|
||||
#
|
||||
# ====================================================================
|
||||
# Interfaces to non-Postfix software. Be sure to examine the manual
|
||||
# pages of the non-Postfix software to find out what options it wants.
|
||||
#
|
||||
# Many of the following services use the Postfix pipe(8) delivery
|
||||
# agent. See the pipe(8) man page for information about \dollar{recipient}
|
||||
# and other message envelope options.
|
||||
# ====================================================================
|
||||
#
|
||||
# maildrop. See the Postfix MAILDROP_README file for details.
|
||||
# Also specify in main.cf: maildrop_destination_recipient_limit=1
|
||||
#
|
||||
#maildrop unix - n n - - pipe
|
||||
# flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d \dollar{recipient}
|
||||
#
|
||||
# ====================================================================
|
||||
#
|
||||
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
|
||||
#
|
||||
# Specify in cyrus.conf:
|
||||
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
|
||||
#
|
||||
# Specify in main.cf one or more of the following:
|
||||
# mailbox_transport = lmtp:inet:localhost
|
||||
# virtual_transport = lmtp:inet:localhost
|
||||
#
|
||||
# ====================================================================
|
||||
#
|
||||
# Cyrus 2.1.5 (Amos Gouaux)
|
||||
# Also specify in main.cf: cyrus_destination_recipient_limit=1
|
||||
#
|
||||
# cyrus unix - n n - - pipe
|
||||
# flags=DRX user=cyrus argv=/usr/local/cyrus/bin/deliver -e -r \dollar{sender} -m \dollar{extension} \dollar{user}
|
||||
#
|
||||
# ====================================================================
|
||||
#
|
||||
# Old example of delivery via Cyrus.
|
||||
#
|
||||
#old-cyrus unix - n n - - pipe
|
||||
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m \dollar{extension} \dollar{user}
|
||||
#
|
||||
# ====================================================================
|
||||
#
|
||||
# See the Postfix UUCP_README file for configuration details.
|
||||
#
|
||||
#uucp unix - n n - - pipe
|
||||
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
|
||||
#
|
||||
# ====================================================================
|
||||
#
|
||||
# Other external delivery methods.
|
||||
#
|
||||
#ifmail unix - n n - - pipe
|
||||
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
|
||||
#
|
||||
#bsmtp unix - n n - - pipe
|
||||
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
|
||||
#
|
||||
#scalemail-backend unix - n n - 2 pipe
|
||||
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
|
||||
# \dollar{nexthop} \dollar{user} \dollar{extension}
|
||||
#
|
||||
#mailman unix - n n - - pipe
|
||||
# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
|
||||
# \dollar{nexthop} \dollar{user}
|
||||
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
#--- [% list.name %]@[% list.domain %]: list transport map created at [% date %]
|
||||
[% list.name %]@[% list.domain %] sympa:[% list.name %]@[% list.domain %]
|
||||
[% list.name %]-request@[% list.domain %] sympa:[% list.name %]-request@[% list.domain %]
|
||||
[% list.name %]-editor@[% list.domain %] sympa:[% list.name %]-editor@[% list.domain %]
|
||||
#[% list.name %]-subscribe@[% list.domain %] sympa:[% list.name %]-subscribe@[%list.domain %]
|
||||
[% list.name %]-unsubscribe@[% list.domain %] sympa:[% list.name %]-unsubscribe@[% list.domain %]
|
||||
[% list.name %][% return_path_suffix %]@[% list.domain %] sympabounce:[% list.name %]@[% list.domain %]
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
sympa unix - n n - - pipe
|
||||
flags=hqRu null_sender= user=sympa argv=$(queue_cmd) \dollar{recipient}
|
||||
sympabounce unix - n n - - pipe
|
||||
flags=hqRu null_sender= user=sympa argv=$(bouncequeue_cmd) \dollar{user}@\dollar{domain}
|
||||
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
user = {{db_user}}
|
||||
password = {{db_pass}}
|
||||
hosts = {{db_host}}
|
||||
dbname = {{db_name}}
|
||||
query = SELECT 'present' FROM list_table WHERE name_list='%u'
|
||||
or name_list = replace('%u', '-request', '')
|
||||
or name_list = replace('%u', '-editor', '')
|
||||
or name_list = replace('%u', '-subscribe', '')
|
||||
or name_list = replace('%u', '-unsubscribe', '')
|
|
@ -0,0 +1,3 @@
|
|||
#
|
||||
# Managed by CFEngine
|
||||
#
|
Loading…
Reference in New Issue