X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fexim%2Fmanifests%2Fmx.pp;h=54f1933b3c5c3586e801319da3b1fd91fe429776;hb=7aa9a739fcec96edd876d6c14e2933974da0052a;hp=80ed36f7e72c9b0d875733f0a0d6b374bba54e5c;hpb=96e6f8d756d861d3e1978523f509d10d426b1762;p=dsa-puppet.git

diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp
index 80ed36f7..54f1933b 100644
--- a/modules/exim/manifests/mx.pp
+++ b/modules/exim/manifests/mx.pp
@@ -13,6 +13,7 @@ class exim::mx inherits exim {
 		notify  => Service['exim4'],
 	}
 
+	# MXs used as smarthosts
 	@ferm::rule { 'dsa-exim-submission':
 		description => 'Allow SMTP',
 		rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_SOURCES)'
@@ -22,8 +23,23 @@ class exim::mx inherits exim {
 		domain      => 'ip6',
 		rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)',
 	}
-
+	dnsextras::tlsa_record{ "tlsa-submission":
+		zone => 'debian.org',
+		certfile => "/etc/puppet/modules/exim/files/certs/${::fqdn}.crt",
+		port => 587,
+		hostname => "$::fqdn",
+	}
 	package { 'nagios-plugins-standard':
 		ensure => installed,
 	}
+
+	if has_role('mailrelay') {
+		file { '/etc/cron.d/dsa-email-virtualdomains':
+			source => 'puppet:///modules/exim/dsa-email-virtualdomains.cron',
+		}
+	} else {
+		file { '/etc/cron.d/dsa-email-virtualdomains':
+			ensure => absent,
+		}
+	}
 }