Page MenuHomeDevCentral
Files F3767517

No OneTemporary
Actions

View Options

diff --git a/roles/mailserver/dkim/config.sls b/roles/mailserver/dkim/config.sls
index 9b3fffd..9f3afc5 100644
--- a/roles/mailserver/dkim/config.sls
+++ b/roles/mailserver/dkim/config.sls
@@ -1,59 +1,59 @@
# -------------------------------------------------------------
# Salt — OpenDKIM configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-01-14
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
# -------------------------------------------------------------
# OpenDKIM main configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ dirs.etc }}/opendkim/opendkim.conf:
file.managed:
- source: salt://roles/mailserver/dkim/files/opendkim.conf
- template: jinja
- context:
dirs: {{ dirs }}
- socket: /var/run/milteropendkim/opendkim.sock
+ socket: /var/run/opendkim/opendkim.sock
user: opendkim
group: mail
# -------------------------------------------------------------
# OpenDKIM configuration tables
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
opendkim_config_files:
file.recurse:
- name: {{ dirs.etc }}/opendkim
- source: salt://roles/mailserver/dkim/files/etc
- include_empty: True
- clean: False
- dir_mode: 711
- file_mode: 644
opendkim_keys_directory:
file.directory:
- name: {{ dirs.etc }}/opendkim/keys
- dir_mode: 711
- user: opendkim
- group: opendkim
# -------------------------------------------------------------
# Clean up
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% set opendkim_package_leftovers = [
"/usr/local/etc/mail/opendkim.conf",
"/usr/local/etc/mail/opendkim.conf.sample",
"/usr/local/etc/mail",
]
%}
{% for path in opendkim_package_leftovers %}
{{ path }}:
file.absent
{% endfor %}
diff --git a/roles/mailserver/dkim/files/opendkim.conf b/roles/mailserver/dkim/files/opendkim.conf
index 92f584d..bd07147 100644
--- a/roles/mailserver/dkim/files/opendkim.conf
+++ b/roles/mailserver/dkim/files/opendkim.conf
@@ -1,48 +1,54 @@
# -------------------------------------------------------------
# OpenDKIM
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Source file: roles/mailserver/dkim/files/opendkim.conf
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
# -------------------------------------------------------------
# Socket
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Socket local:{{ socket }}
UMask 002
PidFile /var/run/opendkim.pid
+UMask 002
+UserID {{ user }}:{{ group }}
+
+PidFile /var/run/opendkim/opendkim.pid
+
+
# -------------------------------------------------------------
# Tables
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SigningTable file:{{ dirs.etc }}/opendkim/SigningTable
KeyTable file:{{ dirs.etc }}/opendkim/KeyTable
# -------------------------------------------------------------
# Signing
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mode sv
SignatureAlgorithm rsa-sha256
ExternalIgnoreList refile:{{ dirs.etc }}/opendkim/TrustedHosts
InternalHosts refile:{{ dirs.etc }}/opendkim/TrustedHosts
# -------------------------------------------------------------
# Log
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SysLog Yes
SyslogFacility mail
SyslogSuccess false
diff --git a/roles/mailserver/dkim/files/rc/opendkim b/roles/mailserver/dkim/files/rc/opendkim
new file mode 100644
index 0000000..7fa8739
--- /dev/null
+++ b/roles/mailserver/dkim/files/rc/opendkim
@@ -0,0 +1,70 @@
+#!/bin/sh
+
+# PROVIDE: opendkim
+# REQUIRE: DAEMON
+# BEFORE: mail
+# KEYWORD: shutdown
+
+# -------------------------------------------------------------
+# OpenDKIM
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/mailserver/dkim/files/rc/opendkim
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+# opendkim_enable (bool): Set it to YES to enable the service.
+# Default is "NO"
+# opendkim_user (user): Set user to run opendkim
+# Default is "opendkim".
+# opendkim_group (group): Set user to run opendkim
+# Default is "mail".
+# opendkim_config (config file path): Set config to run opendkim
+# Default is "/usr/local/etc/opendkim/opendkim.conf".
+# opendkim_perms (perms): Set config to run opendkim
+# Default is "0755".
+
+. /etc/rc.subr
+
+name="opendkim"
+rcvar="${name}_enable"
+
+load_rc_config $name
+
+: ${opendkim_enable:="NO"}
+: ${opendkim_user:="opendkim"}
+: ${opendkim_group:="mail"}
+: ${opendkim_config:="/usr/local/etc/opendkim/opendkim.conf"}
+: ${opendkim_perms:="0755"}
+
+pidfile="/var/run/opendkim/opendkim.pid"
+socketfile="/var/run/opendkim/opendkim.sock"
+command="/usr/local/sbin/opendkim"
+command_args="-l -u ${opendkim_user}:${opendkim_group} -P ${pidfile} -x ${opendkim_config}"
+
+start_precmd=opendkim_exec_startprecmd
+stop_postcmd=opendkim_exec_stop_postcmd
+
+opendkim_exec_startprecmd()
+{
+ mkdir -p /var/run/opendkim
+ chmod ${opendkim_perms} /var/run/opendkim
+ chown ${opendkim_user}:${opendkim_group} /var/run/opendkim
+}
+
+opendkim_exec_stop_postcmd()
+{
+ rm -f ${pidfile}
+ rm -f ${socketfile}
+}
+
+run_rc_command "$1"
diff --git a/roles/mailserver/dkim/files/rc/milteropendkim.conf b/roles/mailserver/dkim/files/rc/opendkim.conf
similarity index 73%
rename from roles/mailserver/dkim/files/rc/milteropendkim.conf
rename to roles/mailserver/dkim/files/rc/opendkim.conf
index 568d057..43a46d2 100644
--- a/roles/mailserver/dkim/files/rc/milteropendkim.conf
+++ b/roles/mailserver/dkim/files/rc/opendkim.conf
@@ -1,19 +1,17 @@
# -------------------------------------------------------------
# milter-opendkim — rc configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
-# Source file: roles/mailserver/dkim/files/rc/milteropendkim.conf
