|
 |
6e96c8 |
include:
|
|
|
6e96c8 |
- profile.cron
|
|
|
5aef08 |
- zypper.packages
|
|
|
6e96c8 |
|
|
 |
9c01e4 |
/etc/postfix/master.cf:
|
|
|
9c01e4 |
file.managed:
|
|
|
9c01e4 |
- source: salt://profile/mailserver/files/master.cf
|
|
|
9c01e4 |
- user: root
|
|
|
9c01e4 |
- group: root
|
|
|
faabbf |
- mode: '0644'
|
|
|
9c01e4 |
- template: jinja
|
|
|
9c01e4 |
- replace: True
|
|
|
9c01e4 |
- require:
|
|
|
5aef08 |
- pkg: zypper_packages
|
|
|
9c01e4 |
- watch_in:
|
|
|
9c01e4 |
- service: postfix
|
|
|
9c01e4 |
|
|
|
9c01e4 |
{% for file in [
|
|
|
9c01e4 |
'handling_special_recipients',
|
|
|
e13367 |
'manually-blocked-users',
|
|
|
9c01e4 |
'no-internal-tls',
|
|
|
9c01e4 |
'ratelimit',
|
|
|
9c01e4 |
'transport',
|
|
|
9c01e4 |
'virtual-domains',
|
|
|
9c01e4 |
'virtual-opensuse-aliases',
|
|
|
9c01e4 |
'virtual-opensuse-mailinglists'
|
|
|
9c01e4 |
] %}
|
|
|
faabbf |
/etc/postfix/{{ file }}:
|
|
|
9c01e4 |
file.managed:
|
|
|
faabbf |
- source: salt://profile/mailserver/files/{{ file }}
|
|
|
9c01e4 |
- user: root
|
|
|
9c01e4 |
- group: root
|
|
|
faabbf |
- mode: '0644'
|
|
|
9c01e4 |
- replace: True
|
|
|
e1cb78 |
- template: jinja
|
|
|
9c01e4 |
cmd.run:
|
|
|
faabbf |
- name: postmap /etc/postfix/{{ file }}
|
|
|
9c01e4 |
- runas: root
|
|
|
9c01e4 |
- onchanges:
|
|
|
faabbf |
- file: /etc/postfix/{{ file }}
|
|
|
9c01e4 |
- watch_in:
|
|
|
9c01e4 |
- service: postfix
|
|
|
9c01e4 |
- require:
|
|
|
5aef08 |
- pkg: zypper_packages
|
|
|
9c01e4 |
{% endfor %}
|
|
|
9c01e4 |
|
|
|
9c01e4 |
/etc/sysconfig/postgrey:
|
|
|
9c01e4 |
file.line:
|
|
|
9c01e4 |
- match: ^POSTGREY_EXTRA_OPTIONS=
|
|
|
9c01e4 |
- content: POSTGREY_EXTRA_OPTIONS="--auto-whitelist-clients --greylist-text='Service temporarily unavailable, please retry later'"
|
|
|
9c01e4 |
- mode: replace
|
|
|
9c01e4 |
|
|
|
9c01e4 |
/etc/postfix/header_checks:
|
|
|
9c01e4 |
file.managed:
|
|
|
9c01e4 |
- source: salt://profile/mailserver/files/header_checks
|
|
|
9c01e4 |
- user: root
|
|
|
9c01e4 |
- group: root
|
|
|
faabbf |
- mode: '0644'
|
|
|
faabbf |
- replace: True
|
|
|
c54df7 |
- template: jinja
|
|
|
9c01e4 |
|
|
|
9c01e4 |
{% for file in [
|
|
|
9c01e4 |
'bounce-old-mlmmj.pcre',
|
|
|
9c01e4 |
'greylist_helos.pcre',
|
|
|
9c01e4 |
'suspicious_client.pcre',
|
|
|
9c01e4 |
'virtual-opensuse-mm3-bounces.pcre'
|
|
|
9c01e4 |
] %}
|
|
|
faabbf |
/etc/postfix/{{ file }}:
|
|
|
9c01e4 |
file.managed:
|
|
|
faabbf |
- source: salt://profile/mailserver/files/{{ file }}
|
|
|
9c01e4 |
- user: root
|
|
|
9c01e4 |
