confine allow-all smtp in postfix to role lists

[mirror/dsa-puppet.git] / modules / postfix / manifests / init.pp

diff --git a/modules/postfix/manifests/init.pp b/modules/postfix/manifests/init.pp
index abb3ace..3367cbb 100644 (file)
--- a/modules/postfix/manifests/init.pp
+++ b/modules/postfix/manifests/init.pp
@@ -1,5 +1,4 @@
 class postfix {
-
        package { 'postfix':
                ensure => installed
        }
@@ -8,8 +7,6 @@ class postfix {
                ensure => running
        }
 
-       include clamav
-
        munin::check { 'ps_exim4':       ensure => absent }
        munin::check { 'exim_mailqueue': ensure => absent }
        munin::check { 'exim_mailstats': ensure => absent }
@@ -20,9 +17,11 @@ class postfix {
        munin::check { 'ps_smtp': script => 'ps_' }
        munin::check { 'ps_smtpd': script => 'ps_' }
 
-       @ferm::rule { 'smtp':
-               domain      => '(ip ip6)',
-               description => 'Allow smtp access',
-               rule        => '&SERVICE(tcp, 25)'
+       if has_role('lists') {
+               @ferm::rule { 'smtp':
+                       domain      => '(ip ip6)',
+                       description => 'Allow smtp access',
+                       rule        => '&SERVICE(tcp, 25)'
+               }
        }
 }