class exim {
+ $is_mailrelay = has_role('mailrelay')
+ $is_bugsmx = has_role('bugsmx')
+ $is_rtmaster = has_role('rtmaster')
+ $is_packagesmaster = has_role('packagesmaster')
+ $is_packagesqamaster = has_role('packagesqamaster')
+
include exim::vdomain::setup
+ include debian_org::mail_incoming_port
munin::check { 'ps_exim4': script => 'ps_' }
munin::check { 'exim_mailqueue': }
concat::fragment { 'virtual_domain_template':
target => '/etc/exim4/virtualdomains',
content => template('exim/virtualdomains.erb'),
- order => 05,
+ order => '05',
}
service { 'exim4':
}
file { '/etc/exim4/Git':
ensure => absent,
- # git checkouts through puppet. yummy.
- file { '/etc/exim4/email-virtualdomains':
- recurse => true,
- source => 'puppet:///modules/exim/email-virtualdomains',
+ force => true,
}
file { '/etc/exim4/conf.d':
ensure => directory,
}
file { '/etc/exim4/ssl':
ensure => directory,
- group => Debian-exim,
+ group => 'Debian-exim',
mode => '0750',
purge => true,
}
}
file { '/etc/exim4/ssl/thishost.crt':
source => "puppet:///modules/exim/certs/${::fqdn}.crt",
- group => Debian-exim,
+ group => 'Debian-exim',
mode => '0640',
}
file { '/etc/exim4/ssl/thishost.key':
source => "puppet:///modules/exim/certs/${::fqdn}.key",
- group => Debian-exim,
+ group => 'Debian-exim',
mode => '0640',
}
file { '/etc/exim4/ssl/ca.crt':
source => 'puppet:///modules/exim/certs/ca.crt',
- group => Debian-exim,
+ group => 'Debian-exim',
mode => '0640',
}
file { '/etc/exim4/ssl/ca.crl':
source => 'puppet:///modules/exim/certs/ca.crl',
- group => Debian-exim,
+ group => 'Debian-exim',
mode => '0640',
}
file { '/var/log/exim4':
ensure => directory,
mode => '2750',
- owner => Debian-exim,
+ owner => 'Debian-exim',
group => maillog,
}
- case getfromhash($site::nodeinfo, 'mail_port') {
- /^(\d+)$/: { $mail_port = $1 }
- default: { $mail_port = '25' }
- }
-
- @ferm::rule { 'dsa-exim':
- description => 'Allow SMTP',
- rule => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_SOURCES)"
- }
-
- @ferm::rule { 'dsa-exim-v6':
- description => 'Allow SMTP',
- domain => 'ip6',
- rule => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)"
- }
- dnsextras::tlsa_record{ "tlsa-mailport":
- zone => 'debian.org',
- certfile => "/etc/puppet/modules/exim/files/certs/${::fqdn}.crt",
- port => "$mail_port",
- hostname => "$::fqdn",
- }
-
# Do we actually want this? I'm only doing it because it's harmless
# and makes the logs quiet. There are better ways of making logs quiet,
# though.
rule => '&SERVICE(tcp, 113)'
}
+ # These only affect the alias @$fqdn, not say, @debian.org
+
+ mailalias { [
+ 'postmaster',
+ 'hostmaster',
+ 'usenet',
+ 'webmaster',
+ 'abuse',
+ 'noc',
+ 'security',
+ ]:
+ ensure => absent
+ }
}
projects / mirror / dsa-puppet.git / blobdiff