colegatron/README-saltstack-postfix-forwarder

## README-saltstack-postfix-forwarder
This is an update of the Russel's state to use it basically as mail forwarder in auto scaled environments.

The tipycal problem is that if you get notification emails from "webserver@mydomain.com" in an environment where you really have 5 or 6 webservers for the same application, it is difficult to track back the issue to the right server.

I have solved it renaming the server and the headers:

All the emails sent from the server for <myhostname>.domain.com will renamed to <senderuser>@<myhostname-my-ipv4>.domain.com.
Also adds a header replacement to avoid problems with Office365 mail servers, which rejects to send emails with different names on the hostname and the email headers

Original job: http://russell.ballestrini.net/postfix-salt-state-formula/

note: replace "." in file names with "/" to get the right folder structure.

## pillar.postfix.postfix-forwarder.sls

{% set h = salt['grains.get']('host', 'noname') %}
{% set d = salt['grains.get']('domain', 'nodomain') %}
{% set i = salt['grains.get']('ipv4', 'nodomain')[1] %}

{% set myfakehostname = h + "-" + i + "-" + d  %}
{% set myhostname = h + "." + d %}


postfix:
    # I need this to access to this vars in the states and also in the pillar without having to duplicate var definitions
    myhostname: {{ myhostname }}
    myfakehostname: {{ myfakehostname  }}

    # real postfix conf
    aliases: |
        postmaster: root
        root: notify-root@domain.com
    sender_canonical_maps: |
        /^(.*)@(.*).domain.com$/     ${1}@{{ myfakehostname }}.domain.com
    header_check: |
        /From:(.*)@{{ myhostname }}.domain.com/ REPLACE From: ${1}@{{ myfakehostname }}.domain.com

## salt.postfix.header_check
# Managed by config management
{{pillar['postfix']['header_check']}}

## salt.postfix.init.sls
# Install mutt and postfix mutt packages.
#
# This formula supports setting an optional:
#
#  * 'aliases' file
#  * 'virtual' map file
#
# Both aliases and virtual use a pillar data schema
# which takes the following form:
#
# postfix:
#   aliases: |
#       postmaster: root
#       root: testuser
#       testuser: russell@example.com
#   virtual: |
#       example.com             this is a comment
#       test1@example.com       me@example.com
#       test2@example.com       me@example.com
#   sender_canonical_maps: |
#       /.+/    newsender@address.com
#
#   header_check: |
#       /From:.*/ REPLACE From: newsender@address.com
#

# install mutt
mutt:
  pkg:
    - installed

# install postfix have service watch main.cf
postfix:
  pkg:
    - installed
  service:
    - running
    - enable: True
    - watch:
      - pkg: postfix
      - file: /etc/postfix/main.cf

# postfix main configuration file
/etc/postfix/main.cf:
  file.managed:
    - source: salt://postfix/main.cf
    - user: root
    - group: root
    - mode: 644
    - template: jinja
    - require:
      - pkg: postfix

# manage /etc/aliases if data found in pillar
{% if 'aliases' in pillar.get('postfix', '') %}
/etc/aliases:
  file.managed:
    - source: salt://postfix/aliases
    - user: root
    - group: root
    - mode: 644
    - template: jinja
    - require:
      - pkg: postfix

run-newaliases:
  cmd.wait:
    - name: newaliases
    - cwd: /
    - watch:
      - file: /etc/aliases
{% endif %}

# manage /etc/postfix/virtual if data found in pillar
{% if 'virtual' in pillar.get('postfix', '') %}
/etc/postfix/virtual:
  file.managed:
    - source: salt://postfix/virtual
    - user: root
    - group: root
    - mode: 644
    - template: jinja
    - require:
      - pkg: postfix

run-postmap:
  cmd.wait:
    - name: /usr/sbin/postmap /etc/postfix/virtual
    - cwd: /
    - watch:
      - file: /etc/postfix/virtual
{% endif %}


