From: Peter Palfrader Date: Sat, 21 Sep 2019 17:09:31 +0000 (+0200) Subject: Make an explicit use_smarthost setting X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fdsa-puppet.git;a=commitdiff_plain;h=6ce61aa23c7e455ca90b28263f99472d28b12d5f Make an explicit use_smarthost setting --- diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp index 83e56f38a..320c7ff18 100644 --- a/modules/exim/manifests/init.pp +++ b/modules/exim/manifests/init.pp @@ -1,5 +1,6 @@ # our exim class -# @param smarthost host to relay through (if unset) +# @param use_smarthost use the smarthost +# @param smarthost host to relay through (if set and use_smarthost) # @param is_bugsmx this system handles bugs.debian.org # @param is_mailrelay this system is a mailrelay, both in and out, for debian hosts # @param is_rtmaster this system handles rt.debian.org @@ -7,6 +8,7 @@ # @param is_packagesqamaster this system handles packages.qa.debian.org # @param smarthost_port the port on which satellites send mail to the smarthost class exim ( + Boolean $use_smarthost = true, Optional[String] $smarthost, Boolean $is_bugsmx = false, Boolean $is_mailrelay = false, @@ -18,8 +20,12 @@ class exim ( include exim::vdomain::setup include debian_org::mail_incoming_port - if $smarthost and $smarthost != '' { + if $use_smarthost { $heavy = false + + if ! smarthost { + fail('No smarthost set but use_smarthost is true') + } } else { $heavy = true } diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp index 24d5405f5..a13da667d 100644 --- a/modules/exim/manifests/mx.pp +++ b/modules/exim/manifests/mx.pp @@ -1,7 +1,7 @@ # our heavy exim class class exim::mx { class { 'exim': - smarthost => '', + use_smarthost => false, } include clamav diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index 0f8f0cc5a..d7648fc01 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -409,7 +409,7 @@ check_helo: accept verify = certificate <%- end -%> -<%- unless @smarthost -%> +<%- unless @use_smarthost -%> # These are in HELO acl so that they are only run once. They increment a counter, # so we don't want it to increment per rcpt to. @@ -817,7 +817,7 @@ check_recipient: accept local_parts = +postmasterish domains = +virtual_domains : +bsmtp_domains -<%- unless @smarthost -%> +<%- unless @use_smarthost -%> deny message = host $sender_host_address is listed in $dnslist_domain; see $dnslist_text dnslists = ${if match_domain{$domain}{+virtual_domains}\ {${if exists {${extract{directory}{VDOMAINDATA}{${value}/rbllist}}}\ @@ -837,7 +837,7 @@ check_recipient: domains = +handled_domains !hosts = +debianhosts : WHITELIST -<%- unless @smarthost -%> +<%- unless @use_smarthost -%> deny domains = +handled_domains local_parts = ${if match_domain{$domain}{+virtual_domains}\ {${if exists {${extract{directory}{VDOMAINDATA}{${value}/callout_users}}}\ @@ -1083,7 +1083,7 @@ ipliteral: transport = remote_smtp ignore_target_hosts = +reservedaddrs -<%- if @smarthost -%> +<%- if @use_smarthost -%> smarthost: debug_print = "R: smarthost for $local_part@$domain" driver = manualroute @@ -1571,14 +1571,14 @@ remote_smtp: tls_certificate = /etc/exim4/ssl/thishost.crt tls_privatekey = /etc/exim4/ssl/thishost.key -<%- if @smarthost -%> +<%- if @use_smarthost -%> remote_smtp_smarthost: debug_print = "T: remote_smtp_smarthost for $local_part@$domain" driver = smtp delay_after_cutoff = false port = <%= @smarthost_port %> tls_tempfail_tryclear = false - hosts_require_tls = <%= scope.lookupvar('deprecated::nodeinfo')['smarthost'] %> + hosts_require_tls = <%= @smarthost %> tls_certificate = /etc/exim4/ssl/thishost.crt tls_privatekey = /etc/exim4/ssl/thishost.key <%- end -%>