I keep getting this error when connecting to postfix from nodemailer:
Error: Error upgrading connection with STARTTLS: 454 4.7.0 TLS not available due to local problem

However, there is no problem connecting and sending email with email client. Also diagnostic tools show no tls errors - all seems fine. The only thing I notice is that diagnostics report tls v 1.2 while the error mentiones 4.7.0 TLS. Is this a version number?

I would appreciate someone to help me with this issue.

after updating the templates, postfix is not restarted causing it not to pick up the new changes.

default['postfix']['main']['mydestination'] = [node['postfix']['main']['myhostname'], node['hostname'], 'localhost.localdomain', 'localhost'].compact

This makes delivery fails to node['postfix']['main']['myhostname'] and node['hostname'] if the receiver server is at another host.

This also makes override complicated as it can't be done on roles, just directly on node attributes.

I can make a pull request if you agree.

When using Berkshelf 0.3.0, and Berkshelf 0.2.0 on CentOS 6, the resulting metadata.json is broken. Uploads that rely purely on 'metadata.rb' seem to work well, and the issue generating metadata.json seems to be the embedded single quote in the phrase "Relayhost's role".

Even if the single quote isn't the issue, embedding quotes inside quoted text is asking for trouble in the future. This one is also not syntactically necessary.

In order to have a clean installation of packages and preventing spreading installation logic in multiple places, it's good idea to add an option regarding additional sasl_packages.

Cookbook Version

5.3.1

Scenario

I want to install cyrus-sasl-md5 as part of postfix installation.

Expected Result

I add cyrus-sasl-md5 to default['postfix']['sasl_packages'] and it gets installed.

Actual Result

There is no way to add additional packages through the cookbook.

It would be nice if the cookbook supported custom resources (chef >=12.5). Any plans to refactor to custom resources?

By default, the recipe doesn't work unless you override attributes to enable smtp_sasl_auth_enable => 'yes'

Recipe Compile Error in /tmp/chef/cookbooks/postfix/recipes/sasl_auth.rb
================================================================================


ArgumentError
-------------
You must supply a name when declaring a template resource


Cookbook Trace:
---------------
  /tmp/chef/cookbooks/postfix/recipes/sasl_auth.rb:51:in `from_file'


Relevant File Content:
----------------------
/tmp/chef/cookbooks/postfix/recipes/sasl_auth.rb:

 44:  
 45:  execute 'postmap-sasl_passwd' do
 46:    command "postmap #{node['postfix']['sasl_password_file']}"
 47:    environment 'PATH' => "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
 48:    action :nothing
 49:  end
 50:  
 51>> template node['postfix']['sasl_password_file'] do
 52:    source 'sasl_passwd.erb'
 53:    owner 'root'
 54:    group 'root'
 55:    mode 0400
 56:    notifies :run, 'execute[postmap-sasl_passwd]', :immediately
 57:    notifies :restart, 'service[postfix]'
 58:    variables(settings: node['postfix']['sasl'])
 59:  end
 60:  

This is likely due to the conditional configuration of sasl_password_file

if node['postfix']['main']['smtp_sasl_auth_enable'] == 'yes'
  default['postfix']['sasl_password_file'] = "#{node['postfix']['conf_dir']}/sasl_passwd"
  default['postfix']['main']['smtp_sasl_password_maps'] = "hash:#{node['postfix']['sasl_password_file']}"
  default['postfix']['main']['smtp_sasl_security_options'] = 'noanonymous'
  default['postfix']['sasl']['smtp_sasl_user_name'] = ''
  default['postfix']['sasl']['smtp_sasl_passwd']    = ''
  default['postfix']['main']['relayhost'] = ''
end

Hi https://github.com/sumbach/postfixer has a bunch of tests for Postfix ensuring that e.g. DNS and SPF work alongside postfix.

Is this something you would consider in the remit of chef-postfix?

Thanks,
Martin.

Chef::Exceptions::FileNotFound
------------------------------
Cookbook 'postfix' (3.3.1) does not contain a file at any of these locations:
  templates/ubuntu-12.04/transport.erb
  templates/ubuntu/transport.erb
  templates/default/transport.erb

There is a typo in the transports recipe making the transports recipe broken. The template should be "transports"

This bug means the transports recipe can't be included as a work around for #69

Pull request #114 has many type of postfix lookup table but hasn't regexp type.
Please add it.

