cookbook 'postfix', '= 3.7.0'
postfix
(70) Versions
3.7.0
-
-
6.0.27
-
6.0.26
-
6.0.25
-
6.0.24
-
6.0.23
-
6.0.22
-
6.0.21
-
6.0.20
-
6.0.19
-
6.0.18
-
6.0.17
-
6.0.16
-
6.0.15
-
6.0.14
-
6.0.13
-
6.0.12
-
6.0.11
-
6.0.10
-
6.0.9
-
6.0.8
-
6.0.7
-
6.0.6
-
6.0.5
-
6.0.4
-
6.0.3
-
6.0.2
-
6.0.1
-
6.0.0
-
5.4.1
-
5.4.0
-
5.3.1
-
5.3.0
-
5.2.1
-
5.1.1
-
5.1.0
-
5.0.3
-
5.0.2
-
5.0.1
-
5.0.0
-
4.0.0
-
3.8.0
-
3.7.0
-
3.6.2
-
3.6.1
-
3.6.0
-
3.5.0
-
3.4.1
-
3.4.0
-
3.3.1
-
3.3.0
-
3.2.0
-
3.1.8
-
3.1.6
-
3.1.4
-
3.1.2
-
3.1.0
-
3.0.4
-
3.0.2
-
3.0.0
-
2.1.6
-
2.1.4
-
2.1.2
-
2.1.0
-
2.0.0
-
1.2.2
-
1.2.0
-
1.0.0
-
0.8.4
-
0.8.2
-
0.7.0
Follow134
- 6.0.27
- 6.0.26
- 6.0.25
- 6.0.24
- 6.0.23
- 6.0.22
- 6.0.21
- 6.0.20
- 6.0.19
- 6.0.18
- 6.0.17
- 6.0.16
- 6.0.15
- 6.0.14
- 6.0.13
- 6.0.12
- 6.0.11
- 6.0.10
- 6.0.9
- 6.0.8
- 6.0.7
- 6.0.6
- 6.0.5
- 6.0.4
- 6.0.3
- 6.0.2
- 6.0.1
- 6.0.0
- 5.4.1
- 5.4.0
- 5.3.1
- 5.3.0
- 5.2.1
- 5.1.1
- 5.1.0
- 5.0.3
- 5.0.2
- 5.0.1
- 5.0.0
- 4.0.0
- 3.8.0
- 3.7.0
- 3.6.2
- 3.6.1
- 3.6.0
- 3.5.0
- 3.4.1
- 3.4.0
- 3.3.1
- 3.3.0
- 3.2.0
- 3.1.8
- 3.1.6
- 3.1.4
- 3.1.2
- 3.1.0
- 3.0.4
- 3.0.2
- 3.0.0
- 2.1.6
- 2.1.4
- 2.1.2
- 2.1.0
- 2.0.0
- 1.2.2
- 1.2.0
- 1.0.0
- 0.8.4
- 0.8.2
- 0.7.0
Installs and configures postfix for client or outbound relayhost, or to do SASL auth
cookbook 'postfix', '= 3.7.0', :supermarket
knife supermarket install postfix
knife supermarket download postfix
postfix Cookbook
Installs and configures postfix for client or outbound relayhost, or to do SASL authentication.
On RHEL-family systems, sendmail will be replaced with postfix.
Requirements
Platforms
- Ubuntu 10.04+
- Debian 6.0+
- RHEL/CentOS/Scientific 5.7+, 6.2+
- Amazon Linux (as of AMIs created after 4/9/2012)
May work on other platforms with or without modification.
Attributes
See attributes/default.rb
for default values.
