Upgrade the MX configuration from Wheezy to Jessie.

In particular, since Postfix is now able to perform LDAP lookups using SASL, previous hacks with simble binds on cn=postfix,ou=services,… can now be removed.
author: Guilhem Moulin <guilhem@fripost.org> 2015-05-30 13:23:19 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2015-06-07 02:53:53 +0200
commit: fa82a617a0c50b7478cd2b7189aa5f7d14449954 (patch)
tree: 62488ddf805f34b3f06807a83d6f94a360ece723 /roles/MX/files
parent: 64e8603cf9790aa4419d0f2746671bd242e6344d (diff)
7 files changed, 12 insertions, 18 deletions
diff --git a/roles/MX/files/etc/postfix/virtual/alias.cf b/roles/MX/files/etc/postfix/virtual/alias.cf
index 1710376..1c104a9 100644
--- a/roles/MX/files/etc/postfix/virtual/alias.cf
+++ b/roles/MX/files/etc/postfix/virtual/alias.cf
@@ -3,8 +3,7 @@ version          = 3
 search_base      = fvd=%d,ou=virtual,dc=fripost,dc=org
 domain           = static:all
 scope            = one
-bind             = yes
-bind_dn          = cn=postfix,ou=services,dc=fripost,dc=org
-bind_pw          = FIXME
+bind             = sasl
+sasl_mechs       = EXTERNAL
 query_filter     = (&(objectClass=FripostVirtualAlias)(fvl=%u)(fripostIsStatusActive=TRUE))
 result_attribute = fripostMaildrop
diff --git a/roles/MX/files/etc/postfix/virtual/alias_domains.cf b/roles/MX/files/etc/postfix/virtual/alias_domains.cf
index 119b8b2..907166f 100644
--- a/roles/MX/files/etc/postfix/virtual/alias_domains.cf
+++ b/roles/MX/files/etc/postfix/virtual/alias_domains.cf
@@ -3,9 +3,8 @@ version          = 3
 search_base      = ou=virtual,dc=fripost,dc=org
 domain           = static:all
 scope            = one
-bind             = yes
-bind_dn          = cn=postfix,ou=services,dc=fripost,dc=org
-bind_pw          = FIXME
+bind             = sasl
+sasl_mechs       = EXTERNAL
 # The domain has already been validated (it's active and not pending)
 query_filter     = (&(objectClass=FripostVirtualAliasDomain)(fvd=%d))
 result_attribute = fripostMaildrop
diff --git a/roles/MX/files/etc/postfix/virtual/catchall.cf b/roles/MX/files/etc/postfix/virtual/catchall.cf
index 66053c8..e0e6350 100644
--- a/roles/MX/files/etc/postfix/virtual/catchall.cf
+++ b/roles/MX/files/etc/postfix/virtual/catchall.cf
@@ -3,9 +3,8 @@ version          = 3
 search_base      = ou=virtual,dc=fripost,dc=org
 domain           = static:all
 scope            = one
-bind             = yes
-bind_dn          = cn=postfix,ou=services,dc=fripost,dc=org
-bind_pw          = FIXME
+bind             = sasl
+sasl_mechs       = EXTERNAL
 # The domain has already been validated (it's active and not pending)
 query_filter     = (&(objectClass=FripostVirtualDomain)(!(objectClass=FripostVirtualAliasDomain))(fvd=%d)(fripostOptionalMaildrop=*))
 result_attribute = fripostOptionalMaildrop
diff --git a/roles/MX/files/etc/postfix/virtual/domains.cf b/roles/MX/files/etc/postfix/virtual/domains.cf
index 4ec247d..f5a7f25 100644
--- a/roles/MX/files/etc/postfix/virtual/domains.cf
+++ b/roles/MX/files/etc/postfix/virtual/domains.cf
@@ -4,9 +4,8 @@ server_host      = ldapi://%2Fprivate%2Fldapi/
 version          = 3
 search_base      = ou=virtual,dc=fripost,dc=org
 scope            = one
-bind             = yes
-bind_dn          = cn=postfix,ou=services,dc=fripost,dc=org
-bind_pw          = FIXME
+bind             = sasl
+sasl_mechs       = EXTERNAL
 query_filter     = (&(objectClass=FripostVirtualDomain)(!(objectClass=FripostPendingEntry))(fvd=%s)(fripostIsStatusActive=TRUE))
 result_attribute = fvd
 result_format    = OK
diff --git a/roles/MX/files/etc/postfix/virtual/list.cf b/roles/MX/files/etc/postfix/virtual/list.cf
index 3b364c0..99e2147 100644
--- a/roles/MX/files/etc/postfix/virtual/list.cf
+++ b/roles/MX/files/etc/postfix/virtual/list.cf
@@ -3,9 +3,8 @@ version          = 3
 search_base      = fvd=%d,ou=virtual,dc=fripost,dc=org
 domain           = static:all
 scope            = one
-bind             = yes
-bind_dn          = cn=postfix,ou=services,dc=fripost,dc=org
-bind_pw          = FIXME
+bind             = sasl
+sasl_mechs       = EXTERNAL
 query_filter     = (&(objectClass=FripostVirtualList)(!(objectClass=FripostPendingEntry))(fvl=%u)(fripostIsStatusActive=TRUE))
 result_attribute = fripostListManager
 # Use a dedicated "virtual" domain to decongestion potential bottlenecks
diff --git a/roles/MX/files/etc/postfix/virtual/mailbox.cf b/roles/MX/files/etc/postfix/virtual/mailbox.cf
index 4654607..7289670 100644
--- a/roles/MX/files/etc/postfix/virtual/mailbox.cf
+++ b/roles/MX/files/etc/postfix/virtual/mailbox.cf
@@ -3,9 +3,8 @@ version          = 3
 search_base      = fvd=%d,ou=virtual,dc=fripost,dc=org
 domain           = static:all
 scope            = one
-bind             = yes
-bind_dn          = cn=postfix,ou=services,dc=fripost,dc=org
-bind_pw          = FIXME
+bind             = sasl
+sasl_mechs       = EXTERNAL
 query_filter     = (&(objectClass=FripostVirtualUser)(fvl=%u)(fripostIsStatusActive=TRUE))
 result_attribute = fvl
 # Use a dedicated "virtual" domain to decongestion potential bottlenecks
diff --git a/roles/MX/files/usr/local/sbin/reserved-alias.pl b/roles/MX/files/usr/local/bin/reserved-alias.pl
index e19492e..e19492e 100755
--- a/roles/MX/files/usr/local/sbin/reserved-alias.pl
+++ b/roles/MX/files/usr/local/bin/reserved-alias.pl
author	Guilhem Moulin <guilhem@fripost.org>	2015-05-30 13:23:19 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2015-06-07 02:53:53 +0200
commit	fa82a617a0c50b7478cd2b7189aa5f7d14449954 (patch)
tree	62488ddf805f34b3f06807a83d6f94a360ece723 /roles/MX/files
parent	64e8603cf9790aa4419d0f2746671bd242e6344d (diff)