Update postfixs main.cf from Debian Buster default, fixes #20

metadata.rb

@@ -16,4 +16,4 @@ supports         'debian'
 depends          'line', '< 1.0'
 depends          'chef-vault'
 
-version          '1.61.4'
+version          '1.61.5'

templates/debian-7/etc_postfix_main.cf.erb

+<%= template_header %>
+
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+#smtpd_use_tls=yes
+#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = <%= node['fqdn'] %>
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+virtual_alias_maps = hash:/etc/postfix/virtual
+myorigin = /etc/mailname
+mydestination = <%= node['fqdn'] %>, localhost.<%= node['domain'] %>, localhost <%= @mydestination ? ", #{@mydestination}" : '' %>
+<%# TODO: no MX lookups as long as brackets are hard-coded here -%>
+relayhost = [<%= @relay %>]
+<%= "relay_domains = #{@relay_domains.join(', ')}" if @relay_domains %>
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 <%= @mynetworks %>
+mailbox_size_limit = 0
+<%= "message_size_limit = #{@message_size_limit}" if @message_size_limit %>
+recipient_delimiter = +
+<%= @default_privs ? "default_privs = #{@default_privs}\n" : '' -%>
+<%- if @export_environment -%>
+export_environment = <%= @export_environment.join(' ') %>
+<%- end -%>
+
+# listen for remote connections?
+inet_interfaces = <%= @inet_interfaces || @mynetworks?'all':'loopback-only' %>
+<%- if @ipv4_only -%>
+inet_protocols = ipv4
+<%- end -%>
+
+# Seems to be missing since the start of time but is crucial to make e.g. "date | mail -s blabla7 troth" work
+recipient_canonical_maps = hash:/etc/postfix/canonical

templates/debian-8/etc_postfix_main.cf.erb

+<%= template_header %>
+
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+#smtpd_use_tls=yes
+#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = <%= node['fqdn'] %>
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+virtual_alias_maps = hash:/etc/postfix/virtual
+myorigin = /etc/mailname
+mydestination = <%= node['fqdn'] %>, localhost.<%= node['domain'] %>, localhost <%= @mydestination ? ", #{@mydestination}" : '' %>
+<%# TODO: no MX lookups as long as brackets are hard-coded here -%>
+relayhost = [<%= @relay %>]
+<%= "relay_domains = #{@relay_domains.join(', ')}" if @relay_domains %>
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 <%= @mynetworks %>
+mailbox_size_limit = 0
+<%= "message_size_limit = #{@message_size_limit}" if @message_size_limit %>
+recipient_delimiter = +
+<%= @default_privs ? "default_privs = #{@default_privs}\n" : '' -%>
+<%- if @export_environment -%>
+export_environment = <%= @export_environment.join(' ') %>
+<%- end -%>
+
+# listen for remote connections?
+inet_interfaces = <%= @inet_interfaces || @mynetworks?'all':'loopback-only' %>
+<%- if @ipv4_only -%>
+inet_protocols = ipv4
+<%- end -%>
+
+# Seems to be missing since the start of time but is crucial to make e.g. "date | mail -s blabla7 troth" work
+recipient_canonical_maps = hash:/etc/postfix/canonical

templates/debian-9/etc_postfix_main.cf.erb

+<%= template_header %>
+
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+#smtpd_use_tls=yes
+#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = <%= node['fqdn'] %>
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+virtual_alias_maps = hash:/etc/postfix/virtual
+myorigin = /etc/mailname
+mydestination = <%= node['fqdn'] %>, localhost.<%= node['domain'] %>, localhost <%= @mydestination ? ", #{@mydestination}" : '' %>
+<%# TODO: no MX lookups as long as brackets are hard-coded here -%>
+relayhost = [<%= @relay %>]
+<%= "relay_domains = #{@relay_domains.join(', ')}" if @relay_domains %>
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 <%= @mynetworks %>
+mailbox_size_limit = 0
+<%= "message_size_limit = #{@message_size_limit}" if @message_size_limit %>
+recipient_delimiter = +
+<%= @default_privs ? "default_privs = #{@default_privs}\n" : '' -%>
+<%- if @export_environment -%>
+export_environment = <%= @export_environment.join(' ') %>
+<%- end -%>
+
+# listen for remote connections?
+inet_interfaces = <%= @inet_interfaces || @mynetworks?'all':'loopback-only' %>
+<%- if @ipv4_only -%>
+inet_protocols = ipv4
+<%- end -%>
+
+# Seems to be missing since the start of time but is crucial to make e.g. "date | mail -s blabla7 troth" work
+recipient_canonical_maps = hash:/etc/postfix/canonical

templates/default/etc_postfix_main.cf.erb

@@ -18,6 +18,10 @@ append_dot_mydomain = no
 
 readme_directory = no
 
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
+# fresh installs.
+compatibility_level = 2
+
 # TLS parameters
 #smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 #smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
@@ -28,6 +32,7 @@ readme_directory = no
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
 # information on enabling SSL in the smtp client.
 
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
 myhostname = <%= node['fqdn'] %>
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
@@ -52,5 +57,5 @@ inet_interfaces = <%= @inet_interfaces || @mynetworks?'all':'loopback-only' %>
 inet_protocols = ipv4
 <%- end -%>
 
-# Seems to be missing since the start of time but is crucial to make e.g. "date | mail -s blabla7 troth" work
+<%# crucial to make e.g. "date | mail -s blabla7 userid" work: -%>
 recipient_canonical_maps = hash:/etc/postfix/canonical