Generic cookbook attributes
-
node['postfix']['mail_type']
- Sets the kind of mail configuration.master
will set up a server (relayhost). -
node['postfix']['relayhost_role']
- name of a role used for search in the client recipe. -
node['postfix']['multi_environment_relay']
- set to true if nodes should not constrain search for the relayhost in their own environment. -
node['postfix']['use_procmail']
- set to true if nodes should use procmail as the delivery agent. -
node['postfix']['use_alias_maps']
- set to true if you want the cookbook to use/configure alias maps -
node['postfix']['use_transport_maps']
- set to true if you want the cookbook to use/configure transport maps -
node['postfix']['use_access_maps']
- set to true if you want the cookbook to use/configure access maps -
node['postfix']['use_virtual_aliases']
- set to true if you want the cookbook to use/configure virtual alias maps -
node['postfix']['use_relay_restrictions_maps']
- set to true if you want the cookbook to use/configure a list of domains to which postfix will allow relay -
node['postfix']['aliases']
- hash of aliases to create withrecipe[postfix::aliases]
, see below under Recipes for more information. -
node['postfix']['transports']
- hash of transports to create withrecipe[postfix::transports]
, see below under Recipes for more information. -
node['postfix']['access']
- hash of access to create withrecipe[postfix::access]
, see below under Recipes for more information. -
node['postfix']['virtual_aliases']
- hash of virtual_aliases to create withrecipe[postfix::virtual_aliases]
, see below under Recipes for more information. -
node['postfix']['main_template_source']
- Cookbook source for main.cf template. Default 'postfix' -
node['postfix']['master_template_source']
- Cookbook source for master.cf template. Default 'postfix'
main.cf and sasl_passwd template attributes
The main.cf template has been simplified to include any attributes in the node['postfix']['main']
data structure. The following attributes are still included with this cookbook to maintain some semblance of backwards compatibility.
This change in namespace to node['postfix']['main']
should allow for greater flexibility, given the large number of configuration variables for the postfix daemon. All of these cookbook attributes correspond to the option of the same name in /etc/postfix/main.cf
.
-
node['postfix']['main']['biff']
- (yes/no); default no -
node['postfix']['main']['append_dot_mydomain']
- (yes/no); default no -
node['postfix']['main']['myhostname']
- defaults to fqdn from Ohai -
node['postfix']['main']['mydomain']
- defaults to domain from Ohai -
node['postfix']['main']['myorigin']
- defaults to $myhostname -
node['postfix']['main']['mynetworks']
- default is nil, which forces Postfix to default to loopback addresses. -
node['postfix']['main']['inet_interfaces']
- set toloopback-only
, orall
for server recipe -
node['postfix']['main']['alias_maps']
- set tohash:/etc/aliases
-
node['postfix']['main']['mailbox_size_limit']
- set to0
(disabled) -
node['postfix']['main']['mydestination']
- default fqdn, hostname, localhost.localdomain, localhost -
node['postfix']['main']['smtpd_use_tls']
- (yes/no); default yes. See conditional cert/key attributes.-
node['postfix']['main']['smtpd_tls_cert_file']
- conditional attribute, set to full path of server's x509 certificate. -
node['postfix']['main']['smtpd_tls_key_file']
- conditional attribute, set to full path of server's private key -
node['postfix']['main']['smtpd_tls_CAfile']
- set to platform specific CA bundle -
node['postfix']['main']['smtpd_tls_session_cache_database']
- set tobtree:${data_directory}/smtpd_scache
-
-
node['postfix']['main']['smtp_use_tls']
- (yes/no); default yes. See following conditional attributes.-
node['postfix']['main']['smtp_tls_CAfile']
- set to platform specific CA bundle -
node['postfix']['main']['smtp_tls_session_cache_database']
- set tobtree:${data_directory}/smtpd_scache
-
-
node['postfix']['main']['smtp_sasl_auth_enable']
- (yes/no); default no. If enabled, see following conditional attributes.-
node['postfix']['main']['smtp_sasl_password_maps']
- Set tohash:/etc/postfix/sasl_passwd
template file -
node['postfix']['main']['smtp_sasl_security_options']
- Set to noanonymous -
node['postfix']['main']['relayhost']
- Set to empty string -
node['postfix']['sasl']['smtp_sasl_user_name']
- SASL user to authenticate as. Default empty -
node['postfix']['sasl']['smtp_sasl_passwd']
- SASL password to use. Default empty.
