3 munin::check { 'ps_exim4': script => 'ps_' }
4 munin::check { 'exim_mailqueue': }
5 munin::check { 'exim_mailstats': }
7 munin::check { 'postfix_mailqueue': ensure => absent }
8 munin::check { 'postfix_mailstats': ensure => absent }
9 munin::check { 'postfix_mailvolume': ensure => absent }
11 package { 'exim4-daemon-heavy': ensure => installed }
16 File['/etc/exim4/exim4.conf'],
17 Package['exim4-daemon-heavy'],
24 require => Package['exim4-daemon-heavy'],
27 file { '/etc/exim4/Git':
32 source => 'puppet:///files/empty/',
34 file { '/etc/exim4/conf.d':
39 source => 'puppet:///files/empty/',
41 file { '/etc/exim4/ssl':
47 file { '/etc/exim4/exim4.conf':
48 content => template('exim/eximconf.erb'),
49 require => File['/etc/exim4/ssl/thishost.crt'],
50 notify => Service['exim4'],
52 file { '/etc/mailname':
53 content => template('exim/mailname.erb'),
55 file { '/etc/exim4/manualroute':
56 content => template('exim/manualroute.erb')
58 file { '/etc/exim4/locals':
59 content => template('exim/locals.erb')
61 file { '/etc/exim4/virtualdomains':
62 content => template('exim/virtualdomains.erb'),
64 file { '/etc/exim4/submission-domains':
65 content => template('exim/submission-domains.erb'),
67 file { '/etc/exim4/host_blacklist':
68 source => 'puppet:///modules/exim/common/host_blacklist',
70 file { '/etc/exim4/blacklist':
71 source => 'puppet:///modules/exim/common/blacklist',
73 file { '/etc/exim4/callout_users':
74 source => 'puppet:///modules/exim/common/callout_users',
76 file { '/etc/exim4/grey_users':
77 source => 'puppet:///modules/exim/common/grey_users',
79 file { '/etc/exim4/helo-check':
80 source => 'puppet:///modules/exim/common/helo-check',
82 file { '/etc/exim4/localusers':
83 source => 'puppet:///modules/exim/common/localusers',
85 file { '/etc/exim4/rbllist':
86 source => 'puppet:///modules/exim/common/rbllist',
88 file { '/etc/exim4/rhsbllist':
89 source => 'puppet:///modules/exim/common/rhsbllist',
91 file { '/etc/exim4/whitelist':
92 source => 'puppet:///modules/exim/common/whitelist',
94 file { '/etc/logrotate.d/exim4-base':
95 source => 'puppet:///modules/exim/common/logrotate-exim4-base',
97 file { '/etc/logrotate.d/exim4-paniclog':
98 source => 'puppet:///modules/exim/common/logrotate-exim4-paniclog'
100 file { '/etc/exim4/ssl/thishost.crt':
101 source => "puppet:///modules/exim/certs/${::fqdn}.crt",
102 group => Debian-exim,
105 file { '/etc/exim4/ssl/thishost.key':
106 source => "puppet:///modules/exim/certs/${::fqdn}.key",
107 group => Debian-exim,
110 file { '/etc/exim4/ssl/ca.crt':
111 source => 'puppet:///modules/exim/certs/ca.crt',
112 group => Debian-exim,
115 file { '/etc/exim4/ssl/ca.crl':
116 source => 'puppet:///modules/exim/certs/ca.crl',
117 group => Debian-exim,
120 file { '/var/log/exim4':
123 owner => Debian-exim,
127 case getfromhash($site::nodeinfo, 'mail_port') {
128 /^(\d+)$/: { $mail_port = $1 }
129 default: { $mail_port = 'smtp' }
132 @ferm::rule { 'dsa-exim':
133 description => 'Allow SMTP',
134 rule => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_SOURCES)"
137 @ferm::rule { 'dsa-exim-v6':
138 description => 'Allow SMTP',
140 rule => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)"
143 # Do we actually want this? I'm only doing it because it's harmless
144 # and makes the logs quiet. There are better ways of making logs quiet,
146 @ferm::rule { 'dsa-ident':
147 domain => '(ip ip6)',
148 description => 'Allow ident access',
149 rule => '&SERVICE(tcp, 113)'