Hi,

I have noticed following fix was not updated in supermarket
3445567

Please update. Thank you

The documentation on the readme describes how to create a role for a relayhost, and defines the override attributes as part of that role. One of those overrides lists "inet-interfaces" => "all". This option in postfix should use an underscore, not a dash.

Directly copy/pasting this role, without fixing the typo, results in:

grep interfaces /etc/postfix/main.cf
inet-interfaces = all
inet_interfaces = loopback-only

In version 3.4.0 the following non-default parameters were inserted in attributes/default.rb:

Non-default main.cf attributes

default['postfix']['main']['use_alias_maps'] = 'no'
default['postfix']['main']['use_transport_maps'] = 'no'
default['postfix']['main']['use_access_maps'] = 'no'
default['postfix']['main']['use_virtual_aliases'] = 'no'

When restarting the postfix-service I will get the following warnings

sudo service postfix restart

• Stopping Postfix Mail Transport Agent postfix
  /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: use_virtual_aliases=no
  /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: use_transport_maps=no
  /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: use_alias_maps=no
  /usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: use_access_maps=no
• Starting Postfix Mail Transport Agent postfix
  postconf: warning: /etc/postfix/main.cf: unused parameter: use_virtual_aliases=no
  postconf: warning: /etc/postfix/main.cf: unused parameter: use_transport_maps=no
  postconf: warning: /etc/postfix/main.cf: unused parameter: use_alias_maps=no
  postconf: warning: /etc/postfix/main.cf: unused parameter: use_access_maps=no
  postconf: warning: /etc/postfix/main.cf: unused parameter: use_virtual_aliases=no
  ...

I don't find any explanation on postfix documentation about these parameters. Why are these parameters inserted?

(Continuing on from #135)

Cookbook version

5.0.2

Chef-client version

13.0.118

Platform Details

Debian 8.4, Scaleway x64

Scenario:

Use relay restrictions

Steps to Reproduce:

1. Set attribute override["postfix"]["use_relay_restrictions_maps"] = true
2. Use recipe postfix::server

Expected Result:

Working converge

Actual Result:

NameError
  ---------
  undefined local variable or method `default' for cookbook: postfix, recipe: _attributes :Chef::Recipe

  Cookbook Trace:
  ---------------
    /website/config/local-mode-cache/cache/cookbooks/postfix/recipes/_attributes.rb:62:in `from_file'
    /website/config/local-mode-cache/cache/cookbooks/postfix/recipes/_common.rb:20:in `from_file'
    /website/config/local-mode-cache/cache/cookbooks/postfix/recipes/default.rb:20:in `from_file'
    /website/config/local-mode-cache/cache/cookbooks/postfix/recipes/server.rb:24:in `from_file'
    /website/config/local-mode-cache/cache/cookbooks/website/recipes/email.rb:1:in `from_file'
    /website/config/local-mode-cache/cache/cookbooks/website/recipes/default.rb:13:in `from_file'

  Relevant File Content:
  ----------------------
  /website/config/local-mode-cache/cache/cookbooks/postfix/recipes/_attributes.rb:

   55:  end
   56:
   57:  if node['postfix']['use_virtual_aliases_domains']
   58:    node.default_unless['postfix']['main']['virtual_alias_domains'] = ["#{node['postfix']['virtual_alias_domains_db_type']}:#{node['postfix']['virtual_alias_domains_db']}"]
   59:  end
   60:
   61:  if node['postfix']['use_relay_restrictions_maps']
   62>>   default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject"
   63:  end
   64:
   65:  if node['postfix']['master']['maildrop']['active']
   66:    node.default_unless['postfix']['main']['maildrop_destination_recipient_limit'] = 1
   67:  end
   68:
   69:  if node['postfix']['master']['cyrus']['active']
   70:    node.default_unless['postfix']['main']['cyrus_destination_recipient_limit'] = 1
   71:  end

Regarding #66 - added configuration transport support. On my system running previous version of this cookbook after upgrade the transport.db is not being created - thus mail handling fails.