-
-
node['postfix']['sender_canonical_map_entries']
- (hash with key value pairs); default not configured. Setup generic canonical maps. Seeman 5 canonical
. If has at least one value, then will be enabled in config. -
node['postfix']['smtp_generic_map_entries']
- (hash with key value pairs); default not configured. Setup generic postfix maps. Seeman 5 generic
. If has at least one value, then will be enabled in config.
Example of json role config, for setup *_map_entries:
postfix : {
...
"smtp_generic_map_entries" : { "root@youinternaldomain.local" : "admin@example.com", "admin@youinternaldomain.local" : "admin@example.com" }
}
master.cf template attributes
- `node['postfix']['master']['submission'] - Whether to use submission (TCP 587) daemon. (true/false); default false
Recipes
default
Installs the postfix package and manages the service and the main configuration files (/etc/postfix/main.cf
and /etc/postfix/master.cf
). See Usage and Examples to see how to affect behavior of this recipe through configuration. Depending on the node['postfix']['use_alias_maps']
, node['postfix']['use_transport_maps']
, node['postfix']['use_access_maps']
and node['postfix']['use_virtual_aliases']
attributes the default recipe can call additional recipes to manage additional postfix configuration files
For a more dynamic approach to discovery for the relayhost, see the client
and server
recipes below.
client
Use this recipe to have nodes automatically search for the mail relay based which node has the node['postfix']['relayhost_role']
role. Sets the node['postfix']['main']['relayhost']
attribute to the first result from the search.
Includes the default recipe to install, configure and start postfix.
Does not work with chef-solo
.
sasl_auth
Sets up the system to authenticate with a remote mail relay using SASL authentication.
server
To use Chef Server search to automatically detect a node that is the relayhost, use this recipe in a role that will be relayhost. By default, the role should be "relayhost" but you can change the attribute node['postfix']['relayhost_role']
to modify this.
Note This recipe will set the node['postfix']['mail_type']
to "master" with an override attribute.
aliases
Manage /etc/aliases
with this recipe. Currently only Ubuntu 10.04 platform has a template for the aliases file. Add your aliases template to the templates/default
or to the appropriate platform+version directory per the File Specificity rules for templates. Then specify a hash of aliases for the node['postfix']['aliases']
attribute.
Arrays are supported as alias values, since postfix supports comma separated values per alias, simply specify your alias as an array to use this handy feature.
aliases
Manage /etc/aliases
with this recipe.
transports
Manage /etc/postfix/transport
with this recipe.
access
Manage /etc/postfix/access
with this recipe.
virtual_aliases
Manage /etc/postfix/virtual
with this recipe.
relay_restrictions
Manage /etc/postfix/relay_restriction
with this recipe
The postfix option smtpd_relay_restrictions in main.cf will point to this hash map db.
http://wiki.chef.io/display/chef/Templates#Templates-TemplateLocationSpecificity
Usage
On systems that should simply send mail directly to a relay, or out to the internet, use recipe[postfix]
and modify the node['postfix']['main']['relayhost']
attribute via a role.
On systems that should be the MX for a domain, set the attributes accordingly and make sure the node['postfix']['mail_type']
attribute is master
. See Examples for information on how to use recipe[postfix::server]
to do this automatically.
If you need to use SASL authentication to send mail through your ISP (such as on a home network), use postfix::sasl_auth
and set the appropriate attributes.
For each of these implementations, see Examples for role usage.
Examples
The example roles below only have the relevant postfix usage. You may have other contents depending on what you're configuring on your systems.
