X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Fmanifests%2Fmx.pp;h=a13da667d66789e03bd9dd9ecb21ec50bbc63c24;hb=e739bbe61de54a0b1fc01ba09f7802c9332c58fd;hp=42604eb953971b0172bdb1c6d203fa186035de68;hpb=b3d9dd83da3f8ac34ccbdf912e1113f1ef49a64c;p=mirror%2Fdsa-puppet.git

diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp
index 42604eb95..a13da667d 100644
--- a/modules/exim/manifests/mx.pp
+++ b/modules/exim/manifests/mx.pp
@@ -1,60 +1,52 @@
-class exim::mx inherits exim {
-	include clamav
-	include postgrey
-	include fail2ban::exim
+# our heavy exim class
+class exim::mx {
+  class { 'exim':
+    use_smarthost => false,
+  }
 
-	file { '/etc/exim4/ccTLD.txt':
-		source => 'puppet:///modules/exim/common/ccTLD.txt',
-	}
-	file { '/etc/exim4/surbl_whitelist.txt':
-		source => 'puppet:///modules/exim/common/surbl_whitelist.txt',
-	}
-	file { '/etc/exim4/exim_surbl.pl':
-		source  => 'puppet:///modules/exim/common/exim_surbl.pl',
-		notify  => Service['exim4'],
-	}
+  include clamav
+  include postgrey
+  include fail2ban::exim
 
-	# 20181010 many connections:
-	#  188.165.219.27
-	#  125.72.232.*
-	#  140.224.61.*
-	#  117.24.36.0/22
-	#  115.235.157.28
-	#  113.110.47.180
-	#  121.226.141.*
-	@ferm::rule { 'dsa-mail-abusers':
-		prio  => "000",
-		rule  => "saddr (188.165.219.27 125.72.232.0/24 140.224.61.0/24 117.24.38.0/22 115.235.157.28 113.110.47.180 121.226.141.0/24) DROP",
-	}
+  file { '/etc/exim4/ccTLD.txt':
+    source => 'puppet:///modules/exim/common/ccTLD.txt',
+  }
+  file { '/etc/exim4/surbl_whitelist.txt':
+    source => 'puppet:///modules/exim/common/surbl_whitelist.txt',
+  }
+  file { '/etc/exim4/exim_surbl.pl':
+    source => 'puppet:///modules/exim/common/exim_surbl.pl',
+    notify => Service['exim4'],
+  }
 
-	# MXs used as smarthosts
-	@ferm::rule { 'dsa-exim-submission':
-		description => 'Allow SMTP',
-		rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_SOURCES)'
-	}
-	@ferm::rule { 'dsa-exim-v6-submission':
-		description => 'Allow SMTP',
-		domain      => 'ip6',
-		rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)',
-	}
-	$autocertdir = hiera('paths.auto_certs_dir')
-	dnsextras::tlsa_record{ "tlsa-submission":
-		zone => 'debian.org',
-		certfile => "${autocertdir}/${::fqdn}.crt",
-		port => 587,
-		hostname => "$::fqdn",
-	}
-	package { 'nagios-plugins-standard':
-		ensure => installed,
-	}
+  # MXs used as smarthosts
+  ferm::rule { 'dsa-exim-submission':
+    description => 'Allow SMTP',
+    rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_SOURCES)'
+  }
+  ferm::rule { 'dsa-exim-v6-submission':
+    description => 'Allow SMTP',
+    domain      => 'ip6',
+    rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)',
+  }
+  $autocertdir = hiera('paths.auto_certs_dir')
+  dnsextras::tlsa_record{ 'tlsa-submission':
+    zone     => 'debian.org',
+    certfile => "${autocertdir}/${::fqdn}.crt",
+    port     => 587,
+    hostname => $::fqdn,
+  }
+  package { 'monitoring-plugins-standard':
+    ensure => installed,
+  }
 
-	if has_role('mailrelay') {
-		concat::fragment { 'dsa-puppet-stuff--email-virtualdomains':
-			target => '/etc/cron.d/dsa-puppet-stuff',
-			content  => @(EOF)
-				@hourly  root if [ ! -d /etc/exim4/email-virtualdomains ]; then cd /etc/exim4 && git clone mail-git:email-virtualdomains ; fi && cd /etc/exim4/email-virtualdomains && git pull --quiet --ff-only
-				| EOF
-		}
-	}
-	file { '/etc/cron.d/dsa-email-virtualdomains': ensure => absent, }
+  if $exim::is_mailrelay {
+    concat::fragment { 'puppet-crontab--email-virtualdomains':
+      target  => '/etc/cron.d/puppet-crontab',
+      content => @(EOF)
+        @hourly  root if [ ! -d /etc/exim4/email-virtualdomains ]; then cd /etc/exim4 && git clone mail-git:email-virtualdomains ; fi && cd /etc/exim4/email-virtualdomains && git pull --quiet --ff-only
+        | EOF
+    }
+  }
+  file { '/etc/cron.d/dsa-email-virtualdomains': ensure => absent, }
 }