Please add template resource to create it or do not put it in the main.cf.

Jun 13 10:45:07 ops postfix/trivial-rewrite[2101]: warning: hash:/etc/postfix/transport is unavailable. open database /etc/postfix/transport.db: No such file or directory

Using version: 5.0.1

use_relay_restrictions_maps is misspelt at the bottom of attributes/default.rb as use_relay_restirictions_maps (note the extra i after the first t). There's a similar problem in recipes/_attributes.rb which masks an issue in the use of default not node.default_unless as well.

Cookbook version

5.3.1

Chef-client version

[Version of chef-client in your environment]

Platform Details

ubuntu 14.04, ubuntu 16.04, centos 7

Scenario:

Trying to use this cookbook to provision a docker container fails when the cookbook attempts to start the postfix service, as most containers don't have functioning upstart/systemd/whatever. This does pass on centos 6, but I imagine it has to do with the way those containers are set up.

Steps to Reproduce:

Attempt to provision a docker container with this cookbook by using docker kitchen or similar.

Proposed solution:

Allowing for the actual enabling/restart/start of the service to be conditionally triggered so that it would be possible to disable the behavior when provisioning a container.

Currently this isn't in main.cf at all, and I'd like to allow slightly larger messages

Cookbook version

5.3.1

Chef-client version

13.8.5

Platform Details

This was tested on a CentOS 7.6 image generated using this packer template:
https://github.com/osuosl/packer-templates/blob/74319bd787682e71ee3b2abd371ce0464ef75fed/centos-7-x86_64-openstack.json

(Though you should be able to reproduce with any CentOS 7 image, and I would be surprised if not other platforms too.)

Scenario:

I've noticed that during the first Chef run deploying/configuring postfix, when using virtual aliases the virtual alias DB will be generated via postmap but the cookbook does not appear to reload or restart postfix afterwards. When I send a test email, it generates warnings about not being able to use virtual.db, but this is corrected after reloading postfix.

I think the notification/resource ordering in the virtual_aliases recipe should be tweaked so that virtual aliases are useable after the first/single Chef run.

Steps to Reproduce:

The following steps will help to visualize that postfix is not reloaded or restarted after generating the virtual aliases db:

1. Add a test suite to kitchen.yml for postfix::virtual_aliases recipe:

- name: virtual_aliases
  run_list:
  - recipe[postfix::virtual_aliases]

2. Converge the test suite (in this example using CentOS 7): kitchen converge virtual-aliases-centos-7

3. Examine kitchen's output. Note that after the execute[update-postfix-virtual-alias] resource there is no reloading or restarting of the postfix service.

Expected Result:

I expected postfix to successfully deliver mail that relies on virtual aliases after a single Chef run deploying/configuring postfix. More specifically, I expect postfix to be reloaded or restarted after the resource running postmap occurs.

Actual Result:

Postfix defers delivery on mail that relies on the virtual aliases after a single Chef run deploying/configuring postfix. This is what I see in mail logs indicating the problem:

Jan 24 21:38:39 authsqlcentos7-whitehet-turquoise-sslh1vv postfix/cleanup[20485]: warning: hash:/etc/postfix/virtual is unavailable. open database /etc/postfix/virtual.db: No such file or directory
Jan 24 21:38:39 authsqlcentos7-whitehet-turquoise-sslh1vv postfix/cleanup[20485]: warning: hash:/etc/postfix/virtual lookup error for "[email protected]"
Jan 24 21:38:39 authsqlcentos7-whitehet-turquoise-sslh1vv postfix/cleanup[20485]: warning: 6318F2129A: virtual_alias_maps map lookup problem for [email protected] -- deferring delivery

I can achieve the expected result by reloading postfix inside the kitchen VM and converging again, which allows the email to be delivered successfully, so I think the resource/notify ordering of postfix::virtual_aliases may need tweaking to ensure there's a reload or restart after postmap.

The 5.2.0 version was released on Aug 7, 2017 according to the Changelog but it does not appear to have been pushed to the supermarket.

Any chance that the current version can be pushed to the supermarket for use?

Cookbook version

5.3.0

Chef-client version

14

Platform Details

ubuntu 18.04

Scenario:

I configured a relayhost, but since postfix 3.3.0 you need to specify smtpd_recipient_restrictions

Steps to Reproduce:

Configure a relayhost on ubuntu 18.04, and you will see this error in the log:

Jul 16 11:53:38 testvm-postfix postfix/smtpd[16498]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains

Expected Result:

it should allow you to send a mail through the relayhost

Actual Result:

postfix is not available on port 25

Extra question

I could make a MR, but i'm not sure what direction i should use.

Do i check the postfix version? If it's > 3.3.0 then add an extra line in the main.cf?
Do i configure a default smtpd_recipient_restrictions, if nothing is provided?
i.e. smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject

During testing of a wrapper cookbook, we very quickly noticed that if the .db files corresponding to a postfix table are deleted, they are not replaced unless the content of the table file is changed, which triggers execution of postmap again.

Obviously, nothing should be deleting these files but this makes it really difficult to ensure consistency of the state declared by the cookbook.

There's a simple fix - in the recipes for the various files, like transport.rb, instead of:

execute 'update-postfix-transport' do
  command "postmap #{node['postfix']['transport_db']}"
  environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
  action :nothing
end

It could be:

execute 'update-postfix-transport' do
  command "postmap #{node['postfix']['transport_db']}"
  environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios')
  action File.exist?("#{node['postfix']['transport_db'].db") ? :nothing : :run
end

Which maintains all the current behavior but also runs postmap if the db file is missing.

Thanks

Cookbook version

[5.3.1]

Chef-client version

[12.6.0]

Platform Details

[CentOs 7.3]

Scenario:

Trying to install postfix 2.10.1-6.el7 and change outgoing SMTP email( trying to use smtp_generic_map_etries)

Steps to Reproduce:

Berksfile

source 'https://api.berkshelf.com'
metadata
cookbook 'postfix'

.kitchen.yml

---
driver:
  name: vagrant

provisioner:
  name: chef_solo
  require_chef_omnibus: 12.6.0
  roles_path: "test/integration/roles"

platforms:
  - name: centos-7.3

suites:
  - name: mail-postfix
    run_list:
      - recipe[install_postfix]

attributes/postfix.rb

override['postfix']['main'] = {
  'inet_protocols'     => 'ipv4',
  'relayhost'          => 'mail.ops.example.net',
  'mydomain'           => 'example.net',
  'myorigin'           => 'example.net'
}
override['postfix']['smtp_generic_map_entries'] = { 
	"[email protected]" => "[email protected]", 
	"[email protected]" => "[email protected]" 
}

recipe/postfix.rb

package 'postfix' do
  action [:install, :upgrade]
  version '2.10.1-6.el7'
end

running kitchen-test converge should install postfix on vagrant.

Expected Result:

1. It should create /etc/postfix/generic file with '[email protected]' 2. '[email protected]' entries along with smtp_generic_maps = hash:/etc/postfix/generic in main.cf

Actual Result:

1. /etc/postfix/generic is default with no changes
2. no smtp_generic_maps = hash:/etc/postfix/generic in main.cf

Cookbook version

Latest

Chef-client version

Latest

Platform Details

CentOS 7

Scenario:

Unless I'm missing something (which is possible and apologies if so) but it seems like I can't disable ipv6. Note from the man page below ipv6 is always used first but our SMTP server is running ipv4 only so I'd like to force it to only use ipv4 using the inet_protocols directive as below.

Thanks.

postconf(5)

 man page:

When IPv6 support is enabled via the inet_protocols parameter,  Post-
fix will do DNS type AAAA record lookups.

When  both IPv4 and IPv6 support are enabled, the Postfix SMTP client
will attempt to connect via IPv6 before attempting to use IPv4.

Examples:

inet_protocols = ipv4
inet_protocols = all (DEFAULT)
inet_protocols = ipv6
inet_protocols = ipv4, ipv6

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

If you put a value into node[:postfix][:main][:invalid_key] no server restart will raise. I had tested the restart with sudo service postfix restart and saw the error.

