X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Fmanifests%2Fmx.pp;h=46df05cb96392a7364909f6f8eea586736d539a2;hb=a6dc2ce398a9c49a4d5ddf131aefbe53d247f4d3;hp=c1b4fdbca3afc289dac07dbf90749fa0d04c34e3;hpb=3eb533e5499e66423bafdedaf6c7d08ead1772de;p=mirror%2Fdsa-puppet.git diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp index c1b4fdbca..46df05cb9 100644 --- a/modules/exim/manifests/mx.pp +++ b/modules/exim/manifests/mx.pp @@ -1,6 +1,7 @@ class exim::mx inherits exim { include clamav include postgrey + include fail2ban::exim file { '/etc/exim4/ccTLD.txt': source => 'puppet:///modules/exim/common/ccTLD.txt', @@ -13,14 +14,34 @@ class exim::mx inherits exim { notify => Service['exim4'], } - @ferm::rule { 'dsa-exim-submission': + # MXs used as smarthosts + ferm::rule { 'dsa-exim-submission': description => 'Allow SMTP', - rule => '&SERVICE_RANGE(tcp, submission, \$SMTP_SOURCES)' + rule => '&SERVICE_RANGE(tcp, submission, $SMTP_SOURCES)' } - @ferm::rule { 'dsa-exim-v6-submission': + ferm::rule { 'dsa-exim-v6-submission': description => 'Allow SMTP', domain => 'ip6', - rule => '&SERVICE_RANGE(tcp, submission, \$SMTP_V6_SOURCES)', + rule => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)', + } + $autocertdir = hiera('paths.auto_certs_dir') + dnsextras::tlsa_record{ "tlsa-submission": + zone => 'debian.org', + certfile => "${autocertdir}/${::fqdn}.crt", + port => 587, + hostname => "$::fqdn", + } + package { 'monitoring-plugins-standard': + ensure => installed, } + if has_role('mailrelay') { + concat::fragment { 'dsa-puppet-stuff--email-virtualdomains': + target => '/etc/cron.d/dsa-puppet-stuff', + content => @(EOF) + @hourly root if [ ! -d /etc/exim4/email-virtualdomains ]; then cd /etc/exim4 && git clone mail-git:email-virtualdomains ; fi && cd /etc/exim4/email-virtualdomains && git pull --quiet --ff-only + | EOF + } + } + file { '/etc/cron.d/dsa-email-virtualdomains': ensure => absent, } }