- group: root
|
|
|
faabbf |
- mode: '0644'
|
|
|
9c01e4 |
- replace: True
|
|
|
e1cb78 |
- template: jinja
|
|
|
9c01e4 |
- require:
|
|
|
5aef08 |
- pkg: zypper_packages
|
|
|
9c01e4 |
- watch_in:
|
|
|
9c01e4 |
- service: postfix
|
|
|
9c01e4 |
{% endfor %}
|
|
|
9c01e4 |
|
|
|
9c01e4 |
/etc/clamd.conf:
|
|
|
9c01e4 |
file.managed:
|
|
|
9c01e4 |
- source: salt://profile/mailserver/files/clamd.conf
|
|
|
9c01e4 |
- user: root
|
|
|
9c01e4 |
- group: root
|
|
|
faabbf |
- mode: '0644'
|
|
|
9c01e4 |
- replace: True
|
|
|
e1cb78 |
- template: jinja
|
|
|
9c01e4 |
- require:
|
|
|
5aef08 |
- pkg: zypper_packages
|
|
|
9c01e4 |
- watch_in:
|
|
|
9c01e4 |
- service: clamd
|
|
|
9c01e4 |
|
|
|
9c01e4 |
/etc/freshclam.conf:
|
|
|
9c01e4 |
file.managed:
|
|
|
9c01e4 |
- source: salt://profile/mailserver/files/freshclam.conf
|
|
|
9c01e4 |
- user: root
|
|
|
9c01e4 |
- group: root
|
|
|
faabbf |
- mode: '0644'
|
|
|
9c01e4 |
- replace: True
|
|
|
e1cb78 |
- template: jinja
|
|
|
9c01e4 |
- require:
|
|
|
5aef08 |
- pkg: zypper_packages
|
|
|
9c01e4 |
- watch_in:
|
|
|
9c01e4 |
- service: freshclam
|
|
|
9c01e4 |
|
|
|
9c01e4 |
/etc/postgrey/whitelist_clients.local:
|
|
|
9c01e4 |
file.managed:
|
|
|
9c01e4 |
- source: salt://profile/mailserver/files/whitelist_clients.local
|
|
|
9c01e4 |
- user: root
|
|
|
9c01e4 |
- group: root
|
|
|
faabbf |
- mode: '0644'
|
|
|
9c01e4 |
- replace: True
|
|
|
c54df7 |
- template: jinja
|
|
|
9c01e4 |
- require:
|
|
|
5aef08 |
- pkg: zypper_packages
|
|
|
9c01e4 |
- watch_in:
|
|
|
9c01e4 |
- service: postgrey
|
|
|
9c01e4 |
|
|
|
faabbf |
{%- for file, dir in [
|
|
|
9c01e4 |
('spampd', 'sysconfig'),
|
|
|
9c01e4 |
('local.cf', 'mail/spamassassin'),
|
|
|
9c01e4 |
('opensuse.cf', 'mail/spamassassin'),
|
|
|
9c01e4 |
('opensuse-rules.cf', 'mail/spamassassin'),
|
|
|
faabbf |
] %}
|
|
|
faabbf |
/etc/{{ dir }}/{{ file }}:
|
|
|
9c01e4 |
file.managed:
|
|
|
faabbf |
- source: salt://profile/mailserver/files/spamassassin/{{ file }}
|
|
|
9c01e4 |
- user: root
|
|
|
9c01e4 |
- group: root
|
|
|
faabbf |
- mode: '0644'
|
|
|
9c01e4 |
- replace: True
|
|
|
e1cb78 |
- template: jinja
|
|
|
9c01e4 |
- require:
|
|
|
5aef08 |
- pkg: zypper_packages
|
|
|
9c01e4 |
- watch_in:
|
|
|
9c01e4 |
- service: spampd
|
|
|
faabbf |
{%- endfor %}
|
|
|
9c01e4 |
|
|
|
ee0f8b |
/etc/default/postsrsd:
|
|
|
ee0f8b |
file.line:
|
|
|
ee0f8b |
- match: ^SRS_LISTEN_ADDR=
|
|
|
79d4b0 |
- content: SRS_LISTEN_ADDR=ipv6-localhost
|
|
|
ee0f8b |
- mode: replace
|
|
|
74e530 |
- watch_in:
