include exim::mx
} else {
include exim
-
- $mxdata = dig($deprecated::nodeinfo, 'ldap', 'mxRecord')
- if $mxdata and $mxdata =~ /INCOMING-MX/ {
- $mailport = lookup('exim::mail_port')
-
- @@concat::fragment { "manualroute-to-${::fqdn}":
- tag => 'exim::manualroute::to::mailrelay',
- target => '/etc/exim4/manualroute-new',
- content => $mailport == undef ? {
- true => "${::fqdn}: ${::fqdn}",
- default => "${::fqdn}: ${::fqdn}::${mailport}",
- }
- }
- }
}
} elsif $type == 'postfix' {
if $mailrelay {
} else {
fail("Unexpected mta type ${type}")
}
+
+
+ $mxdata = dig($deprecated::nodeinfo, 'ldap', 'mXRecord')
+ $mailport = lookup( { 'name' => 'exim::mail_port', 'default_value' => 25 } )
+
+ if $mxdata and $mxdata.any |$item| { $item =~ /INCOMING-MX/ } {
+ # a mail satellite. Gets mail via the mailrelays and sends out mail via the mail relays
+
+ exim::manualroute{ $::fqdn: }
+
+ @@ferm::rule::simple { "submission-from-${::fqdn}":
+ tag => 'smtp::server::submission::to::mail-relay',
+ chain => 'submission',
+ saddr => $base::public_addresses,
+ }
+
+ Ferm::Rule::Simple <<| tag == 'smtp::server::to::mail-satellite' |>> {
+ port => $mailport
+ }
+
+ } else {
+ # not a mail satellite
+
+ if ! defined(Class['exim::mx']) and ! defined(Class['postfix']) {
+ fail('We are not an exim::mx (or a postfix) yet do not have set our MXs to INCOMING-MX.')
+ }
+
+ # firewall allow is done by the exim::mx class
+ }
+
+ $autocertdir = hiera('paths.auto_certs_dir')
+ dnsextras::tlsa_record{ 'tlsa-mailport':
+ zone => 'debian.org',
+ certfile => "${autocertdir}/${::fqdn}.crt",
+ port => $mailport,
+ hostname => $::fqdn,
+ }
}
projects / mirror / dsa-puppet.git / blobdiff