Add Postfix client_access and helo_access

While at it, introduce for loops

diff --git a/test-vagrant-salt/salt/testvm/postfix/client_access b/test-vagrant-salt/salt/testvm/postfix/client_access
new file mode 100644 (file)
index 0000000..a3471c5
--- /dev/null
+++ b/test-vagrant-salt/salt/testvm/postfix/client_access
@@ -0,0 +1,5 @@
+# Accept messages from other MX to the non-filtered smtpd
+{% for mx_name, mx_addr in pillar['postfix']['all_mx'].iteritems() %}
+# {{ mx_name }}
+{{ mx_addr }} FILTER smtp:[127.0.0.1]:10026
+{% endfor %}

diff --git a/test-vagrant-salt/salt/testvm/postfix/helo_access b/test-vagrant-salt/salt/testvm/postfix/helo_access
new file mode 100644 (file)
index 0000000..6a88d7e
--- /dev/null
+++ b/test-vagrant-salt/salt/testvm/postfix/helo_access
@@ -0,0 +1,5 @@
+# Reject messages from other MX (they go to the non-filtered smtpd)
+{% for mx_name, mx_addr in pillar['postfix']['all_mx'].iteritems() %}
+# {{ mx_name }}
+{{ mx_addr }} REJECT
+{% endfor %}

diff --git a/test-vagrant-salt/salt/testvm/postfix/init.sls b/test-vagrant-salt/salt/testvm/postfix/init.sls
index f2211ce..ed00c75 100644 (file)
--- a/test-vagrant-salt/salt/testvm/postfix/init.sls
+++ b/test-vagrant-salt/salt/testvm/postfix/init.sls
@@ -31,10 +31,6 @@ postfix-daemon:
   file.managed:
     - source: salt://testvm/postfix/aliases
     - template: jinja
-    - file_mode: 640
-    - dir_mode: 755
-    - user: root
-    - group: root
     - watch_in:
       - service: postfix-daemon
   cmd.run:
@@ -43,6 +39,21 @@ postfix-daemon:
       - pkg: postfix-pkg
       - file: /etc/postfix/aliases
 
+# Compile files with postmap
+{% for file in 'client_access', 'helo_access' %}
+/etc/postfix/{{ file }}:
+  file.managed:
+    - source: salt://testvm/postfix/{{ file }}
+    - template: jinja
+    - watch_in:
+      - service: postfix-daemon
+  cmd.run:
+    - name: postmap /etc/postfix/{{ file }}
+    - require:
+      - pkg: postfix-pkg
+      - file: /etc/postfix/{{ file }}
+{% endfor %}
+
 /etc/postfix/main.cf:
   file.managed:
     - source: salt://testvm/postfix/main.cf
@@ -57,28 +68,12 @@ postfix-daemon:
     - watch_in:
       - service: postfix-daemon
 
-/var/spool/postfix-nosrs:
-  file.directory:
-    - user: postfix
-    - group: root
-    - mode: 700
-    - makedirs: True
-
-/var/spool/postfix-nosrs/active:
-  file.directory:
-    - user: postfix
-    - group: root
-    - mode: 700
-
-/var/spool/postfix-nosrs/deferred:
-  file.directory:
-    - user: postfix
-    - group: root
-    - mode: 700
-
-/var/spool/postfix-nosrs/incoming:
+# Populate /var/spool
+{% for name in 'active', 'deferred', 'incoming' %}
+/var/spool/postfix-nosrs/{{ name }}:
   file.directory:
     - user: postfix
     - group: root
     - mode: 700
     - makedirs: True
+{% endfor %}

diff --git a/test-vagrant-salt/saltpillar/postfix.sls b/test-vagrant-salt/saltpillar/postfix.sls
index 16f19cd..c428975 100644 (file)
--- a/test-vagrant-salt/saltpillar/postfix.sls
+++ b/test-vagrant-salt/saltpillar/postfix.sls
@@ -11,6 +11,13 @@ postfix:
     bogo.polytechnique.org
     localhost.polytechnique.org
   mx_name: mx1.polytechnique.org
+
+  # All MX servers which can communicate between themselves without filtering
+  all_mx:
+    mx1: 192.168.33.10
+    mx2: 192.168.33.20
+    mx3: 192.168.33.30
+
   # Disable for now
   has_imap: False
   has_mailman: False