3 "ps_exim4": script => "ps_";
6 "postfix_mailqueue": ensure => absent;
7 "postfix_mailstats": ensure => absent;
8 "postfix_mailvolume": ensure => absent;
12 package { exim4-daemon-heavy: ensure => installed }
27 source => "puppet:///files/empty/"
34 source => "puppet:///files/empty/"
41 require => Package["exim4-daemon-heavy"],
45 content => template("exim/mailname.erb"),
47 "/etc/exim4/exim4.conf":
48 content => template("exim/eximconf.erb"),
49 require => Package["exim4-daemon-heavy"],
50 notify => Exec["exim4 reload"]
52 "/etc/exim4/manualroute":
53 require => Package["exim4-daemon-heavy"],
54 content => template("exim/manualroute.erb")
56 "/etc/exim4/host_blacklist":
57 require => Package["exim4-daemon-heavy"],
58 source => [ "puppet:///modules/exim/per-host/$fqdn/host_blacklist",
59 "puppet:///modules/exim/common/host_blacklist" ]
61 "/etc/exim4/blacklist":
62 require => Package["exim4-daemon-heavy"],
63 source => [ "puppet:///modules/exim/per-host/$fqdn/blacklist",
64 "puppet:///modules/exim/common/blacklist" ]
66 "/etc/exim4/callout_users":
67 require => Package["exim4-daemon-heavy"],
68 source => [ "puppet:///modules/exim/per-host/$fqdn/callout_users",
69 "puppet:///modules/exim/common/callout_users" ]
71 "/etc/exim4/grey_users":
72 require => Package["exim4-daemon-heavy"],
73 source => [ "puppet:///modules/exim/per-host/$fqdn/grey_users",
74 "puppet:///modules/exim/common/grey_users" ]
76 "/etc/exim4/helo-check":
77 require => Package["exim4-daemon-heavy"],
78 source => [ "puppet:///modules/exim/per-host/$fqdn/helo-check",
79 "puppet:///modules/exim/common/helo-check" ]
82 require => Package["exim4-daemon-heavy"],
83 content => template("exim/locals.erb")
85 "/etc/exim4/localusers":
86 require => Package["exim4-daemon-heavy"],
87 source => [ "puppet:///modules/exim/per-host/$fqdn/localusers",
88 "puppet:///modules/exim/common/localusers" ]
91 require => Package["exim4-daemon-heavy"],
92 source => [ "puppet:///modules/exim/per-host/$fqdn/rbllist",
93 "puppet:///modules/exim/common/rbllist" ]
95 "/etc/exim4/rhsbllist":
96 require => Package["exim4-daemon-heavy"],
97 source => [ "puppet:///modules/exim/per-host/$fqdn/rhsbllist",
98 "puppet:///modules/exim/common/rhsbllist" ]
100 "/etc/exim4/virtualdomains":
101 require => Package["exim4-daemon-heavy"],
102 content => template("exim/virtualdomains.erb")
104 "/etc/exim4/whitelist":
105 require => Package["exim4-daemon-heavy"],
106 source => [ "puppet:///modules/exim/per-host/$fqdn/whitelist",
107 "puppet:///modules/exim/common/whitelist" ]
109 "/etc/exim4/submission-domains":
110 require => Package["exim4-daemon-heavy"],
111 source => [ "puppet:///modules/exim/per-host/$fqdn/submission-domains",
112 "puppet:///modules/exim/common/submission-domains" ]
114 "/etc/logrotate.d/exim4-base":
115 require => Package["exim4-daemon-heavy"],
116 source => [ "puppet:///modules/exim/per-host/$fqdn/logrotate-exim4-base",
117 "puppet:///modules/exim/common/logrotate-exim4-base" ]
119 "/etc/logrotate.d/exim4-paniclog":
120 require => Package["exim4-daemon-heavy"],
121 source => [ "puppet:///modules/exim/per-host/$fqdn/logrotate-exim4-paniclog",
122 "puppet:///modules/exim/common/logrotate-exim4-paniclog" ]
124 "/etc/exim4/ssl/thishost.crt":
125 require => Package["exim4-daemon-heavy"],
126 source => "puppet:///modules/exim/certs/$fqdn.crt",
128 group => Debian-exim,
131 "/etc/exim4/ssl/thishost.key":
132 require => Package["exim4-daemon-heavy"],
133 source => "puppet:///modules/exim/certs/$fqdn.key",
135 group => Debian-exim,
138 "/etc/exim4/ssl/ca.crt":
139 require => Package["exim4-daemon-heavy"],
140 source => "puppet:///modules/exim/certs/ca.crt",
142 group => Debian-exim,
145 "/etc/exim4/ssl/ca.crl":
146 require => Package["exim4-daemon-heavy"],
147 source => "puppet:///modules/exim/certs/ca.crl",
149 group => Debian-exim,
155 owner => Debian-exim,
160 exec { "exim4 reload":
161 path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
165 case getfromhash($nodeinfo, 'mail_port') {
166 /^(\d+)$/: { $mail_port = $1 }
167 default: { $mail_port = 'smtp' }
170 @ferm::rule { "dsa-exim":
171 description => "Allow SMTP",
172 rule => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_SOURCES)"
174 @ferm::rule { "dsa-exim-v6":
175 description => "Allow SMTP",
177 rule => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)"
179 # Do we actually want this? I'm only doing it because it's harmless
180 # and makes the logs quiet. There are better ways of making logs quiet,
182 @ferm::rule { "dsa-ident":
183 domain => "(ip ip6)",
184 description => "Allow ident access",
185 rule => "&SERVICE(tcp, 113)"
189 # vim:set sts=4 ts=4:
190 # vim:set shiftwidth=4: