1 # Every one of our hosts has an MTA
3 # @param type exim4 or postfix. exim4 is our default MTA
4 # @param heavy receive email from the internet and thus do spam filtering etc
5 # @param mailrelay receive mail on other hosts' behalf. implies heavy
7 Enum['exim4', 'postfix'] $type = 'exim4',
8 Boolean $heavy = false,
9 Boolean $mailrelay = false,
13 include roles::mailrelay
19 } elsif $type == 'postfix' {
21 fail("Unsupported: mailrelay on type ${type}")
25 fail("Unexpected mta type ${type}")
29 $mxdata = dig($deprecated::nodeinfo, 'ldap', 'mXRecord')
30 $mailport = lookup( { 'name' => 'exim::mail_port', 'default_value' => 25 } )
32 if $mxdata and $mxdata.any |$item| { $item =~ /INCOMING-MX/ } {
33 # a mail satellite. Gets mail via the mailrelays and sends out mail via the mail relays
35 @@concat::fragment { "manualroute-to-${::fqdn}":
36 tag => 'exim::manualroute::to::mailrelay',
37 target => '/etc/exim4/manualroute',
38 content => "${::fqdn}: ${::fqdn}::${mailport}",
41 @@ferm::rule::simple { "submission-from-${::fqdn}":
42 tag => 'smtp::server::submission::to::mail-relay',
43 chain => 'submission',
44 saddr => $base::public_addresses,
47 Ferm::Rule::Simple <<| tag == 'smtp::server::to::mail-satellite' |>> {
52 # not a mail satellite
54 if ! defined(Class['exim::mx']) and ! defined(Class['postfix']) {
55 fail('We are not an exim::mx (or a postfix) yet do not have set our MXs to INCOMING-MX.')
58 ferm::rule::simple { 'dsa-smtp':
59 description => 'Allow smtp access from the world',
64 $autocertdir = hiera('paths.auto_certs_dir')
65 dnsextras::tlsa_record{ 'tlsa-mailport':
67 certfile => "${autocertdir}/${::fqdn}.crt",