1 class exim::mx inherits exim {
6 file { '/etc/exim4/ccTLD.txt':
7 source => 'puppet:///modules/exim/common/ccTLD.txt',
9 file { '/etc/exim4/surbl_whitelist.txt':
10 source => 'puppet:///modules/exim/common/surbl_whitelist.txt',
12 file { '/etc/exim4/exim_surbl.pl':
13 source => 'puppet:///modules/exim/common/exim_surbl.pl',
14 notify => Service['exim4'],
17 # 20181010 many connections:
25 @ferm::rule { 'dsa-mail-abusers':
27 rule => "saddr (188.165.219.27 125.72.232.0/24 140.224.61.0/24 117.24.38.0/22 115.235.157.28 113.110.47.180 121.226.141.0/24) DROP",
30 # MXs used as smarthosts
31 @ferm::rule { 'dsa-exim-submission':
32 description => 'Allow SMTP',
33 rule => '&SERVICE_RANGE(tcp, submission, $SMTP_SOURCES)'
35 @ferm::rule { 'dsa-exim-v6-submission':
36 description => 'Allow SMTP',
38 rule => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)',
40 $autocertdir = hiera('paths.auto_certs_dir')
41 dnsextras::tlsa_record{ "tlsa-submission":
43 certfile => "${autocertdir}/${::fqdn}.crt",
45 hostname => "$::fqdn",
47 package { 'nagios-plugins-standard':
51 if has_role('mailrelay') {
52 concat::fragment { 'dsa-puppet-stuff--email-virtualdomains':
53 target => '/etc/cron.d/dsa-puppet-stuff',
55 @hourly root if [ ! -d /etc/exim4/email-virtualdomains ]; then cd /etc/exim4 && git clone mail-git:email-virtualdomains ; fi && cd /etc/exim4/email-virtualdomains && git pull --quiet --ff-only
59 file { '/etc/cron.d/dsa-email-virtualdomains': ensure => absent, }
projects / mirror / dsa-puppet.git / blob