diff --git a/type/__dma/explorer/conf b/type/__dma/explorer/conf
new file mode 100755
index 0000000..129e3c3
--- /dev/null
+++ b/type/__dma/explorer/conf
@@ -0,0 +1,30 @@
+#!/bin/sh -e
+#
+# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see .
+#
+# This explorer looks for lines matching the server parameter in dma's auth.conf
+# and reports the login and server fields (password is cksummed)
+
+CONF_PATH=/etc/dma # set in Makefile
+dma_conf="${CONF_PATH:?}/dma.conf"
+
+test -f "${dma_conf}" || exit 0
+
+grep -v -e '^[ \t]*#\|^$' "${dma_conf}" \
+| sed -e 's/[ \t]*#.*$//' \
+| sort -s -k 1,1
diff --git a/type/__dma/gencode-remote b/type/__dma/gencode-remote
index 2e3a80d..1091aeb 100755
--- a/type/__dma/gencode-remote
+++ b/type/__dma/gencode-remote
@@ -1,5 +1,200 @@
#!/bin/sh -e
+CONF_PATH=/etc/dma # set in Makefile
+
+# Generate config
+conf_should=$(
+ if test -s "${__object}/parameter/smart-host"
+ then
+ printf 'SMARTHOST %s\n' "$(cat "${__object}/parameter/smart-host")"
+ #printf 'AUTHPATH %s\n' "$(cat "${__type}/
+ fi
+
+ case $(cat "${__object}/parameter/security")
+ in
+ (ssl|tls)
+ default_smtp_port=465
+ echo 'SECURETRANSFER'
+ ;;
+ (starttls)
+ default_smtp_port=587
+ echo 'SECURETRANSFER'
+ echo 'STARTTLS'
+ ;;
+ (opportunistic)
+ default_smtp_port=25 # XXX: correct?
+ echo 'SECURETRANSFER'
+ echo 'STARTTLS'
+ echo 'OPPORTUNISTIC_TLS'
+ ;;
+ (insecure)
+ default_smtp_port=25
+ echo 'INSECURE'
+ ;;
+ esac
+
+ if test -s "${__object}/parameter/port"
+ then
+ printf 'PORT %u\n' "$(cat "${__object}/parameter/port")"
+ elif test "${default_smtp_port}" -ne 25
+ then
+ printf 'PORT %u\n' "${default_smtp_port}"
+ fi
+
+ if test -f "${__object}/parameter/masquerade"
+ then
+ while read -r line
+ do
+ printf 'MASQUERADE %s\n' "${line}"
+ done <"${__object}/parameter/masquerade"
+ fi
+
+
+)
+conf_should=$(echo "$conf_should" | sort -s -k 1,1)
+
+config_updated=false
+if ! echo "$conf_should" | cmp -s "${__object}/explorer/conf" -
+then
+ # config needs to be updated
+ echo "dma_conf='${CONF_PATH:?}/dma.conf'"
+ cat <<'EOF'
+awk -F '\n' '
+function comment_line(line) { return match(line, /^[ \t]*#+[ \t]*/) }
+function empty_line(line) { return match(line, /^[ \t]*$/) }
+function is_word(s) { return s ~ /^[A-Z_]+$/ }
+
+function first(line, sep) {
+ if (!sep) sep = SUBSEP
+ return index(line, sep) ? substr(line, 0, index(line, sep)) : line
+}
+
+function rest(line, sep) {
+ if (!sep) sep = SUBSEP
+ if (index(line, sep))
+ return substr(line, index(line, sep) + 1)
+}
+
+function conf_pop(word, value) {
+ if (!(word in conf)) return 0
+ if (!value) {
+ if (index(conf[word], SUBSEP)) # more than one element?
+ value = substr(conf[word], 0, index(conf[word], SUBSEP))
+ else
+ value = conf[word]
+ }
+
+ if (index(conf[word], SUBSEP)) {
+ if (index(conf[word], value SUBSEP) != 1) return 0
+ conf[word] = substr(conf[word], length(value) + 2)
+ } else {
+ if (conf[word] != value) return 0
+ delete conf[word]
+ }
+ return value
+}
+
+function print_conf(word, value) {
+ printf "%s", word
+ if (value) printf " %s", value
+ printf "\n"
+}
+
+function print_confs(word, value) {
+ if (!(word in conf)) return
+ if (conf[word]) {
+ while (value = conf_pop(word))
+ print_conf(word, value)
+ } else {
+ print_conf(word)
+ delete conf[word]
+ }
+}
+
+BEGIN {
+ while (getline < "/dev/stdin") {
+ word = first($0, " ")
+ if ((word in conf))
+ conf[word] = conf[word] SUBSEP rest($0, " ")
+ else
+ conf[word] = rest($0, " ")
+ }
+}
+
+# first pass, gather information
+NR == FNR {
+ if (comment_line($0)) {
+ # comment line
+ word = first(substr($0, RLENGTH + 1), " ")
+ if (is_word(word)) last_occ["#" word] = FNR
+ } else {
+ word = first($0, " ")
+ if (is_word(word)) last_occ[word] = FNR
+ }
+}
+
+NR > FNR && FNR == 1 {
+ # before second pass prepare hashes
+
+ for (k in last_occ)
+ if (k ~ /^\#/ && (substr(k, 2) in last_occ))
+ delete last_occ[k]
+
+ for (k in last_occ) {
+ line_map[last_occ[k]] = k
+ }
+}
+
+# second pass, output new config
+NR > FNR {
+ if (comment_line($0) || empty_line($0)) {
+ # comment or empty line
+ print
+
+ if ((FNR in line_map)) {
+ if (line_map[FNR] ~ /^\#/) {
+ # the "matching" comment line is here
+ k = substr(line_map[FNR], 2)
+ if ((k in conf)) print_confs(k)
+ }
+
+ if (("INSECURE" in conf) && line_map[FNR] ~ /^\#?SECURE$/) {
+ # INSECURE goes where SECURE comment is
+ print_confs("INSECURE")
+ }
+ }
+ } else {
+ sub(/[ \t]*\#.*$/, "", $0) # ignore comments
+ word = first($0, " ")
+
+ if ((word in conf) && rest($0, " ") == first(conf[word])) {
+ # keep config options we want
+ conf_pop(word)
+ print
+ }
+
+ if ((FNR in line_map) && line_map[FNR] == word) {
+ # rest of config options should be here
+ print_confs(word)
+ }
+ }
+}
+
+END {
+ # print rest of config options
+ for (word in conf) print_confs(word)
+}
+' "${dma_conf}" "${dma_conf}" <<'EOF' >"${dma_conf}.tmp" \
+ && mv "${dma_conf}.tmp" "${dma_conf}"
+EOF
+ echo "${conf_should}"
+ echo 'EOF'
+
+ config_updated=true
+ echo 'config updated' >>"${__messages_out}"
+fi
+
+
if test -f "${__object}/parameter/send-test-email"
then
modified=false
@@ -10,7 +205,7 @@ then
elif grep -q '^__dma_auth/' "${__messages_in}"
then
modified=true
- elif grep -q '^__dma/' "${__messages_in}"
+ elif $config_updated
then
modified=true
fi
diff --git a/type/__dma/man.rst b/type/__dma/man.rst
index af9298e..cb3c35f 100644
--- a/type/__dma/man.rst
+++ b/type/__dma/man.rst
@@ -39,7 +39,31 @@ mailname
If not defined, it defaults to `/etc/mailname` on Debian-derived Operating
Systems and to `__target_host` otherwise.
See `dma(8)` for more information.
+masquerade
+ Masquerade the envelope-from addresses with this address/hostname.
