Make the manualroute explicitly send to port 25 by default as that simplifies the...

[mirror/dsa-puppet.git] / modules / roles / manifests / mta.pp

# Every one of our hosts has an MTA
#
# @param type exim4 or postfix.  exim4 is our default MTA
# @param heavy receive email from the internet and thus do spam filtering etc
# @param mailrelay receive mail on other hosts' behalf.  implies heavy
class roles::mta(
  Enum['exim4', 'postfix'] $type = 'exim4',
  Boolean $heavy = false,
  Boolean $mailrelay = false,
) {
  if $type == 'exim4' {
    if $mailrelay {
      include roles::mailrelay
    } elsif $heavy {
      include exim::mx
    } else {
      include exim
    }
  } elsif $type == 'postfix' {
    if $mailrelay {
      fail("Unsupported: mailrelay on type ${type}")
    }
    include postfix
  } else {
    fail("Unexpected mta type ${type}")
  }


  $mxdata = dig($deprecated::nodeinfo, 'ldap', 'mXRecord')
  $mailport = lookup( { 'name' => 'exim::mail_port', 'default_value' => 25 } )

  if $mxdata and $mxdata.any |$item| { $item =~ /INCOMING-MX/ } {
    # a mail satellite.  Gets mail via the mailrelays and sends out mail via the mail relays

    @@concat::fragment { "manualroute-to-${::fqdn}":
      tag     => 'exim::manualroute::to::mailrelay',
      target  => '/etc/exim4/manualroute',
      content => "${::fqdn}:   ${::fqdn}::${mailport}",
    }

    @@ferm::rule::simple { "submission-from-${::fqdn}":
      tag   => 'smtp::server::submission::to::mail-relay',
      chain => 'submission',
      saddr => $base::public_addresses,
    }

    Ferm::Rule::Simple <<| tag == 'smtp::server::to::mail-satellite' |>> {
      port => $mailport
    }

  } else {
    # not a mail satellite

    if ! defined(Class['exim::mx']) and ! defined(Class['postfix']) {
      fail('We are not an exim::mx (or a postfix) yet do not have set our MXs to INCOMING-MX.')
    }

    ferm::rule::simple { 'dsa-smtp':
      description => 'Allow smtp access from the world',
      port        => '25',
    }
  }
}