X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Fmanifests%2Fmx.pp;h=3a30975e5597470f86cacde0d7dc0a89ba897658;hb=3d1e20d9385fd27268e268d7d022b86ac6c905c5;hp=0157b1439ce72edcc1ecb3624860fa044b100c2b;hpb=bb3c419ae3fb9387d5e91cf1e0dc9b82d167c728;p=mirror%2Fdsa-puppet.git

diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp
index 0157b1439..3a30975e5 100644
--- a/modules/exim/manifests/mx.pp
+++ b/modules/exim/manifests/mx.pp
@@ -18,29 +18,23 @@ class exim::mx(
   file { '/etc/exim4/surbl_whitelist.txt':
     source => 'puppet:///modules/exim/common/surbl_whitelist.txt',
   }
+  file { '/etc/exim4/two-level-tlds':
+    source => 'puppet:///modules/exim/common/two-level-tlds',
+  }
+  file { '/etc/exim4/three-level-tlds':
+    source => 'puppet:///modules/exim/common/three-level-tlds',
+  }
   file { '/etc/exim4/exim_surbl.pl':
     source => 'puppet:///modules/exim/common/exim_surbl.pl',
     notify => Service['exim4'],
   }
 
-  # MXs used as smarthosts
-  ferm::rule { 'dsa-exim-submission':
-    description => 'Allow SMTP',
-    rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_SOURCES)'
-  }
-  ferm::rule { 'dsa-exim-v6-submission':
-    description => 'Allow SMTP',
-    domain      => 'ip6',
-    rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)',
-  }
-  $autocertdir = hiera('paths.auto_certs_dir')
-  dnsextras::tlsa_record{ 'tlsa-submission':
-    zone     => 'debian.org',
-    certfile => "${autocertdir}/${::fqdn}.crt",
-    port     => 587,
-    hostname => $::fqdn,
-  }
   package { 'monitoring-plugins-standard':
     ensure => installed,
   }
+
+  ferm::rule::simple { 'dsa-smtp':
+    description => 'Allow smtp access from the world',
+    port        => '25',
+  }
 }