+# our exim class
+# @param smarthost host to relay through (if unset)
+# @param is_bugsmx this system handles bugs.debian.org
+# @param is_mailrelay this system is a mailrelay, both in and out, for debian hosts
+# @param is_rtmaster this system handles rt.debian.org
+# @param is_packagesmaster this system handles packagesrt.debian.org
+# @param is_packagesqamaster this system handles packages.qa.debian.org
+# @param smarthost_port the port on which satellites send mail to the smarthost
class exim (
+ Optional[String] $smarthost,
Boolean $is_bugsmx = false,
Boolean $is_mailrelay = false,
Boolean $is_rtmaster = false,
include exim::vdomain::setup
include debian_org::mail_incoming_port
+ if $smarthost {
+ $heavy = false
+ } else {
+ $heavy = true
+ }
+
munin::check { 'ps_exim4': script => 'ps_' }
munin::check { 'exim_mailqueue': }
munin::check { 'exim_mailstats': }
# MAIN CONFIGURATION SETTINGS #
######################################################################
-<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%>
+<%- if @heavy -%>
perl_startup = do '/etc/exim4/exim_surbl.pl'
<%- end -%>
acl_smtp_helo = check_helo
acl_smtp_rcpt = ${if ={$interface_port}{587} {check_submission}{check_recipient}}
acl_smtp_data = check_message
-<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%>
+<%- if @heavy -%>
acl_smtp_mime = acl_check_mime
<%- end -%>
acl_smtp_predata = acl_check_predata
message_size_limit = 100M
message_logs = false
smtp_accept_max_per_host = ${if match_ip {$sender_host_address}{+debianhosts}{0}{7}}
-<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%>
+<%- if @heavy -%>
smtp_accept_max = 300
smtp_accept_queue = 200
smtp_accept_queue_per_connection = 50
delay_warning =
-<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%>
+<%- if @heavy -%>
message_body_visible = 5000
queue_run_max = 50
deliver_queue_load_max = 50
accept verify = certificate
<%- end -%>
-<%- if scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? -%>
+<%- unless @smarthost -%>
# These are in HELO acl so that they are only run once. They increment a counter,
# so we don't want it to increment per rcpt to.
accept local_parts = +postmasterish
domains = +virtual_domains : +bsmtp_domains
-<%- if scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? -%>
+<%- unless @smarthost -%>
deny message = host $sender_host_address is listed in $dnslist_domain; see $dnslist_text
dnslists = ${if match_domain{$domain}{+virtual_domains}\
{${if exists {${extract{directory}{VDOMAINDATA}{${value}/rbllist}}}\
domains = +handled_domains
!hosts = +debianhosts : WHITELIST
-<%- if scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? -%>
+<%- unless @smarthost -%>
deny domains = +handled_domains
local_parts = ${if match_domain{$domain}{+virtual_domains}\
{${if exists {${extract{directory}{VDOMAINDATA}{${value}/callout_users}}}\
deny message = relay not permitted
-<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%>
+<%- if @heavy -%>
acl_check_mime:
accept verify = certificate
message = X-malware detected: $malware_name
<%- end -%>
-<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%>
+<%- if @heavy -%>
discard condition = ${if <{$message_size}{256000}}
condition = ${if eq {$acl_m_prf}{blackhole}}
set acl_m_srb = ${perl{surblspamcheck}}
transport = remote_smtp
ignore_target_hosts = +reservedaddrs
-<%=
-out = ""
-if not scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty?
-out = "
+<%- if @smarthost -%>
smarthost:
debug_print = \"R: smarthost for $local_part@$domain\"
driver = manualroute
domains = !+handled_domains
transport = remote_smtp_smarthost
- route_list = * #{scope.lookupvar('deprecated::nodeinfo')['smarthost']}
+ route_list = * <%= @smarthost %>
host_find_failed = defer
same_domain_copy_routing = yes
no_more
-"
-end
-out
-%>
+<%- end -%>
# This router routes to remote hosts over SMTP using a DNS lookup.
# Ignore reserved network responses, including localhost.
tls_certificate = /etc/exim4/ssl/thishost.crt
tls_privatekey = /etc/exim4/ssl/thishost.key
-<%- if not scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? -%>
+<%- if @smarthost -%>
remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
--- /dev/null
+# Every one of our hosts has an MTA
+#
+# @param type exim4 or postfix. exim4 is our default MTA
+# @param heavy receive email from the internet and thus do spam filtering etc
+# @param mailrelay receive mail on other hosts' behalf. implies heavy
+class roles::mta(
+ Enum['exim4', 'postfix'] $type = 'exim4',
+ Boolean $heavy = false,
+ Boolean $mailrelay = false,
+) {
+ if $type == 'exim4' {
+ if $mailrelay {
+ include roles::mailrelay
+ } elsif $heavy {
+ include exim::mx
+ } else {
+ include exim
+ }
+ } elsif $type == 'postfix' {
+ if $mailrelay {
+ fail("Unsupported: mailrelay on type ${type}")
+ }
+ include postfix
+ } else {
+ fail("Unexpected mta type ${type}")
+ }
+}
projects / mirror / dsa-puppet.git / commitdiff