On hosts that get mail via mailrelays, try to collect the ferm rule that will allow...

[mirror/dsa-puppet.git] / modules / roles / manifests / mta.pp

diff --git a/modules/roles/manifests/mta.pp b/modules/roles/manifests/mta.pp
index 4e672d7..b985cd0 100644 (file)
--- a/modules/roles/manifests/mta.pp
+++ b/modules/roles/manifests/mta.pp
@@ -11,14 +11,17 @@ class roles::mta(
   if $type == 'exim4' {
     if $mailrelay {
       include roles::mailrelay
-    } elsif $heavy {
-      include exim::mx
     } else {
-      include exim
+      if $heavy {
+        include exim::mx
+      } else {
+        include exim
+      }
+
+      $mxdata = dig($deprecated::nodeinfo, 'ldap', 'mXRecord')
+      if $mxdata and $mxdata.any |$item| { $item =~ /INCOMING-MX/ } {
+        $mailport = lookup( { 'name' => 'exim::mail_port', 'default_value' => undef } )
 
-      $mxdata = dig($deprecated::nodeinfo, 'ldap', 'mxRecord')
-      if $mxdata and $mxdata =~ /INCOMING-MX/ {
-        $mailport = lookup('exim::mail_port')
 
         @@concat::fragment { "manualroute-to-${::fqdn}":
           tag     => 'exim::manualroute::to::mailrelay',
@@ -28,6 +31,10 @@ class roles::mta(
             default => "${::fqdn}:   ${::fqdn}::${mailport}",
           }
         }
+
+        Ferm::Rule::Simple <<| tag == 'smtp::server::from::mailrelay' |>> {
+          port => $mailport
+        }
       }
     }
   } elsif $type == 'postfix' {