+ Use this setting if mails are not accepted by destination mail servers
+ because your sender domain is invalid.
+ This option can be used multiple times.
+ For more information see the `dma(8)` man page.
+port
+ The port on which to deliver email.
+ If not provided, a sensible default port will be used based on the
+ `--security` argument.
+security
+ Configures whether and how DMA should use secure connections.
+ ssl/tls
+ Enable TLS/SSL secured transfer.
+ starttls
+ Use STARTTLS to establish a secure connection.
+ opportunistic (default)
+ Will try to establish a secure connection using STARTTLS, but allow
+ unencrypted transfer if STARTTLS fails.
+ Most useful when dma is used without a smarthost, delivering remote
+ messages directly to the outside mail exchangers.
+ insecure
+ allow plain text SMTP login over an insecure connection.
+ Should really not be used anymore!
EXAMPLES
--------
diff --git a/type/__dma/manifest b/type/__dma/manifest
index e07fbfc..814e3ef 100755
--- a/type/__dma/manifest
+++ b/type/__dma/manifest
@@ -2,54 +2,57 @@
os=$(cat "${__global}/explorer/os")
-smart_host="$(cat "${__object}/parameter/smart-host")"
-
-if [ -f "${__object}/parameter/mailname" ]; then
- mailname="$(cat "${__object}/parameter/mailname")"
+# mailname: default behaviour is different on certain systems
+if test -f "${__object}/parameter/mailname"
+then
+ mailname=$(cat "${__object}/parameter/mailname")
else
- # default mailname behaviour is different in certain systems
- case ${os} in
- debian|devuan|ubuntu)
- # Debian-like default to /etc/mailname
- mailname="/etc/mailname"
- ;;
- *)
- # Otherwise let's use the hostname
- mailname="${__target_host}"
- ;;
- esac
+ # Otherwise use the hostname
+ mailname=$(cat "${__global}/explorer/hostname")
fi
-case ${os} in
- debian|devuan|ubuntu)
- # Debian-like requires installing DMA
- __package dma
- # Moving forward without DMA doesn't make much sense
- export require="__package/dma"
- ;;
- freebsd)
- # Disable sendmail + stop if necessary
- __key_value \
- --file "/etc/rc.conf" \
- --comment "# Disable sendmail " \
- --key "sendmail_enable" \
- --delimiter "=" \
- --value "NONE" \
- --onchange "service sendmail onestop || true" \
- "sendmail_enable"
+case $os
+in
+ (debian|devuan|ubuntu)
+ # On Debian-like systems use /etc/mailname
+ if test -f "${__object}/parameter/mailname"
+ then
+ echo "$mailname" | __file '/etc/mailname' --state present \
+ --mode 0644 --owner root --group root --source -
+ fi
+
+ mailname='/etc/mailname'
+ ;;
+esac
+
+# Install DMA
+case $os
+in
+ (debian|devuan|ubuntu)
+ __package dma --state present
+ export require='__package/dma'
+ ;;
+ (freebsd)
+ # Stop sendmail if necessary
+ __process 'sendmail' --name 'sendmail.*' --state absent \
+ --stop '/etc/rc.d/sendmail onestop'
+
+ # ... and disable it
+ __key_value 'rcconf-sendmail-enable' --file '/etc/rc.conf' \
+ --key 'sendmail_enable' --delimiter '=' --value '"NONE"' \
+ --exact_delimiter
+
# Setup mailwrapper accordingly
- __file /etc/mail/mailer.conf \
- --mode 0644 \
- --source '-' < /dev/stderr <&2
Your OS (${os}) is not supported yet.
Maybe adding support is as simple as adapting the packages or allowing it,
@@ -57,77 +60,5 @@ we highly encourage you to open a PR with the necessary changes.
See: https://code.ungleich.ch/ungleich-public/cdist-contrib/
EOF
exit 1
- ;;
+ ;;
esac
-
-DMA_CONF="$(cat <