From 8a5a9c5c069ed597ee2d04cea0d7a6c532891668 Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss_git@polytechnique.org>
Date: Mon, 12 Sep 2016 23:51:22 +0200
Subject: [PATCH] Add more Postfix configuration files

---
 test-vagrant-salt/salt/testvm/postfix/aliases                  | 7 -------
 test-vagrant-salt/salt/testvm/postfix/helo_access.regexp       | 1 +
 test-vagrant-salt/salt/testvm/postfix/init.sls                 | 8 +++++---
 test-vagrant-salt/salt/testvm/postfix/mailman-reecriture.regex | 1 +
 test-vagrant-salt/salt/testvm/postfix/mailman-transport.regex  | 4 ++++
 test-vagrant-salt/salt/testvm/postfix/mailman.regex            | 1 +
 test-vagrant-salt/salt/testvm/postfix/recipient_access         | 6 ++++++
 test-vagrant-salt/salt/testvm/postfix/renamed_lists            | 2 ++
 test-vagrant-salt/salt/testvm/postfix/tls_policy               | 4 ++++
 test-vagrant-salt/salt/testvm/postfix/transport                | 6 ++++++
 test-vagrant-salt/salt/testvm/postfix/transport-testvm         | 0
 11 files changed, 30 insertions(+), 10 deletions(-)
 create mode 100644 test-vagrant-salt/salt/testvm/postfix/helo_access.regexp
 create mode 100644 test-vagrant-salt/salt/testvm/postfix/mailman-reecriture.regex
 create mode 100644 test-vagrant-salt/salt/testvm/postfix/mailman-transport.regex
 create mode 100644 test-vagrant-salt/salt/testvm/postfix/mailman.regex
 create mode 100644 test-vagrant-salt/salt/testvm/postfix/recipient_access
 create mode 100644 test-vagrant-salt/salt/testvm/postfix/renamed_lists
 create mode 100644 test-vagrant-salt/salt/testvm/postfix/tls_policy
 create mode 100644 test-vagrant-salt/salt/testvm/postfix/transport
 create mode 100644 test-vagrant-salt/salt/testvm/postfix/transport-testvm

diff --git a/test-vagrant-salt/salt/testvm/postfix/aliases b/test-vagrant-salt/salt/testvm/postfix/aliases
index 23b4e5e..0f98505 100644
--- a/test-vagrant-salt/salt/testvm/postfix/aliases
+++ b/test-vagrant-salt/salt/testvm/postfix/aliases
@@ -59,13 +59,6 @@ web:            www-data
 webmestre:      web
 webmaster:      web
 
-# newsletter :
-
 # Newsletter
 info+newsletter:    otrs.platal+newsletter
 info+nlp:           otrs.platal+newsletter
-
-# bounces of the NL
-retour-nl:          /var/mail/retour-nl
-#info+newsletter:   retour-nl@mx1.polytechnique.org
-#info+nlp:          retour-nl@mx1.polytechnique.org
diff --git a/test-vagrant-salt/salt/testvm/postfix/helo_access.regexp b/test-vagrant-salt/salt/testvm/postfix/helo_access.regexp
new file mode 100644
index 0000000..2303d33
--- /dev/null
+++ b/test-vagrant-salt/salt/testvm/postfix/helo_access.regexp
@@ -0,0 +1 @@
+/^\[[[:digit:]\.]*\]$/          WARN Literal IP in HELO hostnames not allowed here, please check your configuration
diff --git a/test-vagrant-salt/salt/testvm/postfix/init.sls b/test-vagrant-salt/salt/testvm/postfix/init.sls
index 209a1e4..6aa618a 100644
--- a/test-vagrant-salt/salt/testvm/postfix/init.sls
+++ b/test-vagrant-salt/salt/testvm/postfix/init.sls
@@ -8,7 +8,9 @@ no-other-mta:
 
 postfix-pkg:
   pkg.installed:
-    - name: postfix
+    - pkgs:
+      - postfix
+      - postfix-mysql
     - require:
       - pkg: no-other-mta
 
@@ -28,7 +30,7 @@ postfix-daemon:
       - pkg: postfix-pkg
 
 # Simple file copy, with jinja templates
-{% for file in 'main.cf', 'master.cf', 'conversion_underscore.regex' %}
+{% for file in 'main.cf', 'master.cf', 'conversion_underscore.regex', 'helo_access.regexp' %}
 /etc/postfix/{{ file }}:
   file.managed:
     - source: salt://testvm/postfix/{{ file }}
@@ -52,7 +54,7 @@ postfix-daemon:
       - file: /etc/postfix/aliases
 
