Hi!

I see you recently added support for spamd in Debian, and it looks fine. It's exactly what I'm currently trying to use, and rather than grab the download off master, do you have a date for releasing 0.3.3?

Thanks,

Andrew Schwartzmeyer

When changing the listening interface, the service should restart instead of just doing a reload. Otherwise the changes won't take effect without manual intervention or a restart.

Consider separating config lines that require a restart into a separate file, then when Puppet sees changes to that file it should notify the service to restart.

Hi,

the smtp_tls_security_level is a seperate config parameter and has not a requirement of sasl

correct parts of the main.cf.erb

<% if @smtp_sasl_auth -%>

Client auth against SMTP gateway

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = <%= @smtp_sasl_password_maps %>
smtp_sasl_security_options = <%= @smtp_sasl_security_options %>
<% if @smtp_sasl_tls -%>
smtp_use_tls = yes
<% end -%>
<% end -%>

<% if @smtp_tls_CAfile -%>
smtp_tls_CAfile = <%= @smtp_tls_CAfile %>
<% end -%>
<% if @smtp_tls_CApath -%>
smtp_tls_CApath = <%= @smtp_tls_CApath %>
<% end -%>
<% if @smtp_tls_security_level -%>
smtp_tls_security_level = <%= @smtp_tls_security_level %>
<% end -%>

Hi,

I'd love to see a new release to fix the postfix::file dependency ordering, if nothing else. Can I ask you to upload?

Cheers,

Since postfix 2.6 it is possible to use master_service_disable to disable services.

The version on the forge is 0.3.3, and the Modulefile on github says 0.3.3, but the code is NOT the same. there was an issue with comparing operatingsystemversion with 6 instead of '6' that is fixed on github, but that code isn't what gets pulled in from the forge. Is there a way to fix this? currently, i've repointed my r10k Puppetfile to github directly, but i'd prefer to pull from the forge.

Hello,

I would like to use your code in production but I see that my lint found some validation issues. There are some ERORS and WARNINGS: Please take a look on the list:

modules/postfix/manifests/server.pp - ERROR: single quoted string containing a variable found on line 50
modules/postfix/manifests/server.pp - ERROR: single quoted string containing a variable found on line 114
modules/postfix/manifests/server.pp - WARNING: ensure found on line but it's not the first attribute on line 181
modules/postfix/manifests/server.pp - WARNING: ensure found on line but it's not the first attribute on line 205
modules/postfix/manifests/server.pp - WARNING: ensure found on line but it's not the first attribute on line 228

Those WARNINGS are minor problem but I have problem with those two ERROR. They are related to some variables which are in the single-quote:

  $dovecot_destination = '${recipient}',

and

  $postscreen_greet_wait       = '${stress?2}${stress:6}s',

Will it be a problem for you to fix it (write in some other way)?

Thank you!

Currently postfix::server sets the postfix package to 'installed', I need to be able to set it to latest

Hi there,

Would you please consider making an updated release on Puppet Forge?

0.3.3 does not work on CentOS 7 and I suspect this is problematic for many people.

Thanks,
Jonathan

The aliases file needs to be rebuilt upon refresh using either newaliases, or postalias, and not postmap. I'd submit a pull, but there's a few ways to tackle it, and I don't know which would suit your project.

It seems to me that there is a bug in the current release as it suddenly always configures postgrey in the smtpd_recipient_restrictions. After having a look at the template for the main.cf there is only a condition which type of postgrey has to be configured and not a surounding condition if it should be configured at all:

<% if @postgrey_policy_service -%>
  check_policy_service <%= @postgrey_policy_service %>,
<% else -%>
  check_policy_service unix:postgrey/socket,
<% end -%>

should probably be:

<% if @postgrey -%>
<% if @postgrey_policy_service -%>
  check_policy_service <%= @postgrey_policy_service %>,
<% else -%>
  check_policy_service unix:postgrey/socket,
<% end -%>
<% end -%>

The server class should support smtpd_milters and other related configs

==> default: Error: comparison of String with 6 failed at /tmp/vagrant-puppet-3/modules-1/postfix/manifests/server.pp:150 on node ...

