3 include exim::vdomain::setup
5 munin::check { 'ps_exim4': script => 'ps_' }
6 munin::check { 'exim_mailqueue': }
7 munin::check { 'exim_mailstats': }
9 munin::check { 'postfix_mailqueue': ensure => absent }
10 munin::check { 'postfix_mailstats': ensure => absent }
11 munin::check { 'postfix_mailvolume': ensure => absent }
13 package { 'exim4-daemon-heavy': ensure => installed }
15 Package['exim4-daemon-heavy']->Mailalias<| |>
17 concat::fragment { 'virtual_domain_template':
18 target => '/etc/exim4/virtualdomains',
19 content => template('exim/virtualdomains.erb'),
26 File['/etc/exim4/exim4.conf'],
27 Package['exim4-daemon-heavy'],
34 require => Package['exim4-daemon-heavy'],
37 file { '/etc/exim4/Git':
40 # git checkouts through puppet. yummy.
41 file { '/etc/exim4/email-virtualdomains':
43 source => 'puppet:///modules/exim/email-virtualdomains',
47 file { '/etc/exim4/conf.d':
52 source => 'puppet:///files/empty/',
54 file { '/etc/exim4/ssl':
60 file { '/etc/exim4/exim4.conf':
61 content => template('exim/eximconf.erb'),
62 require => File['/etc/exim4/ssl/thishost.crt'],
63 notify => Service['exim4'],
65 file { '/etc/mailname':
66 content => template('exim/mailname.erb'),
68 file { '/etc/exim4/manualroute':
69 content => template('exim/manualroute.erb')
71 file { '/etc/exim4/locals':
72 content => template('exim/locals.erb')
74 file { '/etc/exim4/submission-domains':
75 content => template('exim/submission-domains.erb'),
77 file { '/etc/exim4/host_blacklist':
78 source => 'puppet:///modules/exim/common/host_blacklist',
80 file { '/etc/exim4/blacklist':
81 source => 'puppet:///modules/exim/common/blacklist',
83 file { '/etc/exim4/callout_users':
84 source => 'puppet:///modules/exim/common/callout_users',
86 file { '/etc/exim4/grey_users':
87 source => 'puppet:///modules/exim/common/grey_users',
89 file { '/etc/exim4/helo-check':
90 source => 'puppet:///modules/exim/common/helo-check',
92 file { '/etc/exim4/localusers':
93 source => 'puppet:///modules/exim/common/localusers',
95 file { '/etc/exim4/rbllist':
96 source => 'puppet:///modules/exim/common/rbllist',
98 file { '/etc/exim4/rhsbllist':
99 source => 'puppet:///modules/exim/common/rhsbllist',
101 file { '/etc/exim4/whitelist':
102 source => 'puppet:///modules/exim/common/whitelist',
104 file { '/etc/logrotate.d/exim4-base':
105 source => 'puppet:///modules/exim/common/logrotate-exim4-base',
107 file { '/etc/logrotate.d/exim4-paniclog':
108 source => 'puppet:///modules/exim/common/logrotate-exim4-paniclog'
110 file { '/etc/exim4/ssl/thishost.crt':
111 source => "puppet:///modules/exim/certs/${::fqdn}.crt",
112 group => Debian-exim,
115 file { '/etc/exim4/ssl/thishost.key':
116 source => "puppet:///modules/exim/certs/${::fqdn}.key",
117 group => Debian-exim,
120 file { '/etc/exim4/ssl/ca.crt':
121 source => 'puppet:///modules/exim/certs/ca.crt',
122 group => Debian-exim,
125 file { '/etc/exim4/ssl/ca.crl':
126 source => 'puppet:///modules/exim/certs/ca.crl',
127 group => Debian-exim,
130 file { '/var/log/exim4':
133 owner => Debian-exim,
137 case getfromhash($site::nodeinfo, 'mail_port') {
138 /^(\d+)$/: { $mail_port = $1 }
139 default: { $mail_port = '25' }
142 @ferm::rule { 'dsa-exim':
143 description => 'Allow SMTP',
144 rule => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_SOURCES)"
147 @ferm::rule { 'dsa-exim-v6':
148 description => 'Allow SMTP',
150 rule => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)"
152 dnsextras::tlsa_record{ "tlsa-mailport":
153 zone => 'debian.org',
154 certfile => "/etc/puppet/modules/exim/files/certs/${::fqdn}.crt",
155 port => "$mail_port",
156 hostname => "$::fqdn",
159 # Do we actually want this? I'm only doing it because it's harmless
160 # and makes the logs quiet. There are better ways of making logs quiet,
162 @ferm::rule { 'dsa-ident':
163 domain => '(ip ip6)',
164 description => 'Allow ident access',
165 rule => '&SERVICE(tcp, 113)'