 # Compile files with postmap
-{% for file in 'client_access', 'helo_access' %}
+{% for file in 'client_access', 'helo_access', 'recipient_access', 'renamed_lists', 'tls_policy', 'transport', 'transport-testvm' %}
 /etc/postfix/{{ file }}:
   file.managed:
     - source: salt://testvm/postfix/{{ file }}
diff --git a/test-vagrant-salt/salt/testvm/postfix/mailman-reecriture.regex b/test-vagrant-salt/salt/testvm/postfix/mailman-reecriture.regex
new file mode 100644
index 0000000..5a4b5e5
--- /dev/null
+++ b/test-vagrant-salt/salt/testvm/postfix/mailman-reecriture.regex
@@ -0,0 +1 @@
+/^(.*)_([^+]*)@listes.polytechnique.org$/  ${2}@${1}
diff --git a/test-vagrant-salt/salt/testvm/postfix/mailman-transport.regex b/test-vagrant-salt/salt/testvm/postfix/mailman-transport.regex
new file mode 100644
index 0000000..e332cf6
--- /dev/null
+++ b/test-vagrant-salt/salt/testvm/postfix/mailman-transport.regex
@@ -0,0 +1,4 @@
+/^.*\+post@listes.polytechnique.org$/        pipemm:
+/^.*\+admin@listes.polytechnique.org$/       pipemm:
+/^.*\+owner@listes.polytechnique.org$/       pipemm:
+/^.*\+bounces@listes.polytechnique.org$/     pipemm:
diff --git a/test-vagrant-salt/salt/testvm/postfix/mailman.regex b/test-vagrant-salt/salt/testvm/postfix/mailman.regex
new file mode 100644
index 0000000..37fc20d
--- /dev/null
+++ b/test-vagrant-salt/salt/testvm/postfix/mailman.regex
@@ -0,0 +1 @@
+/^(postmaster|root|abuse)@listes\.polytechnique\.org$/          $1@polytechnique.org
diff --git a/test-vagrant-salt/salt/testvm/postfix/recipient_access b/test-vagrant-salt/salt/testvm/postfix/recipient_access
new file mode 100644
index 0000000..440a66b
--- /dev/null
+++ b/test-vagrant-salt/salt/testvm/postfix/recipient_access
@@ -0,0 +1,6 @@
+postmaster@testvm.example.com           OK
+support@testvm.example.com              OK
+abuse@testvm.example.com                OK
+
+imap.polytechnique.org                 REJECT forbidden from outside
+hruid.polytechnique.org                REJECT forbidden from outside
diff --git a/test-vagrant-salt/salt/testvm/postfix/renamed_lists b/test-vagrant-salt/salt/testvm/postfix/renamed_lists
new file mode 100644
index 0000000..672dbd8
--- /dev/null
+++ b/test-vagrant-salt/salt/testvm/postfix/renamed_lists
@@ -0,0 +1,2 @@
+tech-email	infra@staff.example.com
+bureau		bureau@staff.example.com
diff --git a/test-vagrant-salt/salt/testvm/postfix/tls_policy b/test-vagrant-salt/salt/testvm/postfix/tls_policy
new file mode 100644
index 0000000..bcc5766
--- /dev/null
+++ b/test-vagrant-salt/salt/testvm/postfix/tls_policy
@@ -0,0 +1,4 @@
+# This file defines for which destinations or [hostname] we use TLS (or not)
+{% for mx_name in pillar['postfix']['all_mx'].keys() %}
+[{{ mx_name }}.polytechnique.org]        secure
+{% endfor %}
diff --git a/test-vagrant-salt/salt/testvm/postfix/transport b/test-vagrant-salt/salt/testvm/postfix/transport
new file mode 100644
index 0000000..738fff9
--- /dev/null
+++ b/test-vagrant-salt/salt/testvm/postfix/transport
@@ -0,0 +1,6 @@
+# Uncomment this to always defer this transport, until "mailq -q" or "sendmail -q" (see qmgr(8) and defer_transports)
+# After the queue has been flushed, deferred:[xxxx[:NN]] acts like smtp:[xxxx[:NN]]
+# imap.polytechnique.org          deferred:[imap.polytechnique.org]
+
+g.polytechnique.org                    localsmtp:[127.0.0.1]:20000
+bounces.m4x.org                        discard:"Bad or no SRS mail to @bounces.m4x.org"
diff --git a/test-vagrant-salt/salt/testvm/postfix/transport-testvm b/test-vagrant-salt/salt/testvm/postfix/transport-testvm
new file mode 100644
index 0000000..e69de29
-- 
2.1.4