X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Fmanifests%2Fmx.pp;h=8916c096a20efe3c0cf9dbdb0944fd9783e0ab34;hb=8532689c735ba87e8c00161224e068c2ba06f640;hp=fa36ec8c1b27142bc9a9d57a445ae1780d28e7bb;hpb=368e147f10b8e748f7e171a15568a94d79599039;p=mirror%2Fdsa-puppet.git diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp index fa36ec8c1..8916c096a 100644 --- a/modules/exim/manifests/mx.pp +++ b/modules/exim/manifests/mx.pp @@ -1,7 +1,11 @@ # our heavy exim class -class exim::mx { +# @param is_mailrelay this system is a mailrelay, both in and out, for debian hosts +class exim::mx( + Boolean $is_mailrelay = false, +){ class { 'exim': - smarthost => Undef, + use_smarthost => false, + is_mailrelay => $is_mailrelay, } include clamav @@ -19,34 +23,12 @@ class exim::mx { notify => Service['exim4'], } - # MXs used as smarthosts - ferm::rule { 'dsa-exim-submission': - description => 'Allow SMTP', - rule => '&SERVICE_RANGE(tcp, submission, $SMTP_SOURCES)' - } - ferm::rule { 'dsa-exim-v6-submission': - description => 'Allow SMTP', - domain => 'ip6', - rule => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)', - } - $autocertdir = hiera('paths.auto_certs_dir') - dnsextras::tlsa_record{ 'tlsa-submission': - zone => 'debian.org', - certfile => "${autocertdir}/${::fqdn}.crt", - port => 587, - hostname => $::fqdn, - } package { 'monitoring-plugins-standard': ensure => installed, } - if $exim::is_mailrelay { - concat::fragment { 'puppet-crontab--email-virtualdomains': - target => '/etc/cron.d/puppet-crontab', - content => @(EOF) - @hourly root if [ ! -d /etc/exim4/email-virtualdomains ]; then cd /etc/exim4 && git clone mail-git:email-virtualdomains ; fi && cd /etc/exim4/email-virtualdomains && git pull --quiet --ff-only - | EOF - } + ferm::rule::simple { 'dsa-smtp': + description => 'Allow smtp access from the world', + port => '25', } - file { '/etc/cron.d/dsa-email-virtualdomains': ensure => absent, } }