X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fexim%2Fmanifests%2Fmx.pp;h=8931ec62e5761765932a5b0f0c3542d354aea9d5;hb=cf4911b8160051b22197f9650e89b9884142018e;hp=2f1bfb64ee8e26f8101ca3f90f0f3e34b853fc30;hpb=4361f9fa74905433cc049f8926d77ac17d1d8ce8;p=dsa-puppet.git

diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp
index 2f1bfb64..8931ec62 100644
--- a/modules/exim/manifests/mx.pp
+++ b/modules/exim/manifests/mx.pp
@@ -1,25 +1,45 @@
 class exim::mx inherits exim {
-    include clamav
-    include postgrey
+	include clamav
+	include postgrey
 
-    file {
-        "/etc/exim4/ccTLD.txt":
-          require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/common/ccTLD.txt" ]
-          ;
-        "/etc/exim4/surbl_whitelist.txt":
-          require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/common/surbl_whitelist.txt" ]
-          ;
-        "/etc/exim4/exim_surbl.pl":
-          require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/common/exim_surbl.pl" ],
-          notify  => Exec["exim4 restart"]
-          ;
-    }
-    exec { "exim4 restart":
-        path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
-        refreshonly => true,
-    }
-}
+	file { '/etc/exim4/ccTLD.txt':
+		source => 'puppet:///modules/exim/common/ccTLD.txt',
+	}
+	file { '/etc/exim4/surbl_whitelist.txt':
+		source => 'puppet:///modules/exim/common/surbl_whitelist.txt',
+	}
+	file { '/etc/exim4/exim_surbl.pl':
+		source  => 'puppet:///modules/exim/common/exim_surbl.pl',
+		notify  => Service['exim4'],
+	}
+
+	# MXs used as smarthosts
+	@ferm::rule { 'dsa-exim-submission':
+		description => 'Allow SMTP',
+		rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_SOURCES)'
+	}
+	@ferm::rule { 'dsa-exim-v6-submission':
+		description => 'Allow SMTP',
+		domain      => 'ip6',
+		rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)',
+	}
+	dnsextras::tlsa_record{ "tlsa-submission":
+		zone => 'debian.org',
+		certfile => "/etc/puppet/modules/exim/files/certs/${::fqdn}.crt",
+		port => 587,
+		hostname => "$::fqdn",
+	}
+	package { 'nagios-plugins-standard':
+		ensure => installed,
+	}
 
+	if getfromhash($site::nodeinfo, 'mailrelay') {
+		file { '/etc/cron.d/dsa-email-virtualdomains':
+			source => 'puppet:///modules/exim/dsa-email-virtualdomains.cron',
+		}
+	} else {
+		file { '/etc/cron.d/dsa-email-virtualdomains':
+			ensure => absent,
+		}
+	}
+}