+# Source file: roles/mailserver/dkim/files/rc/opendkim.conf
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
-milteropendkim_enable="YES"
-milteropendkim_uid="{{ user }}"
-milteropendkim_gid="{{ group }}"
-milteropendkim_cfgfile="{{ config }}"
+opendkim_enable="YES"
+opendkim_perms="0775"
diff --git a/roles/mailserver/dkim/service.sls b/roles/mailserver/dkim/service.sls
index ede109a..6aedbfb 100644
--- a/roles/mailserver/dkim/service.sls
+++ b/roles/mailserver/dkim/service.sls
@@ -1,26 +1,26 @@
# -------------------------------------------------------------
# Salt — OpenDKIM configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-01-14
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs, services with context %}
# -------------------------------------------------------------
# OpenDKIM service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if services["manager"] == "rc" %}
-/etc/rc.conf.d/milter-opendkim:
+/etc/rc.conf.d/opendkim:
file.managed:
- - source: salt://roles/mailserver/dkim/files/rc/milteropendkim.conf
- - template: jinja
- - context:
- user: opendkim
- group: mail
- config: {{ dirs.etc }}/opendkim/opendkim.conf
+ - source: salt://roles/mailserver/dkim/files/rc/opendkim.conf
+
+/usr/local/etc/rc.d/opendkim:
+ file.managed:
+ - source: salt://roles/mailserver/dkim/files/rc/opendkim
+ - mode: 775
{% endif %}
diff --git a/roles/mailserver/postfix/files/main.cf b/roles/mailserver/postfix/files/main.cf
index aefc713..ce496bc 100644
--- a/roles/mailserver/postfix/files/main.cf
+++ b/roles/mailserver/postfix/files/main.cf
@@ -1,134 +1,134 @@
# -------------------------------------------------------------
# Postfix main configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Source file: roles/mailserver/postfix/files/main.cf
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
compatibility_level = 3.8
# -------------------------------------------------------------
# Postfix directories
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
command_directory = {{ dirs.sbin }}
daemon_directory = {{ postfix_dirs.daemon }}
data_directory = {{ postfix_dirs.data }}
html_directory = {{ dirs.share }}/doc/postfix
manpage_directory = {{ dirs.man }}
meta_directory = {{ dirs.etc }}/postfix
queue_directory = {{ postfix_dirs.queue }}
readme_directory = {{ dirs.share }}/doc/postfix
sample_directory = {{ dirs.etc }}/postfix
shlib_directory = {{ postfix_dirs.shlib }}
virtual_mailbox_base = /var/mail/_virtual
virtual_uid_maps = static:6000
virtual_gid_maps = static:6000
virtual_mailbox_domains=pgsql:{{ dirs.etc }}/postfix/pgsql-virtual-mailbox-domains.cf
virtual_mailbox_maps=pgsql:{{ dirs.etc }}/postfix/pgsql-virtual-mailbox-maps.cf
virtual_alias_maps=pgsql:{{ dirs.etc }}/postfix/pgsql-virtual-alias-maps.cf
alias_maps = hash:/etc/mail/aliases
alias_database = hash:/etc/mail/aliases
myhostname = mail.nasqueron.org
# -------------------------------------------------------------
# External utilities
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
mailq_path = /usr/bin/mailq
newaliases_path = /usr/bin/newaliases
sendmail_path = /usr/bin/sendmail
# -------------------------------------------------------------
# UNIX users and groups
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
mail_owner = postfix
setgid_group = maildrop
# -------------------------------------------------------------
# Debug
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
# -------------------------------------------------------------
# Network
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
inet_protocols = all
mynetworks_style = host
# -------------------------------------------------------------
# Mail
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
mydestination = localhost
unknown_local_recipient_reject_code = 550
# -------------------------------------------------------------
# TLS certificates
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
smtp_tls_CApath = {{ postfix_dirs.cacerts }}
smtpd_tls_security_level=may
smtpd_tls_cert_file=/usr/local/etc/letsencrypt/live/mail.nasqueron.org/fullchain.pem
smtpd_tls_key_file=/usr/local/etc/letsencrypt/live/mail.nasqueron.org/privkey.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL,MD5
smtpd_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
# -------------------------------------------------------------
# Handle mail storage with dovecot
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
virtual_transport = lmtp:unix:private/dovecot-lmtp
# -------------------------------------------------------------
# Handle SMTP authentication using Dovecot
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
check_policy_service unix:private/policy-spf
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org
# -------------------------------------------------------------
# Milter
#
# :: DKIM
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
milter_default_action = accept
milter_protocol = 6
-smtpd_milters = unix:/var/run/milteropendkim/opendkim.sock
-non_smtpd_milters = unix:/var/run/milteropendkim/opendkim.sock
+smtpd_milters = unix:/var/run/opendkim/opendkim.sock
+non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock

File Metadata

Mime Type
text/x-diff
Expires
Mon, Nov 25, 00:57 (16 h, 51 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2255413
Default Alt Text
(13 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator