I develop the Salt scripts against a local VM. Once it is time to deploy remotely the process is as follows:

1. Start up the VM with provider of choice (I use and recommend Bytemark)
2. Log in via SSH
3. Add the appropriate Saltstack Package Repoisitory
4. apt-get update
5. apt-get upgrade
6. apt-get install salt-minion
7. Configure the SaltStack Minion to run masterless: edit /etc/salt/minion and ensure that file_client: local is set.
8. Tar up the SaltStack configuration files you’ve created, scp them across to the server, and tar xzf them out into /srv/salt/
9. salt-call --local state.apply
10. Now wait a bit. Hopefully there won’t be any errors.
11. /usr/sbin/update-exim4.conf
12. systemctl restart exim4

Check that everything is working. netstat -nlpt should show that ports 22, 25, 143 and 993 are open to the Internet. Port 783 (Spam Assassin) should only be available on 127.0.0.1.

Try connecting with telnet and/or your email client. Ensure that STARTTLS is working as expected – you don’t want to be sending email or your credentials across the Internet.

Once you are happy that everything is as expected you’ll need to refine your logcheck rules and then enjoy!