The CA file is commonly found at /etc/ssl/certs/ca-certificates.crt on Debian and Ubuntu systems. Running the default recipe will result in a Postfix error when trying to load the CA file /etc/postfix/cacert.pem, which does not exist.

Cookbook version

4.0.0

Chef-client version

12.14.89

Platform Details

Running the cookbook under test kitchen.

Scenario:

metadata.rb is missing, no big deal just wondering why?

Steps to Reproduce:

Need to write your own metadata.rb to use with test kitchen.

Expected Result:

Expected a metadata.rb file.

Actual Result:

Need to write your own metadata.rb to use with test kitchen.

In commit d972e58 attributes were moved to a recipe which will override defaults set in a wrapper cookbook that includes postfix. Possibly node.default_unless instead?

Howdy. Sorry for the leechy user question. The master branch has been failing to build (on FoodCritic via Travis) for 13 days. I'd love to make use of this cookbook, but is there a "successful" build I can use, perhaps that pre-dates this failing on? Thanks in advance!

Jesse

Hi,
is there any way how to add mailbox_command to generated main.cf? Example:

mailbox_command = /usr/bin/procmail

http://www.postfix.org/postconf.5.html#mailbox_command

Thanks

Cookbook version

Latest

Chef-client version

Latest

Platform Details

Debian 8

Scenario:

Adding a full emailaddress ([email protected]) to the postfix aliases doesn't
work. The template (aliases.rb) keeps adding double-quotes around it, whereas
postfix then doesn't recognize the domain-part and threats it as a local
address. The manpage (http://www.postfix.org/aliases.5.html) doesn't state that
an "address" needs to be quoted. But once an address is quoted, postfix will
append the domain and send mails to "[email protected]"@company.com - which
obviously doesn't work.

Can anyone else confirm this behaviour?

Steps to Reproduce:

node.override['postfix']['aliases'] = { "www" => "[email protected]" }

Expected Result:

$ cat www /etc/aliases

#
# This file is generated by Chef
#
# (...)
www: [email protected]

Actual Result:

$ cat www /etc/aliases

#
# This file is generated by Chef
#
# (...)
www: "[email protected]"

Cookbook version

5.3.0

Chef-client version

12.20.3

Platform Details

Red Hat Enterprise Linux Server release 7.5 (Maipo) on AWS

Scenario:

smtp relay host via SES with sasl uesrname & password

Steps to Reproduce:

I had been using this for awhile in my attributes:

default["postfix"]["main"]["relayhost"] = "email-smtp.us-east-1.amazonaws.com:587"
default["postfix"]["main"]["smtp_sasl_auth_enable"] = "yes"
default["postfix"]["main"]["smtpd_use_tls"] = "no"
default["postfix"]["sasl"]["smtp_sasl_user_name"] = "<snip>"
default["postfix"]["sasl"]["smtp_sasl_passwd"] = "<snip>"

Expected Result:

Previously, this seemed to result in:

default["postfix"]["main"]["relayhost"] = "email-smtp.us-east-1.amazonaws.com:587"
default["postfix"]["main"]["smtp_sasl_auth_enable"] = "yes"
default["postfix"]["main"]["smtpd_use_tls"] = "no"
default["postfix"]["sasl"]["smtp_sasl_user_name"] = "<snip>"
default["postfix"]["sasl"]["smtp_sasl_passwd"] = "<snip>"


$ cat /etc/postfix/sasl_passwd
# Auto-generated by Chef.
# Local modifications will be overwritten.
#
email-smtp.us-east-1.amazonaws.com:587 <snip>:<snip>

Actual Result:

Now with 5.3.0 I ended up with:

$ cat /etc/postfix/sasl_passwd
# Auto-generated by Chef.
# Local modifications will be overwritten.

smtp_sasl_passwd :
smtp_sasl_user_name :

I was able to resolve it by changing the attributes:

default["postfix"]["sasl"] = {
	"email-smtp.us-east-1.amazonaws.com:587" => {
		"username" => "<snip>",
		"password" => "<snip>"
	}
}

It seems like it was a breaking change with a minor version bump though