The base
role is applied to all nodes in the environment.
name "base" run_list("recipe[postfix]") override_attributes( "postfix" => { "mail_type" => "client", "main" => { "mydomain" => "example.com", "myorigin" => "example.com", "relayhost" => "[smtp.example.com]", "smtp_use_tls" => "no" } } )
The relayhost
role is applied to the nodes that are relayhosts. Often this is 2 systems using a CNAME of smtp.example.com
.
name "relayhost" run_list("recipe[postfix::server]") override_attributes( "postfix" => { "mail_type" => "master", "main" => { "mynetworks" => [ "10.3.3.0/24", "127.0.0.0/8" ], "inet-interfaces" => "all", "mydomain" => "example.com", "myorigin" => "example.com" } )
The sasl_relayhost
role is applied to the nodes that are relayhosts and require authenticating with SASL. For example this might be on a household network with an ISP that otherwise blocks direct internet access to SMTP.
name "sasl_relayhost" run_list("recipe[postfix], recipe[postfix::sasl_auth]") override_attributes( "postfix" => { "mail_type" => "master", "main" => { "mynetworks" => "10.3.3.0/24", "mydomain" => "example.com", "myorigin" => "example.com", "relayhost" => "[smtp.comcast.net]:587", "smtp_sasl_auth_enable" => "yes" }, "sasl" => { "smtp_sasl_passwd" => "your_password", "smtp_sasl_user_name" => "your_username" } } )
For an example of using encrypted data bags to encrypt the SASL password, see the following blog post:
Examples using the client & server recipes
If you'd like to use the more dynamic search based approach for discovery, use the server and client recipes. First, create a relayhost role.
name "relayhost" run_list("recipe[postfix::server]") override_attributes( "postfix" => { "main" => { "mynetworks" => "10.3.3.0/24", "mydomain" => "example.com", "myorigin" => "example.com" } } )
Then, add the postfix::client
recipe to the run list of your base
role or equivalent role for postfix clients.
name "base" run_list("recipe[postfix::client]") override_attributes( "postfix" => { "mail_type" => "client", "main" => { "mydomain" => "example.com", "myorigin" => "example.com" } } )
If you wish to use a different role name for the relayhost, then also set the attribute in the base
role. For example, postfix_master
as the role name:
name "postfix_master" description "a role for postfix master that isn't relayhost" run_list("recipe[postfix::server]") override_attributes( "postfix" => { "main" => { "mynetworks" => "10.3.3.0/24", "mydomain" => "example.com", "myorigin" => "example.com" } } )
The base role would look something like this:
name "base" run_list("recipe[postfix::client]") override_attributes( "postfix" => { "relayhost_role" => "postfix_master", "mail_type" => "client", "main" => { "mydomain" => "example.com", "myorigin" => "example.com" } } )
To use relay restrictions override the relay restrictions attribute in this format:
override_attributes( "postfix" => { "use_relay_restrictions_maps" => true, "relay_restrictions" => { "chef.io" => "OK", ".chef.io" => "OK", "example.com" => "OK" } } )
License & Authors
- Author:: Joshua Timberman joshua@chef.io
Copyright:: 2009-2014, Chef Software, Inc Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
postfix Cookbook CHANGELOG
This file is used to list changes made in each version of the postfix cookbook.
v3.7.0 (2015-04-30)
- Adding support for relay restrictions
- Update chefspec and serverspec tests
v3.6.2 (2014-10-31)
- Fix FreeBSDisms
v3.6.1 (2014-10-28)
- Fix documentation around node['postfix']['main']['relayhost'] attribute
- Fix logic around include_recipe 'postfix::virtual_aliases_domains'
v3.6.0 (2014-08-25)
- restart postfix after updating virtual alias templates #86
- fixing typo for alias_db location in omnios
- moving conditional attributes to a recipe so they can be modified via other cookbook attributes
v3.5.0 (2014-08-25)
