modules/exim/manifests/init.pp

   1 class exim {
   2
   3         munin::check { 'ps_exim4': script => 'ps_' }
   4         munin::check { 'exim_mailqueue': }
   5         munin::check { 'exim_mailstats': }
   6
   7         munin::check { 'postfix_mailqueue':  ensure => absent }
   8         munin::check { 'postfix_mailstats':  ensure => absent }
   9         munin::check { 'postfix_mailvolume': ensure => absent }
  10
  11         package { 'exim4-daemon-heavy': ensure => installed }
  12
  13         service { 'exim4':
  14                 ensure  => running,
  15                 require => File['/etc/exim4/exim4.conf'],
  16         }
  17
  18         file { '/etc/exim4/':
  19                 ensure  => directory,
  20                 mode    => '0755',
  21                 require => Package['exim4-daemon-heavy'],
  22                 purge   => true,
  23         }
  24         file { '/etc/exim4/Git':
  25                 ensure  => directory,
  26                 purge   => true,
  27                 force   => true,
  28                 recurse => true,
  29                 source  => 'puppet:///files/empty/',
  30         }
  31         file { '/etc/exim4/conf.d':
  32                 ensure  => directory,
  33                 purge   => true,
  34                 force   => true,
  35                 recurse => true,
  36                 source  => 'puppet:///files/empty/',
  37         }
  38         file { '/etc/exim4/ssl':
  39                 ensure  => directory,
  40                 group   => Debian-exim,
  41                 mode    => '0750',
  42                 purge   => true,
  43         }
  44         file { '/etc/exim4/exim4.conf':
  45                 content => template('exim/eximconf.erb'),
  46                 notify  => Service['exim4'],
  47         }
  48         file { '/etc/mailname':
  49                 content => template('exim/mailname.erb'),
  50         }
  51         file { '/etc/exim4/manualroute':
  52                 content => template('exim/manualroute.erb')
  53         }
  54         file { '/etc/exim4/locals':
  55                 content => template('exim/locals.erb')
  56         }
  57         file { '/etc/exim4/virtualdomains':
  58                 content => template('exim/virtualdomains.erb'),
  59         }
  60         file { '/etc/exim4/submission-domains':
  61                 content => template('exim/common/submission-domains.erb'),
  62         }
  63         file { '/etc/exim4/host_blacklist':
  64                 source => 'puppet:///modules/exim/common/host_blacklist',
  65         }
  66         file { '/etc/exim4/blacklist':
  67                 source => 'puppet:///modules/exim/common/blacklist',
  68         }
  69         file { '/etc/exim4/callout_users':
  70                 source => 'puppet:///modules/exim/common/callout_users',
  71         }
  72         file { '/etc/exim4/grey_users':
  73                 source => 'puppet:///modules/exim/common/grey_users',
  74         }
  75         file { '/etc/exim4/helo-check':
  76                 source => 'puppet:///modules/exim/common/helo-check',
  77         }
  78         file { '/etc/exim4/localusers':
  79                 source => 'puppet:///modules/exim/common/localusers',
  80         }
  81         file { '/etc/exim4/rbllist':
  82                 source => 'puppet:///modules/exim/common/rbllist',
  83         }
  84         file { '/etc/exim4/rhsbllist':
  85                 source => 'puppet:///modules/exim/common/rhsbllist',
  86         }
  87         file { '/etc/exim4/whitelist':
  88                 source => 'puppet:///modules/exim/common/whitelist',
  89         }
  90         file { '/etc/logrotate.d/exim4-base':
  91                 source => 'puppet:///modules/exim/common/logrotate-exim4-base',
  92         }
  93         file { '/etc/logrotate.d/exim4-paniclog':
  94                 source => 'puppet:///modules/exim/common/logrotate-exim4-paniclog'
  95         }
  96         file { '/etc/exim4/ssl/thishost.crt':
  97                 source  => "puppet:///modules/exim/certs/${::fqdn}.crt",
  98                 group   => Debian-exim,
  99                 mode    => '0640',
 100         }
 101         file { '/etc/exim4/ssl/thishost.key':
 102                 source  => "puppet:///modules/exim/certs/${::fqdn}.key",
 103                 group   => Debian-exim,
 104                 mode    => '0640',
 105         }
 106         file { '/etc/exim4/ssl/ca.crt':
 107                 source  => 'puppet:///modules/exim/certs/ca.crt',
 108                 group   => Debian-exim,
 109                 mode    => '0640',
 110         }
 111         file { '/etc/exim4/ssl/ca.crl':
 112                 source  => 'puppet:///modules/exim/certs/ca.crl',
 113                 group   => Debian-exim,
 114                 mode    => '0640',
 115         }
 116         file { '/var/log/exim4':
 117                 ensure  => directory,
 118                 mode    => '2750',
 119                 owner   => Debian-exim,
 120                 group   => maillog,
 121         }
 122
 123         case getfromhash($site::nodeinfo, 'mail_port') {
 124                 /^(\d+)$/: { $mail_port = $1 }
 125                 default: { $mail_port = 'smtp' }
 126         }
 127
 128         @ferm::rule { 'dsa-exim':
 129                 description => 'Allow SMTP',
 130                 rule        => '&SERVICE_RANGE(tcp, $mail_port, \$SMTP_SOURCES)'
 131         }
 132
 133         @ferm::rule { 'dsa-exim-v6':
 134                 description => 'Allow SMTP',
 135                 domain      => 'ip6',
 136                 rule        => '&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)'
 137         }
 138
 139         # Do we actually want this?  I'm only doing it because it's harmless
 140   # and makes the logs quiet.  There are better ways of making logs quiet,
 141   # though.
 142         @ferm::rule { 'dsa-ident':
 143                 domain      => '(ip ip6)',
 144                 description => 'Allow ident access',
 145                 rule        => '&SERVICE(tcp, 113)'
 146         }
 147
 148 }