Have the mailrelays store a firewall rule to allow incoming smtp on the other hosts

diff --git a/modules/roles/manifests/mailrelay.pp b/modules/roles/manifests/mailrelay.pp
index f7c1a04..b84b13f 100644 (file)
--- a/modules/roles/manifests/mailrelay.pp
+++ b/modules/roles/manifests/mailrelay.pp
@@ -20,4 +20,13 @@ class roles::mailrelay {
     username => $::fqdn,
     password => $rabbit_password
   }
+
+  # smtp firewalling setup
+  ###
+  @@ferm::rule::simple { "dsa-smtp-from-mailrelay-${::fqdn}":
+    tag         => 'smtp::server::from::mailrelay',
+    description => 'Allow smtp access from a mailrelay',
+    port        => '25',
+    saddr       => $base::public_addresses,
+  }
 }