X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Fmanifests%2Fmx.pp;h=3a30975e5597470f86cacde0d7dc0a89ba897658;hb=3d1e20d9385fd27268e268d7d022b86ac6c905c5;hp=54f1933b3c5c3586e801319da3b1fd91fe429776;hpb=f833a1c122597f80da4d4095cae8d7d5bd852a7a;p=mirror%2Fdsa-puppet.git

diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp
index 54f1933b3..3a30975e5 100644
--- a/modules/exim/manifests/mx.pp
+++ b/modules/exim/manifests/mx.pp
@@ -1,45 +1,40 @@
-class exim::mx inherits exim {
-	include clamav
-	include postgrey
+# our heavy exim class
+# @param is_mailrelay this system is a mailrelay, both in and out, for debian hosts
+class exim::mx(
+  Boolean $is_mailrelay = false,
+){
+  class { 'exim':
+    use_smarthost => false,
+    is_mailrelay  => $is_mailrelay,
+  }
 
-	file { '/etc/exim4/ccTLD.txt':
-		source => 'puppet:///modules/exim/common/ccTLD.txt',
-	}
-	file { '/etc/exim4/surbl_whitelist.txt':
-		source => 'puppet:///modules/exim/common/surbl_whitelist.txt',
-	}
-	file { '/etc/exim4/exim_surbl.pl':
-		source  => 'puppet:///modules/exim/common/exim_surbl.pl',
-		notify  => Service['exim4'],
-	}
+  include clamav
+  include postgrey
+  include fail2ban::exim
 
-	# MXs used as smarthosts
-	@ferm::rule { 'dsa-exim-submission':
-		description => 'Allow SMTP',
-		rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_SOURCES)'
-	}
-	@ferm::rule { 'dsa-exim-v6-submission':
-		description => 'Allow SMTP',
-		domain      => 'ip6',
-		rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)',
-	}
-	dnsextras::tlsa_record{ "tlsa-submission":
-		zone => 'debian.org',
-		certfile => "/etc/puppet/modules/exim/files/certs/${::fqdn}.crt",
-		port => 587,
-		hostname => "$::fqdn",
-	}
-	package { 'nagios-plugins-standard':
-		ensure => installed,
-	}
+  file { '/etc/exim4/ccTLD.txt':
+    source => 'puppet:///modules/exim/common/ccTLD.txt',
+  }
+  file { '/etc/exim4/surbl_whitelist.txt':
+    source => 'puppet:///modules/exim/common/surbl_whitelist.txt',
+  }
+  file { '/etc/exim4/two-level-tlds':
+    source => 'puppet:///modules/exim/common/two-level-tlds',
+  }
+  file { '/etc/exim4/three-level-tlds':
+    source => 'puppet:///modules/exim/common/three-level-tlds',
+  }
+  file { '/etc/exim4/exim_surbl.pl':
+    source => 'puppet:///modules/exim/common/exim_surbl.pl',
+    notify => Service['exim4'],
+  }
 
-	if has_role('mailrelay') {
-		file { '/etc/cron.d/dsa-email-virtualdomains':
-			source => 'puppet:///modules/exim/dsa-email-virtualdomains.cron',
-		}
-	} else {
-		file { '/etc/cron.d/dsa-email-virtualdomains':
-			ensure => absent,
-		}
-	}
+  package { 'monitoring-plugins-standard':
+    ensure => installed,
+  }
+
+  ferm::rule::simple { 'dsa-smtp':
+    description => 'Allow smtp access from the world',
+    port        => '25',
+  }
 }