Last active
May 12, 2016 09:48
-
-
Save colegatron/00cea2a778cd9448801e9e1e33e4e71e to your computer and use it in GitHub Desktop.
saltstack postfix formula as forwarder (for root emails)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is an update of the Russel's state to use it basically as mail forwarder in auto scaled environments. | |
The tipycal problem is that if you get notification emails from "webserver@mydomain.com" in an environment where you really have 5 or 6 webservers for the same application, it is difficult to track back the issue to the right server. | |
I have solved it renaming the server and the headers: | |
All the emails sent from the server for <myhostname>.domain.com will renamed to <senderuser>@<myhostname-my-ipv4>.domain.com. | |
Also adds a header replacement to avoid problems with Office365 mail servers, which rejects to send emails with different names on the hostname and the email headers | |
Original job: http://russell.ballestrini.net/postfix-salt-state-formula/ | |
note: replace "." in file names with "/" to get the right folder structure. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{% set h = salt['grains.get']('host', 'noname') %} | |
{% set d = salt['grains.get']('domain', 'nodomain') %} | |
{% set i = salt['grains.get']('ipv4', 'nodomain')[1] %} | |
{% set myfakehostname = h + "-" + i + "-" + d %} | |
{% set myhostname = h + "." + d %} | |
postfix: | |
# I need this to access to this vars in the states and also in the pillar without having to duplicate var definitions | |
myhostname: {{ myhostname }} | |
myfakehostname: {{ myfakehostname }} | |
# real postfix conf | |
aliases: | | |
postmaster: root | |
root: notify-root@domain.com | |
sender_canonical_maps: | | |
/^(.*)@(.*).domain.com$/ ${1}@{{ myfakehostname }}.domain.com | |
header_check: | | |
/From:(.*)@{{ myhostname }}.domain.com/ REPLACE From: ${1}@{{ myfakehostname }}.domain.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Managed by config management | |
{{pillar['postfix']['header_check']}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Install mutt and postfix mutt packages. | |
# | |
# This formula supports setting an optional: | |
# | |
# * 'aliases' file | |
# * 'virtual' map file | |
# | |
# Both aliases and virtual use a pillar data schema | |
# which takes the following form: | |
# | |
# postfix: | |
# aliases: | | |
# postmaster: root | |
# root: testuser | |
# testuser: russell@example.com | |
# virtual: | | |
# example.com this is a comment | |
# test1@example.com me@example.com | |
# test2@example.com me@example.com | |
# sender_canonical_maps: | | |
# /.+/ newsender@address.com | |
# | |
# header_check: | | |
# /From:.*/ REPLACE From: newsender@address.com | |
# | |
# install mutt | |
mutt: | |
pkg: | |
- installed | |
# install postfix have service watch main.cf | |
postfix: | |
pkg: | |
- installed | |
service: | |
- running | |
- enable: True | |
- watch: | |
- pkg: postfix | |
- file: /etc/postfix/main.cf | |
# postfix main configuration file | |
/etc/postfix/main.cf: | |
file.managed: | |
- source: salt://postfix/main.cf | |
- user: root | |
- group: root | |
- mode: 644 | |
- template: jinja | |
- require: | |
- pkg: postfix | |
# manage /etc/aliases if data found in pillar | |
{% if 'aliases' in pillar.get('postfix', '') %} | |
/etc/aliases: | |
file.managed: | |
- source: salt://postfix/aliases | |
- user: root | |
- group: root | |
- mode: 644 | |
- template: jinja | |
- require: | |
- pkg: postfix | |
run-newaliases: | |
cmd.wait: | |
- name: newaliases | |
- cwd: / | |
- watch: | |
- file: /etc/aliases | |
{% endif %} | |
# manage /etc/postfix/virtual if data found in pillar | |
{% if 'virtual' in pillar.get('postfix', '') %} | |
/etc/postfix/virtual: | |
file.managed: | |
- source: salt://postfix/virtual | |
- user: root | |
- group: root | |
- mode: 644 | |
- template: jinja | |
- require: | |
- pkg: postfix | |
run-postmap: | |
cmd.wait: | |
- name: /usr/sbin/postmap /etc/postfix/virtual | |
- cwd: / | |
- watch: | |
- file: /etc/postfix/virtual | |
{% endif %} | |
# manage /etc/postfix/sender_canonical_maps if data found in pillar | |
{% if 'sender_canonical_maps' in pillar.get('postfix', '') %} | |
/etc/postfix/sender_canonical_maps: | |
file.managed: | |
- source: salt://postfix/sender_canonical_maps | |
- user: root | |
- group: root | |
- mode: 644 | |
- template: jinja | |
- require: | |
- pkg: postfix | |
- watch_in: | |
- service: postfix | |
{% endif %} | |
# manage /etc/postfix/header_check if data found in pillar | |
{% if 'header_check' in pillar.get('postfix', '') %} | |
/etc/postfix/header_check: | |
file.managed: | |
- source: salt://postfix/header_check | |
- user: root | |
- group: root | |
- mode: 644 | |
- template: jinja | |
- require: | |
- pkg: postfix | |
- watch_in: | |
- service: postfix | |
{% endif %} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Managed by config management | |
# See /usr/share/postfix/main.cf.dist for a commented, more complete version | |
# | |
{% set myhostname = salt["pillar.get"]("postfix:myhostname") %} | |
{% set myfakehostname = salt["pillar.get"]("postfix:myfakehostname") %} | |
{# This file could be dinamycally modified importing with jinja a different "main.cf-grain-hostname", but there are endless posibilities depending of your own use case #} | |
# Debian specific: Specifying a file name will cause the first | |
# line of that file to be used as the name. The Debian default | |
# is /etc/mailname. | |
#myorigin = /etc/mailname | |
smtpd_banner = $myhostname ESMTP $mail_name | |
biff = no | |
# appending .domain is the MUA's job. | |
append_dot_mydomain = no | |
# Uncomment the next line to generate "delayed mail" warnings | |
#delay_warning_time = 4h | |
readme_directory = no | |
# TLS parameters | |
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem | |
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key | |
smtpd_use_tls=yes | |
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | |
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | |
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for | |
# information on enabling SSL in the smtp client. | |
sender_canonical_classes = envelope_sender, header_sender | |
sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps | |
smtp_header_checks = regexp:/etc/postfix/header_check | |
myhostname = {{ myhostname }} | |
myorigin = {{ myfakehostname }} | |
mydestination = {{ myhostname }} localhost | |
alias_maps = hash:/etc/aliases | |
alias_database = hash:/etc/aliases | |
relayhost = | |
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 | |
mailbox_size_limit = 0 | |
recipient_delimiter = + | |
inet_interfaces = all | |
{% if 'virtual' in pillar.get('postfix','') %} | |
virtual_alias_maps = hash:/etc/postfix/virtual | |
{% endif %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Managed by config management | |
{{pillar['postfix']['sender_canonical_maps']}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment