# include roles::mailrelay
#
class roles::mailrelay {
+ include exim::mailrelay
+
include roles::pubsub::parameters
$rabbit_password = $roles::pubsub::parameters::rabbit_password
username => $::fqdn,
password => $rabbit_password
}
+
+ # smtp firewalling setup
+ ###
+ @@ferm::rule::simple { "dsa-smtp-from-mailrelay-${::fqdn}":
+ tag => 'smtp::server::to::mail-satellite',
+ description => 'Allow smtp access from a mailrelay',
+ port => '7', # will be overwritten on collection
+ saddr => $base::public_addresses,
+ }
+
+ ferm::rule::simple { 'submission-from-satellites':
+ target => 'submission',
+ port => 'submission',
+ }
+ Ferm::Rule::Simple <<| tag == 'smtp::server::submission::to::mail-relay' |>>
+
+ $autocertdir = hiera('paths.auto_certs_dir')
+ dnsextras::tlsa_record{ 'tlsa-submission':
+ zone => 'debian.org',
+ certfile => "${autocertdir}/${::fqdn}.crt",
+ port => 587,
+ hostname => $::fqdn,
+ }
}