3 "ps_exim4": script => "ps_";
6 "postfix_mailqueue": ensure => absent;
7 "postfix_mailstats": ensure => absent;
8 "postfix_mailvolume": ensure => absent;
12 package { exim4-daemon-heavy: ensure => installed }
27 source => "puppet:///files/empty/"
34 source => "puppet:///files/empty/"
41 require => Package["exim4-daemon-heavy"],
45 content => template("exim/mailname.erb"),
47 "/etc/exim4/exim4.conf":
48 content => template("exim/eximconf.erb"),
49 require => Package["exim4-daemon-heavy"],
50 notify => Exec["exim4 reload"]
52 "/etc/exim4/manualroute":
53 require => Package["exim4-daemon-heavy"],
54 content => template("exim/manualroute.erb")
56 "/etc/exim4/host_blacklist":
57 require => Package["exim4-daemon-heavy"],
58 source => [ "puppet:///exim/per-host/$fqdn/host_blacklist",
59 "puppet:///exim/common/host_blacklist" ]
61 "/etc/exim4/blacklist":
62 require => Package["exim4-daemon-heavy"],
63 source => [ "puppet:///exim/per-host/$fqdn/blacklist",
64 "puppet:///exim/common/blacklist" ]
66 "/etc/exim4/callout_users":
67 require => Package["exim4-daemon-heavy"],
68 source => [ "puppet:///exim/per-host/$fqdn/callout_users",
69 "puppet:///exim/common/callout_users" ]
71 "/etc/exim4/grey_users":
72 require => Package["exim4-daemon-heavy"],
73 source => [ "puppet:///exim/per-host/$fqdn/grey_users",
74 "puppet:///exim/common/grey_users" ]
76 "/etc/exim4/helo-check":
77 require => Package["exim4-daemon-heavy"],
78 source => [ "puppet:///exim/per-host/$fqdn/helo-check",
79 "puppet:///exim/common/helo-check" ]
82 require => Package["exim4-daemon-heavy"],
83 content => template("exim/locals.erb")
85 "/etc/exim4/localusers":
86 require => Package["exim4-daemon-heavy"],
87 source => [ "puppet:///exim/per-host/$fqdn/localusers",
88 "puppet:///exim/common/localusers" ]
91 require => Package["exim4-daemon-heavy"],
92 source => [ "puppet:///exim/per-host/$fqdn/rbllist",
93 "puppet:///exim/common/rbllist" ]
95 "/etc/exim4/rhsbllist":
96 require => Package["exim4-daemon-heavy"],
97 source => [ "puppet:///exim/per-host/$fqdn/rhsbllist",
98 "puppet:///exim/common/rhsbllist" ]
100 "/etc/exim4/virtualdomains":
101 require => Package["exim4-daemon-heavy"],
102 content => template("exim/virtualdomains.erb")
104 "/etc/exim4/whitelist":
105 require => Package["exim4-daemon-heavy"],
106 source => [ "puppet:///exim/per-host/$fqdn/whitelist",
107 "puppet:///exim/common/whitelist" ]
109 "/etc/logrotate.d/exim4-base":
110 require => Package["exim4-daemon-heavy"],
111 source => [ "puppet:///exim/per-host/$fqdn/logrotate-exim4-base",
112 "puppet:///exim/common/logrotate-exim4-base" ]
114 "/etc/logrotate.d/exim4-paniclog":
115 require => Package["exim4-daemon-heavy"],
116 source => [ "puppet:///exim/per-host/$fqdn/logrotate-exim4-paniclog",
117 "puppet:///exim/common/logrotate-exim4-paniclog" ]
119 "/etc/exim4/ssl/thishost.crt":
120 require => Package["exim4-daemon-heavy"],
121 source => "puppet:///exim/certs/$fqdn.crt",
123 group => Debian-exim,
126 "/etc/exim4/ssl/thishost.key":
127 require => Package["exim4-daemon-heavy"],
128 source => "puppet:///exim/certs/$fqdn.key",
130 group => Debian-exim,
133 "/etc/exim4/ssl/ca.crt":
134 require => Package["exim4-daemon-heavy"],
135 source => "puppet:///exim/certs/ca.crt",
137 group => Debian-exim,
140 "/etc/exim4/ssl/ca.crl":
141 require => Package["exim4-daemon-heavy"],
142 source => "puppet:///exim/certs/ca.crl",
144 group => Debian-exim,
150 owner => Debian-exim,
155 exec { "exim4 reload":
156 path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
160 case extractnodeinfo($nodeinfo, 'mail_port') {
161 /^(\d+)$/: { $mail_port = $1 }
162 default: { $mail_port = 'smtp' }
165 @ferm::rule { "dsa-exim":
166 description => "Allow SMTP",
167 rule => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_SOURCES)"
169 @ferm::rule { "dsa-exim-v6":
170 description => "Allow SMTP",
172 rule => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)"
174 # Do we actually want this? I'm only doing it because it's harmless
175 # and makes the logs quiet. There are better ways of making logs quiet,
177 @ferm::rule { "dsa-ident":
178 domain => "(ip ip6)",
179 description => "Allow ident access",
180 rule => "&SERVICE(tcp, 113)"