|
|
|
74e530 |
- service: service postsrsd
|
|
|
ee0f8b |
|
|
|
9c01e4 |
# MAYBE: remove override for clamd, seems to be standard now?
|
|
|
faabbf |
{%- for svc in ['clamd', 'spampd'] %}
|
|
|
faabbf |
/etc/systemd/system/{{ svc }}.service.d/override.conf:
|
|
|
9c01e4 |
file.managed:
|
|
|
9c01e4 |
- user: root
|
|
|
9c01e4 |
- group: root
|
|
|
faabbf |
- mode: '0644'
|
|
|
9c01e4 |
- replace: True
|
|
|
9c01e4 |
- makedirs: True
|
|
|
9c01e4 |
- contents:
|
|
|
e1cb78 |
- {{ pillar['managed_by_salt'] | yaml_encode }}
|
|
|
9c01e4 |
- '[Service]'
|
|
|
9c01e4 |
- 'RestartSec=10'
|
|
|
9c01e4 |
- 'Restart=always'
|
|
|
faabbf |
{%- endfor %}
|
|
|
9c01e4 |
|
|
|
faabbf |
{%- for svc in ['clamd', 'freshclam', 'spampd', 'postsrsd', 'postgrey'] %}
|
|
|
faabbf |
service {{ svc }}:
|
|
|
9c01e4 |
service.running:
|
|
|
faabbf |
- name: {{ svc }}
|
|
|
9c01e4 |
- enable: True
|
|
|
faabbf |
{%- endfor %}
|
|
|
9c01e4 |
|
|
|
faabbf |
{%- for file, dir in [
|
|
|
9c01e4 |
('dhprimes','/etc/cron.d'),
|
|
|
9c01e4 |
('regen_dh_primes','/usr/local/bin'),
|
|
|
9c01e4 |
('member_aliases','/etc/cron.d'),
|
|
|
9c01e4 |
('get_member_aliases', '/usr/local/bin')
|
|
|
faabbf |
] %}
|
|
|
faabbf |
{{ dir }}/{{ file }}:
|
|
|
9c01e4 |
file.managed:
|
|
|
faabbf |
- source: salt://profile/mailserver/files/cron/{{ file }}
|
|
|
9c01e4 |
- user: root
|
|
|
9c01e4 |
- group: root
|
|
|
9cbb82 |
- mode: {{ '0755' if dir.endswith('/bin') else '0644' }}
|
|
|
9c01e4 |
- replace: True
|
|
|
d91308 |
- template: jinja
|
|
|
9c01e4 |
{% endfor %}
|
|
|
9c01e4 |
|
|
|
d91308 |
/root/.my.cnf:
|
|
|
d91308 |
file.managed:
|
|
|
d91308 |
- contents:
|
|
|
70fcd0 |
- {{ pillar['managed_by_salt'] | yaml_encode }}
|
|
|
d91308 |
- '[client]'
|
|
|
70fcd0 |
- 'host=mysql.infra.opensuse.org'
|
|
|
70fcd0 |
- 'port=3307'
|
|
|
d91308 |
- 'user={{ pillar.profile.mailserver.members.user }}'
|
|
|
d91308 |
- 'password={{ salt['pillar.get']('profile:mailserver:members:password', '') }}'
|
|
|
d91308 |
- user: root
|
|
|
d91308 |
- group: root
|
|
|
faabbf |
- mode: '0600'
|
|
|
d91308 |
|
|
|
d91308 |
# make sure the user database exists and is ready to use
|
|
|
d91308 |
/etc/postfix/virtual-opensuse-users:
|
|
|
d91308 |
cmd.run:
|
|
|
d91308 |
- name: /usr/local/bin/get_member_aliases
|
|
|
d91308 |
- runas: root
|
|
|
d91308 |
- unless:
|
|
|
d91308 |
- test -f /etc/postfix/virtual-opensuse-users
|
|
|
d91308 |
- require:
|
|
|
5aef08 |
- pkg: zypper_packages
|
|
|
d91308 |
- file: /root/.my.cnf
|