PostfixAdmin Cookbook

Installs and configures PostfixAdmin, a web based interface used to manage mailboxes, virtual domains and aliases.

Also creates the required MySQL or PostgreSQL database and tables.

Table of Contents

• Requirements
• Generated Passwords
• Attributes
  • The HTTPS Certificate
  • Encrypted Attributes
• Recipes
  • postfixadmin::default
  • postfixadmin::map_files
  • postfixadmin::mysql
  • postfixadmin::postgresql
• Resources
  • postfixadmin_admin[user]
  • postfixadmin_domain[domain]
  • postfixadmin_mailbox[mailbox]
  • postfixadmin_alias[address]
  • postfixadmin_alias_domain[address]
• Usage Example
  • Including in a Cookbook Recipe
  • Including in the Run List
• PostgreSQL Support
  • PostgreSQL Versions < 9.3
• Deploy with Docker
• Testing
  • ChefSpec Matchers
• Contributing
• TODO
• License and Author

Requirements

Please, if you want to upgrade the postfixadmin cookbook version from the 1.x branch, see the CHANGELOG.

Supported Platforms

This cookbook has been tested on the following platforms:

• Amazon Linux
• CentOS
• Debian
• Fedora
• Ubuntu

Please, let us know if you use it successfully on any other platform.

Required Cookbooks

• apache2
• ark
• database
• encrypted_attributes
• mysql
• chef_nginx
• compat_resource
• openssl
• php
• php-fpm
• postgresql
• ssl_certificate
• yum-epel

Required Applications

• Chef 12.5 or higher.
• Ruby 2.2 or higher.

Only Postfix Admin version 3 or higher is supported by this cookbook. For older versions, use cookbook versions < 3.

Other Requirements

On RedHat based platforms, you need to disable or configure SELinux correctly to work with mysql cookbook. You can use the selinux::disabled recipe for that.

Generated Passwords

The first time it runs, automatically generates some passwords if not specified. Generated passwords are:

From the PostfixAdmin Default Recipe

• postfixadmin/setup_password
• postfixadmin/setup_password_salt
• postfixadmin/setup_password_encrypted
• postfixadmin/database/password

When MySQL Is Used

• postfixadmin/mysql/server_root_password

When PostgreSQL Is Used

• postgresql/password/postgres

Attributes

The HTTPS Certificate

This cookbook uses the ssl_certificate cookbook to create the HTTPS certificate. The namespace used is node['postfixadmin']. For example:

node.default['postfixadmin']['common_name'] = 'postfixadmin.example.com'
include_recipe 'postfixadmin'

See the ssl_certificate namespace documentation for more information.

Encrypted Attributes

This cookbook can use the encrypted_attributes cookbook to encrypt the secrets generated during the Chef Run. This feature is disabled by default, but can be enabled setting the node['postfixadmin']['encrypt_attributes'] attribute to true. For example:

include_recipe 'encrypted_attributes::users_data_bag'
node.default['postfixadmin']['encrypt_attributes'] = true
inclure_recipe 'postfixadmin'

This will create the following encrypted attributes:

• node['postfixadmin']['setup_password']: PostfixAdmin setup.php setup password.
• node['postfixadmin']['setup_password_encrypted']: PostfixAdmin setup.php setup password encrypted with a salt.
• node['postfixadmin']['mysql']['server_root_password']: MySQL root user password.
• node['postfixadmin']['database']['password']: MySQL PostfixAdmin user password.

Read the chef-encrypted-attributes gem documentation to learn how to read them.

Warning: When PostgreSQL is used, the database root password will still remain unencrypted in the node['postgresql']['password']['postgres'] attribute due to limitations of the postgresql cookbook.

Recipes

postfixadmin::default

Installs and configures PostfixAdmin.

postfixadmin::map_files

Installs PostfixAdmin SQL map files to be used by Postfix.

postfixadmin::mysql

Installs MySQL server for PostfixAdmin.

postfixadmin::postgresql

Installs PostgreSQL server for PostfixAdmin.

Resources

postfixadmin_admin[user]

Create or delete a PostfixAdmin admin user.

This kind of user is used to create the domains and mailboxes, and must be used before any other resource from this cookbook.

postfixadmin_admin Actions

• create: Create a PostfixAdmin admin user (default).
• delete: Remove a PostfixAdmin admin user.

postfixadmin_admin Properties

If you don't provide login_username, it will use the setup.php to create the admin. Usually this is used only to create the first administrator.

postfixadmin_admin Example

postfixadmin_admin 'admin@admindomain.com' do
  password 'sup3r-s3cr3t-p4ss'
  action :create
end

postfixadmin_admin 'secondadmin@admindomain.com' do
  password '4n0th3r-p4ss'
  login_username 'admin@admindomain.com'
  login_password 'sup3r-s3cr3t-p4ss'
end

postfixadmin_domain[domain]

Create or delete a domain.

postfixadmin_domain Actions

• create
• delete

postfixadmin_domain Properties

postfixadmin_domain Example

# admin user copied from the previous example
postfixadmin_domain 'foobar.com' do
  login_username 'admin@admindomain.com'
  login_password 'sup3r-s3cr3t-p4ss'
end

postfixadmin_mailbox[mailbox]

Create or delete a mailbox.

postfixadmin_mailbox Actions

• create
• delete

postfixadmin_mailbox Properties

postfixadmin_mailbox Example

# admin user copied from the previous example
postfixadmin_mailbox 'bob@foobar.com' do
  password 'alice'
  login_username 'admin@admindomain.com'
  login_password 'sup3r-s3cr3t-p4ss'
end

postfixadmin_alias[address]

Create or delete a mailbox alias.

postfixadmin_alias Actions

• create
• delete

postfixadmin_alias Properties

postfixadmin_alias Example

# admin user copied from the previous example
postfixadmin_alias 'billing@foobar.com' do
  goto 'bob@foobar.com'
  login_username 'admin@admindomain.com'
  login_password 'sup3r-s3cr3t-p4ss'
end

postfixadmin_alias_domain[address]

Create or remote a domain alias.

The domain name used as alias_domain must already exist: in other words, it needs to be created previously with postfixadmin_domain resource.

postfixadmin_alias_domain Actions

• create
• delete

postfixadmin_alias_domain Properties

postfixadmin_alias_domain Example

# admin user copied from the previous example
postfixadmin_alias_domain 'aliasdomain.com' do
  target_domain 'foobar.com'
  login_username 'admin@admindomain.com'
  login_password 'sup3r-s3cr3t-p4ss'
end

Usage Example

Including in a Cookbook Recipe

A complete example:

include_recipe 'postfixadmin::default'
include_recipe 'postfixadmin::map_files'
# or include them in your run-list

postfixadmin_admin 'admin@admindomain.com' do
  password 'sup3r-s3cr3t-p4ss'
  action :create
end

postfixadmin_domain 'foobar.com' do
  login_username 'admin@admindomain.com'
  login_password 'sup3r-s3cr3t-p4ss'
end

postfixadmin_mailbox 'bob@foobar.com' do
  password 'alice'
  login_username 'admin@admindomain.com'
  login_password 'sup3r-s3cr3t-p4ss'
end

postfixadmin_alias 'billing@foobar.com' do
  goto 'bob@foobar.com'
  login_username 'admin@admindomain.com'
  login_password 'sup3r-s3cr3t-p4ss'
end

postfixadmin_domain 'aliasdomain.com' do
  login_username 'admin@admindomain.com'
  login_password 'sup3r-s3cr3t-p4ss'
end

postfixadmin_alias_domain 'aliasdomain.com' do
  target_domain 'foobar.com'
  login_username 'admin@admindomain.com'
  login_password 'sup3r-s3cr3t-p4ss'
end

Don't forget to include the postfixadmin cookbook as a dependency in the metadata.

# metadata.rb
# [...]

depends 'postfixadmin'

Including in the Run List

Another alternative is to include the recipes in your Run List.

{
  "name": "mail.example.com",
  "[...]": "[...]"
  "run_list": [
    "[...]": "[...]",
    "recipe[postfixadmin]",
    "recipe[postfixadmin::map_files]"
  ]
}

PostgreSQL Support

PostfixAdmin with PostgreSQL may not work properly on some platforms: See for example postgresql cookbook issue #249. Any feedback you can provide regarding the PostgreSQL support will be greatly appreciated.

PostgreSQL Versions < 9.3

If you are using PostgreSQL version < 9.3, you may need to adjust the shmmax and shmall kernel parameters to configure the shared memory. You can see the example used for the integration tests.

Deploy with Docker

You can use the Dockerfile included in the cookbook source code to run the cookbook inside a container:

$ docker build -t chef-postfixadmin .
$ docker run -d -p 8080:80 chef-postfixadmin

The sample Dockerfile:

FROM zuazo/chef-local:debian-7

COPY . /tmp/postfixadmin
RUN berks vendor -b /tmp/postfixadmin/Berksfile $COOKBOOK_PATH
RUN chef-client -r "recipe[apt],recipe[postfixadmin]"

CMD ["apache2", "-D", "FOREGROUND"]

See the chef-local container documentation for more examples.

Testing

See TESTING.md.

ChefSpec Matchers

postfixadmin_admin(user)

Helper method for locating a postfixadmin_admin resource in the collection.

resource = chef_run.postfixadmin_admin(user)
expect(resource).to notify('service[apache2]').to(:reload)

create_postfixadmin_admin(user)

Assert that the Chef Run creates a PostfixAdmin admin user.

expect(chef_run).to create_postfixadmin_admin(user)

delete_postfixadmin_admin(path)

Assert that the Chef Run deletes a PostfixAdmin admin user.

expect(chef_run).to delete_postfixadmin_admin(user)

postfixadmin_alias(address)

Helper method for locating a postfixadmin_alias resource in the collection.

resource = chef_run.postfixadmin_alias(address)
expect(resource).to notify('service[apache2]').to(:reload)

create_postfixadmin_alias(address)

Assert that the Chef Run creates a PostfixAdmin alias.

expect(chef_run).to create_postfixadmin_alias(address)

delete_postfixadmin_alias(address)

Assert that the Chef Run deletes a PostfixAdmin alias.

expect(chef_run).to delete_postfixadmin_alias(address)

postfixadmin_alias_domain(alias_domain)

Helper method for locating a postfixadmin_alias_domain resource in the collection.

resource = chef_run.postfixadmin_alias_domain(alias_domain)
expect(resource).to notify('service[apache2]').to(:reload)

create_postfixadmin_alias_domain(alias_domain)

Assert that the Chef Run creates a PostfixAdmin alias domain.

expect(chef_run).to create_postfixadmin_alias_domain(alias_domain)

delete_postfixadmin_alias_domain(alias_domain)

Assert that the Chef Run deletes a PostfixAdmin alias domain.

expect(chef_run).to delete_postfixadmin_alias_domain(alias_domain)

postfixadmin_domain(domain)

Helper method for locating a postfixadmin_domain resource in the collection.

resource = chef_run.postfixadmin_domain(domain)
expect(resource).to notify('service[apache2]').to(:reload)

create_postfixadmin_domain(domain)

Assert that the Chef Run creates a PostfixAdmin domain.

expect(chef_run).to create_postfixadmin_domain(domain)

delete_postfixadmin_domain(domain)

Assert that the Chef Run deletes a PostfixAdmin domain.

expect(chef_run).to delete_postfixadmin_domain(domain)

postfixadmin_mailbox(mailbox)

Helper method for locating a postfixadmin_mailbox resource in the collection.

resource = chef_run.postfixadmin_domain(mailbox)
expect(resource).to notify('service[apache2]').to(:reload)

create_postfixadmin_mailbox(mailbox)

Assert that the Chef Run creates a PostfixAdmin mailbox.

expect(chef_run).to create_postfixadmin_mailbox(mailbox)

delete_postfixadmin_mailbox(domain)

Assert that the Chef Run deletes a PostfixAdmin mailbox.

expect(chef_run).to delete_postfixadmin_mailbox(mailbox)

Contributing

Please do not hesitate to open an issue with any questions or problems.

See CONTRIBUTING.md.

TODO

See TODO.md.

License and Author

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.