Either #39 or #63 fix this by using the operatingsystemmajrelease fact instead of operatingsystemrelease (versioncmp chokes on '7.0.1406' in Centos 7.0).

The daemon_directory path has changed with v3, and the module should account for that.

I used the following work-around for Ubuntu Xenial:

    if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease,'16.04') >=0 {
      class { '::postfix::server':
        relayhost        => $smarthost,
        daemon_directory => '/usr/lib/postfix/sbin',
      }
    } else {
      class { '::postfix::server':
        relayhost => $smarthost,
      }
    }

Thanks,

i.

Hi, your params.pp seems to hint at Debian support, yet the README does not?

Hi!

This module is popular, and he worked well, but now it has some bugs (caused by its lack of maintenance, see the number of PRs waiting), Do you think, it would be possible to migrate this module to Voxpupuli ?

Thanks in advance!

The configuration parameters smtp_bind_address, smtp_bind_address6 and smtp_helo_name can actually only be set using extra_main_parameters. So support for these should be added using the following default values:

smtp_bind_address =
smtp_bind_address6 =
smtp_helo_name = $myhostname

When setting the strict_variables = true for puppet 4, it results in errors when it comes across an unknown variable, as follows:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Unknown variable: '::postfix::params::postmap'. at /etc/puppetlabs/code/environments/production/modules/postfix/manifests/dbfile.pp:32:17

It's nice to be able to set this, but it gets set in the config after the daemon starts and does not schedule a restart. i.e. I end up with the correct setting in the main.cf, but it's still binding to ALL interfaces until I manually reboot it.

Shall I submit a patch or can you fix it?

Thanks!

I need to setup two servers, core postfix is relay with gmail, another one is relay with this core postfix server, problem appear to be duplicate declaration:

2014-11-19T12:30:40.044325+08:00 monitoring puppet-agent[12394]: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Class[Postfix::Server] is already declared in file /etc/puppet/manifests/nodes/ne0.domain.com.pp:17; cannot redeclare at /etc/puppet/manifests/nodes/monitoring.domain.com.pp:98 on node monitoring.domain.com

ne0:
class { '::postfix::server':
myhostname => $fqdn,
mydomain => 'domain.com',
relayhost => 'monitoring.domain.com:25',
}

monitoring:
class { '::postfix::server':
relayhost => '[smtp.gmail.com]:587',
smtpd_tls_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
smtpd_tls_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
myhostname => $fqdn,
mydomain => 'domain.com',
}

PROBLEM

If ${postfixdir}/${title}.db is deleted after it has been created, it will never be created again, unless ${postfixdir}/${title} is refreshed.

There's also another scenario where a .db won't ever be created. For example:

1. puppet creates /etc/postfix/sasl_passwd and schedules exec /usr/sbin/postmap /etc/postfix/sasl_passwd
2. lots of other puppet code run
3. puppet finally runs exec /usr/sbin/postmap /etc/postfix/sasl_passwd and creates sasl_passwd.db

If puppet fails on step 2 above, then the .db file will never be created.

Exemple of problem:

# cat test.pp
node default {

  file { "/tmp/file1":
    ensure  => present,
    content => "test\n",
  }

  exec { "/tmp/file2":
    command     => "/bin/cat /tmp/file1 > /tmp/file2",
    subscribe   => File["/tmp/file1"],
    refreshonly => true,
  }

}

# puppet apply test.pp
Notice: Compiled catalog for myserver in environment production in 0.61 seconds
Notice: /Stage[main]/Main/Node[default]/File[/tmp/file1]/ensure: created
Notice: /Stage[main]/Main/Node[default]/Exec[/tmp/file2]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.33 seconds

# rm -f file2

# puppet apply test.pp
Notice: Compiled catalog for myserver in environment production in 0.49 seconds
Notice: Finished catalog run in 0.27 seconds

