3 munin::check { 'ps_exim4': script => 'ps_' }
4 munin::check { 'exim_mailqueue': }
5 munin::check { 'exim_mailstats': }
7 munin::check { 'postfix_mailqueue': ensure => absent }
8 munin::check { 'postfix_mailstats': ensure => absent }
9 munin::check { 'postfix_mailvolume': ensure => absent }
11 package { 'exim4-daemon-heavy': ensure => installed }
15 require => File['/etc/exim4/exim4.conf'],
21 require => Package['exim4-daemon-heavy'],
24 file { '/etc/exim4/Git':
29 source => 'puppet:///files/empty/',
31 file { '/etc/exim4/conf.d':
36 source => 'puppet:///files/empty/',
38 file { '/etc/exim4/ssl':
44 file { '/etc/exim4/exim4.conf':
45 content => template('exim/eximconf.erb'),
46 notify => Service['exim4'],
48 file { '/etc/mailname':
49 content => template('exim/mailname.erb'),
51 file { '/etc/exim4/manualroute':
52 content => template('exim/manualroute.erb')
54 file { '/etc/exim4/locals':
55 content => template('exim/locals.erb')
57 file { '/etc/exim4/virtualdomains':
58 content => template('exim/virtualdomains.erb'),
60 file { '/etc/exim4/submission-domains':
61 content => template('exim/common/submission-domains.erb'),
63 file { '/etc/exim4/host_blacklist':
64 source => 'puppet:///modules/exim/common/host_blacklist',
66 file { '/etc/exim4/blacklist':
67 source => 'puppet:///modules/exim/common/blacklist',
69 file { '/etc/exim4/callout_users':
70 source => 'puppet:///modules/exim/common/callout_users',
72 file { '/etc/exim4/grey_users':
73 source => 'puppet:///modules/exim/common/grey_users',
75 file { '/etc/exim4/helo-check':
76 source => 'puppet:///modules/exim/common/helo-check',
78 file { '/etc/exim4/localusers':
79 source => 'puppet:///modules/exim/common/localusers',
81 file { '/etc/exim4/rbllist':
82 source => 'puppet:///modules/exim/common/rbllist',
84 file { '/etc/exim4/rhsbllist':
85 source => 'puppet:///modules/exim/common/rhsbllist',
87 file { '/etc/exim4/whitelist':
88 source => 'puppet:///modules/exim/common/whitelist',
90 file { '/etc/logrotate.d/exim4-base':
91 source => 'puppet:///modules/exim/common/logrotate-exim4-base',
93 file { '/etc/logrotate.d/exim4-paniclog':
94 source => 'puppet:///modules/exim/common/logrotate-exim4-paniclog'
96 file { '/etc/exim4/ssl/thishost.crt':
97 source => "puppet:///modules/exim/certs/${::fqdn}.crt",
101 file { '/etc/exim4/ssl/thishost.key':
102 source => "puppet:///modules/exim/certs/${::fqdn}.key",
103 group => Debian-exim,
106 file { '/etc/exim4/ssl/ca.crt':
107 source => 'puppet:///modules/exim/certs/ca.crt',
108 group => Debian-exim,
111 file { '/etc/exim4/ssl/ca.crl':
112 source => 'puppet:///modules/exim/certs/ca.crl',
113 group => Debian-exim,
116 file { '/var/log/exim4':
119 owner => Debian-exim,
123 case getfromhash($site::nodeinfo, 'mail_port') {
124 /^(\d+)$/: { $mail_port = $1 }
125 default: { $mail_port = 'smtp' }
128 @ferm::rule { 'dsa-exim':
129 description => 'Allow SMTP',
130 rule => '&SERVICE_RANGE(tcp, $mail_port, \$SMTP_SOURCES)'
133 @ferm::rule { 'dsa-exim-v6':
134 description => 'Allow SMTP',
136 rule => '&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)'
139 # Do we actually want this? I'm only doing it because it's harmless
140 # and makes the logs quiet. There are better ways of making logs quiet,
142 @ferm::rule { 'dsa-ident':
143 domain => '(ip ip6)',
144 description => 'Allow ident access',
145 rule => '&SERVICE(tcp, 113)'