# manage /etc/postfix/sender_canonical_maps if data found in pillar
{% if 'sender_canonical_maps' in pillar.get('postfix', '') %}
/etc/postfix/sender_canonical_maps:
  file.managed:
    - source: salt://postfix/sender_canonical_maps
    - user: root
    - group: root
    - mode: 644
    - template: jinja
    - require:
      - pkg: postfix
    - watch_in:
      - service: postfix
{% endif %}


# manage /etc/postfix/header_check if data found in pillar
{% if 'header_check' in pillar.get('postfix', '') %}
/etc/postfix/header_check:
  file.managed:
    - source: salt://postfix/header_check
    - user: root
    - group: root
    - mode: 644
    - template: jinja
    - require:
      - pkg: postfix
    - watch_in:
      - service: postfix
{% endif %}


## salt.postfix.main.cf
#
# Managed by config management
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
#

{% set myhostname = salt["pillar.get"]("postfix:myhostname") %}
{% set myfakehostname = salt["pillar.get"]("postfix:myfakehostname") %}

{# This file could be dinamycally modified importing with jinja a different "main.cf-grain-hostname", but there are endless posibilities depending of your own use case #}


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps =  regexp:/etc/postfix/sender_canonical_maps
smtp_header_checks = regexp:/etc/postfix/header_check

myhostname = {{ myhostname }}
myorigin = {{ myfakehostname }}
mydestination = {{ myhostname }} localhost

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

relayhost =

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

{% if 'virtual' in pillar.get('postfix','') %}
virtual_alias_maps = hash:/etc/postfix/virtual
{% endif %}

## salt.postfix.sender_canonical_maps
# Managed by config management
{{pillar['postfix']['sender_canonical_maps']}}
	This is an update of the Russel's state to use it basically as mail forwarder in auto scaled environments.

	The tipycal problem is that if you get notification emails from "webserver@mydomain.com" in an environment where you really have 5 or 6 webservers for the same application, it is difficult to track back the issue to the right server.

	I have solved it renaming the server and the headers:

	All the emails sent from the server for <myhostname>.domain.com will renamed to <senderuser>@<myhostname-my-ipv4>.domain.com.
	Also adds a header replacement to avoid problems with Office365 mail servers, which rejects to send emails with different names on the hostname and the email headers

	Original job: http://russell.ballestrini.net/postfix-salt-state-formula/

	note: replace "." in file names with "/" to get the right folder structure.

	{% set h = salt['grains.get']('host', 'noname') %}
	{% set d = salt['grains.get']('domain', 'nodomain') %}
	{% set i = salt['grains.get']('ipv4', 'nodomain')[1] %}

	{% set myfakehostname = h + "-" + i + "-" + d %}
	{% set myhostname = h + "." + d %}


	postfix:
	# I need this to access to this vars in the states and also in the pillar without having to duplicate var definitions
	myhostname: {{ myhostname }}
	myfakehostname: {{ myfakehostname }}

	# real postfix conf
	aliases: \|
	postmaster: root
	root: notify-root@domain.com
	sender_canonical_maps: \|
	/^(.)@(.).domain.com$/ ${1}@{{ myfakehostname }}.domain.com
	header_check: \|
	/From:(.*)@{{ myhostname }}.domain.com/ REPLACE From: ${1}@{{ myfakehostname }}.domain.com
	# Managed by config management
	{{pillar['postfix']['header_check']}}
	# Install mutt and postfix mutt packages.
	#
	# This formula supports setting an optional:
	#
	# * 'aliases' file
	# * 'virtual' map file
	#
	# Both aliases and virtual use a pillar data schema
	# which takes the following form:
	#
	# postfix:
	# aliases: \|
	# postmaster: root
	# root: testuser
	# testuser: russell@example.com
	# virtual: \|
	# example.com this is a comment
	# test1@example.com me@example.com
	# test2@example.com me@example.com
	# sender_canonical_maps: \|
	# /.+/ newsender@address.com
	#
	# header_check: \|
	# /From:.*/ REPLACE From: newsender@address.com
	#

