X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=inline;f=modules%2Froles%2Fmanifests%2Fmailrelay.pp;h=b84b13fbf31d147e7d72ef18476aea485c3f76ca;hb=28f397a5c62193d2a7ba3f48a2d5a118a7d9a90a;hp=388370a7a4918f6c06487d024278baf328427cf0;hpb=67cd009c15f58469d007633e610cbbe4e47c385e;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/mailrelay.pp b/modules/roles/manifests/mailrelay.pp
index 388370a7a..b84b13fbf 100644
--- a/modules/roles/manifests/mailrelay.pp
+++ b/modules/roles/manifests/mailrelay.pp
@@ -7,17 +7,26 @@
 #   include roles::mailrelay
 #
 class roles::mailrelay {
-	include roles::pubsub::parameters
+  include roles::pubsub::parameters
 
-	$rabbit_password = $roles::pubsub::parameters::rabbit_password
+  $rabbit_password = $roles::pubsub::parameters::rabbit_password
 
-	roles::pubsub::config { 'emailvdomains':
-		key      => 'dsa-emailvdomains-receive',
-		exchange => dsa,
-		queue    => "email-${::fqdn}",
-		topic    => 'dsa.email.update',
-		vhost    => dsa,
-		username => $::fqdn,
-		password => $rabbit_password
-	}
+  roles::pubsub::config { 'emailvdomains':
+    key      => 'dsa-emailvdomains-receive',
+    exchange => dsa,
+    queue    => "email-${::fqdn}",
+    topic    => 'dsa.email.update',
+    vhost    => dsa,
+    username => $::fqdn,
+    password => $rabbit_password
+  }
+
+  # smtp firewalling setup
+  ###
+  @@ferm::rule::simple { "dsa-smtp-from-mailrelay-${::fqdn}":
+    tag         => 'smtp::server::from::mailrelay',
+    description => 'Allow smtp access from a mailrelay',
+    port        => '25',
+    saddr       => $base::public_addresses,
+  }
 }