SOLUTION

Remove refreshonly => true, and add creates => "${postfixdir}/${title}.db",

TEST SCRIPT

# cat test.pp
node default {

  file { "/tmp/file1":
    ensure  => present,
    content => "test\n",
  }

  exec { "/tmp/file2":
    command     => "/bin/cat /tmp/file1 > /tmp/file2",
    subscribe   => File["/tmp/file1"],
    creates     => "/tmp/file2",
  }

}

TEST 1

scenario: Initial puppet run. None of the files exist
Expected result: Both files are created

# puppet apply test.pp
Notice: Compiled catalog for myserver in environment production in 0.53 seconds
Notice: /Stage[main]/Main/Node[default]/File[/tmp/file1]/ensure: created
Notice: /Stage[main]/Main/Node[default]/Exec[/tmp/file2]/returns: executed successfully
Notice: /Stage[main]/Main/Node[default]/Exec[/tmp/file2]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.33 seconds


# ls -l
total 12
-rw-r--r--. 1 root     root       5 Apr  4 13:18 file1
-rw-r--r--. 1 root     root       5 Apr  4 13:18 file2
-rw-r--r--. 1 lburiola lburiola 250 Apr  4 13:17 test.pp

# cat file1 file2
test
test

TEST 2

scenario: Second puppet run. Both files already exist
Expected result: Nothing happens

# puppet apply test.pp
Notice: Compiled catalog for myserver in environment production in 0.52 seconds
Notice: Finished catalog run in 0.28 seconds

TEST 3

scenario: file1 needs to be modified. file2 already on disk
expected result: file1 is modified. file2 is recreated

# echo foo > file1


# puppet apply test.pp
Notice: Compiled catalog for myserver in environment production in 0.52 seconds
Notice: /Stage[main]/Main/Node[default]/File[/tmp/file1]/content: content changed '{md5}d3b07384d113edec49eaa6238ad5ff00' to '{md5}d8e8fca2dc0f896fd7cb4cb0031ba249'
Notice: /Stage[main]/Main/Node[default]/Exec[/tmp/file2]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.29 seconds

TEST 4

scenario: file1 exists. file2 doesn't exist.
expected result: file2 is created

# rm -f file2


# puppet apply test.pp
Notice: Compiled catalog for myserver in environment production in 0.55 seconds
Notice: /Stage[main]/Main/Node[default]/Exec[/tmp/file2]/returns: executed successfully
Notice: Finished catalog run in 0.30 seconds

Hello,

It seems there's a little dependency issue somewhere, at my first run I get these three errors in my foreman logs:

Could not set 'file' on ensure: No such file or directory @ dir_s_rmdir - /etc/postfix/header_checks20160105-7144-1n4vwk8.lock at 44:/etc/puppet/environments/production/modules/postfix/manifests/file.pp

Could not set 'file' on ensure: No such file or directory @ dir_s_rmdir - /etc/postfix/header_checks20160105-7144-1n4vwk8.lock at 44:/etc/puppet/environments/production/modules/postfix/manifests/file.pp Wrapped exception: No such file or directory @ dir_s_rmdir - /etc/postfix/header_checks20160105-7144-1n4vwk8.lock

change from absent to file failed: Could not set 'file' on ensure: No such file or directory @ dir_s_rmdir - /etc/postfix/header_checks20160105-7144-1n4vwk8.lock at 44:/etc/puppet/environments/production/modules/postfix/manifests/file.pp

it seems that your module is trying to make some files changes before installing the postfix package (in charge of creating /etc/postfix).

Thanks in advance,

Best regards, Adam.

If so, could you mention that no further work is planned? And perhaps you have a recommendation for a module to use instead? RHEL7 is hardly 'new', and the last commit starts commentary for it but then no follow up.

if you're using centos minimum, you need these two additional packages to get sasl_auth working

cyrus-sasl-plain
cyrus-sasl-gssapi

Any chance for this module to support Ubuntu 16.04?

In dbfile.pp the line "notify => Service["postfix"]," is not necessary; in fact it may be undesirable.