	# install mutt
	mutt:
	pkg:
	- installed

	# install postfix have service watch main.cf
	postfix:
	pkg:
	- installed
	service:
	- running
	- enable: True
	- watch:
	- pkg: postfix
	- file: /etc/postfix/main.cf

	# postfix main configuration file
	/etc/postfix/main.cf:
	file.managed:
	- source: salt://postfix/main.cf
	- user: root
	- group: root
	- mode: 644
	- template: jinja
	- require:
	- pkg: postfix

	# manage /etc/aliases if data found in pillar
	{% if 'aliases' in pillar.get('postfix', '') %}
	/etc/aliases:
	file.managed:
	- source: salt://postfix/aliases
	- user: root
	- group: root
	- mode: 644
	- template: jinja
	- require:
	- pkg: postfix

	run-newaliases:
	cmd.wait:
	- name: newaliases
	- cwd: /
	- watch:
	- file: /etc/aliases
	{% endif %}

	# manage /etc/postfix/virtual if data found in pillar
	{% if 'virtual' in pillar.get('postfix', '') %}
	/etc/postfix/virtual:
	file.managed:
	- source: salt://postfix/virtual
	- user: root
	- group: root
	- mode: 644
	- template: jinja
	- require:
	- pkg: postfix

	run-postmap:
	cmd.wait:
	- name: /usr/sbin/postmap /etc/postfix/virtual
	- cwd: /
	- watch:
	- file: /etc/postfix/virtual
	{% endif %}


	# manage /etc/postfix/sender_canonical_maps if data found in pillar
	{% if 'sender_canonical_maps' in pillar.get('postfix', '') %}
	/etc/postfix/sender_canonical_maps:
	file.managed:
	- source: salt://postfix/sender_canonical_maps
	- user: root
	- group: root
	- mode: 644
	- template: jinja
	- require:
	- pkg: postfix
	- watch_in:
	- service: postfix
	{% endif %}


	# manage /etc/postfix/header_check if data found in pillar
	{% if 'header_check' in pillar.get('postfix', '') %}
	/etc/postfix/header_check:
	file.managed:
	- source: salt://postfix/header_check
	- user: root
	- group: root
	- mode: 644
	- template: jinja
	- require:
	- pkg: postfix
	- watch_in:
	- service: postfix
	{% endif %}
	#
	# Managed by config management
	# See /usr/share/postfix/main.cf.dist for a commented, more complete version
	#

	{% set myhostname = salt["pillar.get"]("postfix:myhostname") %}
	{% set myfakehostname = salt["pillar.get"]("postfix:myfakehostname") %}

	{# This file could be dinamycally modified importing with jinja a different "main.cf-grain-hostname", but there are endless posibilities depending of your own use case #}




	# Debian specific: Specifying a file name will cause the first
	# line of that file to be used as the name. The Debian default
	# is /etc/mailname.
	#myorigin = /etc/mailname

	smtpd_banner = $myhostname ESMTP $mail_name
	biff = no

	# appending .domain is the MUA's job.
	append_dot_mydomain = no

	# Uncomment the next line to generate "delayed mail" warnings
	#delay_warning_time = 4h

	readme_directory = no

	# TLS parameters
	smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
	smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
	smtpd_use_tls=yes
	smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
	smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

	# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
	# information on enabling SSL in the smtp client.

	sender_canonical_classes = envelope_sender, header_sender
	sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps
	smtp_header_checks = regexp:/etc/postfix/header_check

	myhostname = {{ myhostname }}
	myorigin = {{ myfakehostname }}
	mydestination = {{ myhostname }} localhost

	alias_maps = hash:/etc/aliases
	alias_database = hash:/etc/aliases

	relayhost =

	mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

	mailbox_size_limit = 0
	recipient_delimiter = +
	inet_interfaces = all

	{% if 'virtual' in pillar.get('postfix','') %}
	virtual_alias_maps = hash:/etc/postfix/virtual
	{% endif %}
	# Managed by config management
	{{pillar['postfix']['sender_canonical_maps']}}