# include roles::mailrelay
#
class roles::mailrelay {
- include exim::mx
+ include exim::mailrelay
include roles::pubsub::parameters
# smtp firewalling setup
###
@@ferm::rule::simple { "dsa-smtp-from-mailrelay-${::fqdn}":
- tag => 'smtp::server::from::mailrelay',
+ tag => 'smtp::server::to::mail-satellite',
description => 'Allow smtp access from a mailrelay',
- port => '25',
+ port => '7', # will be overwritten on collection
saddr => $base::public_addresses,
}
+
+ ferm::rule::simple { 'submission-from-satellites':
+ target => 'submission',
+ port => 'submission',
+ }
+ Ferm::Rule::Simple <<| tag == 'smtp::server::submission::to::mail-relay' |>>
+
+ $autocertdir = hiera('paths.auto_certs_dir')
+ dnsextras::tlsa_record{ 'tlsa-submission':
+ zone => 'debian.org',
+ certfile => "${autocertdir}/${::fqdn}.crt",
+ port => 587,
+ hostname => $::fqdn,
+ }
}