2 # @param smarthost host to relay through (if unset)
3 # @param is_bugsmx this system handles bugs.debian.org
4 # @param is_mailrelay this system is a mailrelay, both in and out, for debian hosts
5 # @param is_rtmaster this system handles rt.debian.org
6 # @param is_packagesmaster this system handles packagesrt.debian.org
7 # @param is_packagesqamaster this system handles packages.qa.debian.org
8 # @param smarthost_port the port on which satellites send mail to the smarthost
10 Optional[String] $smarthost,
11 Boolean $is_bugsmx = false,
12 Boolean $is_mailrelay = false,
13 Boolean $is_rtmaster = false,
14 Boolean $is_packagesmaster = false,
15 Boolean $is_packagesqamaster = false,
16 Integer $smarthost_port = 587,
18 include exim::vdomain::setup
19 include debian_org::mail_incoming_port
27 munin::check { 'ps_exim4': script => 'ps_' }
28 munin::check { 'exim_mailqueue': }
29 munin::check { 'exim_mailstats': }
31 munin::check { 'postfix_mailqueue': ensure => absent }
32 munin::check { 'postfix_mailstats': ensure => absent }
33 munin::check { 'postfix_mailvolume': ensure => absent }
35 package { 'exim4-daemon-heavy': ensure => installed }
37 Package['exim4-daemon-heavy']->Mailalias<| |>
39 concat::fragment { 'virtual_domain_template':
40 target => '/etc/exim4/virtualdomains',
41 content => template('exim/virtualdomains.erb'),
48 File['/etc/exim4/exim4.conf'],
49 Package['exim4-daemon-heavy'],
56 require => Package['exim4-daemon-heavy'],
59 file { '/etc/exim4/conf.d':
64 source => 'puppet:///files/empty/',
66 file { '/etc/exim4/ssl':
68 group => 'Debian-exim',
72 file { '/etc/exim4/exim4.conf':
73 content => template('exim/eximconf.erb'),
74 require => File['/etc/exim4/ssl/thishost.crt'],
75 notify => Service['exim4'],
77 file { '/etc/mailname':
78 content => template('exim/mailname.erb'),
80 file { '/etc/exim4/manualroute':
81 content => template('exim/manualroute.erb')
83 file { '/etc/exim4/locals':
84 content => template('exim/locals.erb')
86 file { '/etc/exim4/submission-domains':
87 content => template('exim/submission-domains.erb'),
89 file { '/etc/exim4/host_blacklist':
90 source => 'puppet:///modules/exim/common/host_blacklist',
92 file { '/etc/exim4/blacklist':
93 source => 'puppet:///modules/exim/common/blacklist',
95 file { '/etc/exim4/callout_users':
96 source => 'puppet:///modules/exim/common/callout_users',
98 file { '/etc/exim4/grey_users':
99 source => 'puppet:///modules/exim/common/grey_users',
101 file { '/etc/exim4/helo-check':
102 source => 'puppet:///modules/exim/common/helo-check',
104 file { '/etc/exim4/localusers':
105 source => 'puppet:///modules/exim/common/localusers',
107 file { '/etc/exim4/rbllist':
108 source => 'puppet:///modules/exim/common/rbllist',
110 file { '/etc/exim4/rhsbllist':
111 source => 'puppet:///modules/exim/common/rhsbllist',
113 file { '/etc/exim4/whitelist':
114 source => 'puppet:///modules/exim/common/whitelist',
116 file { '/etc/logrotate.d/exim4-base':
117 source => 'puppet:///modules/exim/common/logrotate-exim4-base',
119 file { '/etc/logrotate.d/exim4-paniclog':
120 source => 'puppet:///modules/exim/common/logrotate-exim4-paniclog'
122 file { '/etc/exim4/ssl/thishost.crt':
123 content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.auto_certs_dir"]) + "/" + @fqdn + ".crt") %>'),
124 group => 'Debian-exim',
127 file { '/etc/exim4/ssl/thishost.key':
128 content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.auto_certs_dir"]) + "/" + @fqdn + ".key") %>'),
129 group => 'Debian-exim',
132 file { '/etc/exim4/ssl/ca.crt':
133 content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.auto_certs_dir"]) + "/ca.crt") %>'),
134 group => 'Debian-exim',
137 file { '/etc/exim4/ssl/ca.crl':
138 content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.auto_certs_dir"]) + "/ca.crl") %>'),
139 group => 'Debian-exim',
142 file { '/var/log/exim4':
145 owner => 'Debian-exim',
149 # Do we actually want this? I'm only doing it because it's harmless
150 # and makes the logs quiet. There are better ways of making logs quiet,
152 ferm::rule { 'dsa-ident':
153 domain => '(ip ip6)',
154 description => 'Allow ident access',
155 rule => '&SERVICE(tcp, 113)'
158 # These only affect the alias @$fqdn, not say, @debian.org