From 28f397a5c62193d2a7ba3f48a2d5a118a7d9a90a Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 21 Sep 2019 17:34:24 +0200
Subject: [PATCH] Have the mailrelays store a firewall rule to allow incoming
 smtp on the other hosts

---
 modules/roles/manifests/mailrelay.pp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/modules/roles/manifests/mailrelay.pp b/modules/roles/manifests/mailrelay.pp
index f7c1a047a..b84b13fbf 100644
--- a/modules/roles/manifests/mailrelay.pp
+++ b/modules/roles/manifests/mailrelay.pp
@@ -20,4 +20,13 @@ class roles::mailrelay {
     username => $::fqdn,
     password => $rabbit_password
   }
+
+  # smtp firewalling setup
+  ###
+  @@ferm::rule::simple { "dsa-smtp-from-mailrelay-${::fqdn}":
+    tag         => 'smtp::server::from::mailrelay',
+    description => 'Allow smtp access from a mailrelay',
+    port        => '25',
+    saddr       => $base::public_addresses,
+  }
 }
-- 
2.20.1