From bcdc5754fce030fd9a7b213d46ffd27b502f398a Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 1 Feb 2015 14:48:13 -0400 Subject: propellor spin --- src/Propellor/Property/Postfix.hs | 32 ++++++++++++++++++++++-- src/Propellor/Property/SiteSpecific/JoeySites.hs | 4 ++- 2 files changed, 33 insertions(+), 3 deletions(-) (limited to 'src/Propellor/Property') diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs index fbb1ea51..f37e179e 100644 --- a/src/Propellor/Property/Postfix.hs +++ b/src/Propellor/Property/Postfix.hs @@ -4,8 +4,9 @@ module Propellor.Property.Postfix where import Propellor import qualified Propellor.Property.Apt as Apt -import Propellor.Property.File +import qualified Propellor.Property.File as File import qualified Propellor.Property.Service as Service +import qualified Propellor.Property.User as User import qualified Data.Map as M import Data.List @@ -103,7 +104,7 @@ mainCfIsSet name = do -- Note that multiline configurations that continue onto the next line -- are not currently supported. dedupMainCf :: Property NoInfo -dedupMainCf = fileProperty "postfix main.cf dedupped" dedupCf mainCfFile +dedupMainCf = File.fileProperty "postfix main.cf dedupped" dedupCf mainCfFile dedupCf :: [String] -> [String] dedupCf ls = @@ -125,3 +126,30 @@ dedupCf ls = dedup c kc ((Right (k, v)):rest) = case M.lookup k kc of Just n | n > 1 -> dedup c (M.insert k (n - 1) kc) rest _ -> dedup (fmt k v:c) kc rest + +-- | Installs saslauthd and configures it for postfix. +-- +-- Does not configure postfix to use it; eg smtpd_sasl_auth_enable = yes +-- needs to be set to enable use. See +-- https://wiki.debian.org/PostfixAndSASL +saslAuthdInstalled :: Property NoInfo +saslAuthdInstalled = setupdaemon + `requires` Service.running "saslauthd" + `requires` postfixgroup + `requires` dirperm + `requires` Apt.installed ["sasl2-bin"] + `requires` smtpdconf + where + setupdaemon = "/etc/default/saslauthd" `File.containsLines` + [ "START=yes" + , "OPTIONS=\"-c -m /var/spool/postfix/var/run/saslauthd\"" + ] + `onChange` Service.restarted "saslauthd" + smtpdconf = "/etc/postfix/sasl/smtpd.conf" `File.containsLines` + [ "pwcheck_method: saslauthd" + , "mech_list: PLAIN LOGIN" + ] + dirperm = cmdProperty "dpkg-statoverride" + [ "--add", "root", "sasl", "710", "/var/spool/postfix/var/run/saslauthd"] + postfixgroup = "postfix" `User.hasGroup` "sasl" + `onChange` restarted diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 7b6a61e4..0d4687e7 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -450,6 +450,8 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props & dkimInstalled + & Postfix.saslAuthdInstalled + & Apt.installed ["maildrop"] & "/etc/maildroprc" `File.hasContent` [ "# Global maildrop filter file (deployed with propellor)" @@ -514,7 +516,7 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props , "# Filter out client relay lines from headers." , "header_checks = pcre:$config_directory/obscure_client_relay.pcre" - , "# Password auth for relaying" + , "# Password auth for relaying (used by errol)" , "smtpd_sasl_auth_enable = yes" , "smtpd_sasl_type = dovecot" , "smtpd_sasl_path = private/auth" -- cgit v1.2.3