Quote from http://www.postfix.org/DATABASE_README.html:

It would be nice if you can change a database without having to execute "postfix reload", in order to force Postfix to use the new information. Each time you do "postfix reload" Postfix loses a lot of performance.

[ ....]

If you change a local file based database such as DBM or Berkeley DB, there is no need to execute "postfix reload". Postfix uses file locking to avoid read/write access conflicts, and whenever a Postfix daemon process notices that a file has changed it will terminate before handling the next client request, so that a new process can initialize with the new database.

Is there a specific module that is expected to be installed for 'clamav => true' to work?

I can't find a module in the forge that has a clamav::smtp class...

Cheers,
Tim

Installing the module, and creating a basic .pp manifest with the example classes copied in and just the bare minimum changed (basically just hostname and domains) results in this error:

Error: Could not find class clamav::smtp for mail.myserver.net on node mail.myservernet

Tested on CentOS 6.4 and Ubuntu 12.10 (although the installation failed later down the line for an unrelated reason, so I guess Ubuntu isn't supported since this is built for RHEL and I wouldn't worry about it)

When installing from scratch (apt-get purge postfix) puppet apply fails because /etc/postfix is missing because package is not installed yet.

I added "require => Package['postfix']," to the two file resources in server.pp and then all installed with no problems.

Trying to use the module as part of a larger class which configures postfix to send outbound email. My wrapper class looks like this:

class client_postfix {
  class { '::postfix::server' :
    myorigin => 'client.net' ,
  }
}

When I try to use this module, the agent reports the following error:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Undefined variable "smtp_content_filter" at /etc/puppet/modules/postfix/manifests/server.pp:79 on node sandbox.client.net

Looking at the module itself...

     77   # master.cf
     78   $smtp_content_filter = [],
     79   $smtps_content_filter = $smtp_content_filter,
     80   $submission = false,

I've never seen a puppet module use one parameter as the default value for another parameter like this. Is this something which Puppet previously supported, but was removed? (I'm using Puppet 3.6.2 from the Puppetlabs RPMs, on CentOS 6.)

While trying to install on a new system from scratch I noticed that Postfix::File[header_checks] and Postfix::File[body_checks] attempt to be created before the postfix package is installed or the $postfixdir exists. For that matter there doesn't appear to be any check to ensure that the postfix directory exists and postfix::server does not expose as a parameter like postfix::file does but the call to postfix::file from within postfix::server doesn't pass the postfixdir so it uses the default.

These config files need to require Package[postfix]. Otherwise, there is a chance that Puppet could try to create them before the parent directory exists.

• /etc/postfix/master.cf
• /etc/postfix/main.cf

Good morning!

I love the module, and it has worked very well for me with a couple slight modification for my environment. I wanted to contribute to the project by letting you know what I tweaked, and seeing if this falls in line with what you've done. Hopefully you would like to add these changes to a future release, as it could help others who have a similar need.

1. I had to add data content support for both a canonical database and generic database in the server.pp file. While you do have support for the main.cf parameters, there is currently no way to populate the files themselves through an automated fashion, which is what I was after.
   -->
   $canonical_data = [],
   $generic_data = [],
   .....
   And hashed the default files at the end of server.pp.
   -->
   postfix::dbfile { 'canonical':
   content => template('postfix/canonical.erb'),
   }
   postfix::dbfile { 'generic':
   content => template('postfix/generic.erb'),
   }
2. These templates are very simple. They started with the default "help text" version that comes with postfix. At the bottom, I simple set them up to append anything in hash form from the data variable.
   -->
   <% @generic_data.each do |line| -%>
   <%= line %>
   <% end -%>

-->
<% @canonical_data.sort.each do |line| -%>
<%= line %>
<% end -%>

So as you can see, it should fall in line with what is already created. This just allows central configuration of the map data, as opposed to manually creating them on each server. In my environment this is required as none of my servers are routeable through to our corporate mail, and DNS is not resolvable. We use maps to mask our sender to a proper address before it hits a relay.

I hope this helps others out!
Thank you for creating this.