Adding virtual_domains functionality
v3.4.1 (2014-08-20)
Removing unused parameters from main.cf
v3.4.0 (2014-07-25)
Refactoring to fix some logic issues
v3.3.1 (2014-06-11)
Reverting #37 - [COOK-3418] Virtual Domain Support PR - duplicate of #55
v3.3.0 (2014-06-11)
- #37 - [COOK-3418] - Virtual Domain Support
- #44 - Fix minor formatting issue in attributes
- #55 - Add support for virtual aliases
- #57 - Fixing attributes bug in README
- #64 - add smtp_generic maps configuration option
- #66 - [COOK-3652] Add support for transport mappings
- #67 - [COOK-4662] Added support for access control
- #68 - Properly handle binding to loopback on mixed IPV4/IPV6 systems
v3.2.0 (2014-05-09)
- [COOK-4619] - no way to unset recipient_delimiter
v3.1.8 (2014-03-27)
- [COOK-4410] - Fix sender_canonical configuration by adding template and postmap execution
v3.1.6 (2014-03-19)
- [COOK-4423] - use platform_family, find cert.pem on rhel
v3.1.4 (2014-02-27)
[COOK-4329] Migrate minitest PITs to latest test-kitchen + serverspec
v3.1.2 (2014-02-19)
Bug
- COOK-4357 - postfix::sasl_auth recipe fails to converge
v3.1.0 (2014-02-19)
Bug
- COOK-4322 - Postfix cookbook has incorrect default path for sasl_passwd
New Feature
- COOK-4086 - use conf_dir attribute for sasl recipe, and add omnios support
- COOK-2551 - Support creating the sender_canonical map file
v3.0.4
Bug
- COOK-3824 - main.cf.erb mishandles lists
Improvement
- COOK-3822 - postfix cookbook readme has an incorrect example
- Got rubocop errors down to 32
New Feature
- COOK-2551 - Support creating the sender_canonical map file
v3.0.2
Bug
- COOK-3617 - Fix error when no there is no FQDN
-
COOK-3530 - Update
client.rb
after 3.0.0 refactor - COOK-2499 - Do not use resource cloning
Improvement
- COOK-3116 - Add SmartOS support
v3.0.0
Improvement
- COOK-3328 - Postfix main/master and attributes refactor
Breaking changes:
- Attributes are namespaced as node['postfix']
, node['postfix']['main']
, and node['postfix']['master']
.
v2.1.6
Bug
- [COOK-2501]: Reference to
['postfix']['domain']
should be['postfix']['mydomain']
- [COOK-2715]: master.cf uses old name for
smtp_fallback_relay
(fallback_relay
) parameter in master.cf
v2.1.4
- [COOK-2281] - postfix aliases uses require_recipe statement
v2.1.2
- [COOK-2010] - postfix sasl_auth does not include the sasl plain package
v2.1.0
- [COOK-1233] - optional configuration for canonical maps
- [COOK-1660] - allow comma separated arrays in aliases
- [COOK-1662] - allow inet_interfaces configuration via attribute
v2.0.0
This version uses platform_family attribute, making the cookbook incompatible with older versions of Chef/Ohai, hence the major version bump.
- [COOK-1535] -
smtpd_cache
should be indata_directory
, notqueue_directory
- [COOK-1790] - /etc/aliases template is only in ubuntu directory
- [COOK-1792] - add minitest-chef tests to postfix cookbook
v1.2.2
- [COOK-1442] - Missing ['postfix']['domain'] Attribute causes initial installation failure
- [COOK-1520] - Add support for procmail delivery
- [COOK-1528] - Make aliasses template less specific
- [COOK-1538] - Add iptables_rule template
- [COOK-1540] - Add smtpd_milters and non_smtpd_milters parameters to main.cf
v1.2.0
- [COOK-880] - add client/server roles for search-based discovery of relayhost
v1.0.0
- [COOK-668] - RHEL/CentOS/Scientific/Amazon platform support
- [COOK-733] - postfix::aliases recipe to manage /etc/aliases
- [COOK-821] - add README.md :)
v0.8.4
- Current public release.
Foodcritic Metric
3.7.0 failed this metric
FC031: Cookbook without metadata file: /tmp/cook/b25fb74aa3c8e4e23a7926b2/postfix/metadata.rb:1
FC045: Consider setting cookbook name in metadata: /tmp/cook/b25fb74aa3c8e4e23a7926b2/postfix/metadata.rb:1
3.7.0 failed this metric
FC045: Consider setting cookbook name in metadata: /tmp/cook/b25fb74aa3c8e4e23a7926b2/postfix/metadata.rb:1