coren has submitted this change and it was merged.
Change subject: Tool Labs: Implement mail relay
......................................................................
Tool Labs: Implement mail relay
Sooner rather than later to prevent gridengine spam. Better
collect locally than post to mailing lists. :-)
Change-Id: Id49556eb1acb2148609541b668db6b1fdb5d0683
---
M manifests/role/labs.pp
A modules/toollabs/files/exim4-norelay.conf
M modules/toollabs/manifests/init.pp
A modules/toollabs/manifests/mailrelay.pp
A modules/toollabs/templates/exim4.conf.erb
A modules/toollabs/templates/mail-relay.erb
6 files changed, 138 insertions(+), 0 deletions(-)
Approvals:
coren: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/labs.pp b/manifests/role/labs.pp
index 0798dcb..8efd6f3 100644
--- a/manifests/role/labs.pp
+++ b/manifests/role/labs.pp
@@ -49,5 +49,12 @@
class { 'toollabs::webproxy': }
}
+ class mailrelay inherits role::labs::tools::config {
+ system_role { "role::labs::tools::mailrelay": description => "Tool Labs
mail relay" }
+ class { 'toollabs::mailrelay':
+ maildomain => "tools.wmflabs.org", ### TEMPORARY DO NOT USE FOR REAL! ###
+ }
+ }
+
} # class role::labs::tools
diff --git a/modules/toollabs/files/exim4-norelay.conf
b/modules/toollabs/files/exim4-norelay.conf
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/modules/toollabs/files/exim4-norelay.conf
diff --git a/modules/toollabs/manifests/init.pp
b/modules/toollabs/manifests/init.pp
index 2490f4a..905dc6d 100644
--- a/modules/toollabs/manifests/init.pp
+++ b/modules/toollabs/manifests/init.pp
@@ -99,5 +99,10 @@
group => "root",
}
+ File <| title == '/etc/exim4/exim4.conf' |> {
+ content => undef,
+ source => [ "$store/mail-relay",
"puppet:///modules/toollabs/exim4-norelay.conf" ],
+ }
+
}
diff --git a/modules/toollabs/manifests/mailrelay.pp
b/modules/toollabs/manifests/mailrelay.pp
new file mode 100644
index 0000000..7654d69
--- /dev/null
+++ b/modules/toollabs/manifests/mailrelay.pp
@@ -0,0 +1,30 @@
+# Class: toollabs::mailrelay
+#
+# This role sets up a mail relay in the Tool Labs model.
+#
+# Parameters:
+#
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
+#
+class toollabs::mailrelay($maildomain) inherits toollabs {
+ include toollabs::infrastructure
+
+ file { "$store/mail-relay":
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ require => File[$store],
+ content => template("toollabs/mail-relay.erb"),
+ }
+
+ File <| title == '/etc/exim4/exim4.conf' |> {
+ source => undef,
+ content => template("toollabs/exim4.conf.erb"),
+ }
+}
+
diff --git a/modules/toollabs/templates/exim4.conf.erb
b/modules/toollabs/templates/exim4.conf.erb
new file mode 100644
index 0000000..4af8e15
--- /dev/null
+++ b/modules/toollabs/templates/exim4.conf.erb
@@ -0,0 +1,85 @@
+
+primary_hostname = relay.<%= maildomain %>
+qualify_domain = <%= maildomain %>
+
+domainlist local_domains = <%= maildomain %>
+domainlist relay_to_domains =
+hostlist relay_from_hosts = 10.0.0.0/8
+
+acl_smtp_rcpt = acl_check_rcpt
+acl_smtp_data = acl_check_data
+
+never_users = root
+
+host_lookup = *
+ignore_bounce_errors_after = 2d
+timeout_frozen_after = 7d
+
+acl_check_rcpt:
+accept hosts = :
+deny message = Restricted characters in address
+ domains = +local_domains
+ local_parts = ^[.] : ^.*[@%!/|]
+
+deny message = Restricted characters in address
+ domains = !+local_domains
+ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+accept local_parts = postmaster
+ domains = +local_domains
+
+require verify = sender
+
+accept hosts = +relay_from_hosts
+ control = submission
+
+accept authenticated = *
+ control = submission
+
+require message = relay not permitted
+ domains = +local_domains : +relay_domains
+
+require verify = recipient
+
+accept
+
+
+acl_check_data:
+accept
+
+
+begin routers
+
+dnslookup:
+ driver = dnslookup
+ domains = ! +local_domains
+ transport = remote_smtp
+ ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
+ no_more
+
+system_aliases:
+ driver = redirect
+ allow_fail
+ allow_defer
+ data = ${lookup{$local_part}lsearch{/etc/aliases}}
+
+localuser:
+ driver = accept
+ check_local_user
+ transport = local_delivery
+
+begin transports
+
+remote_smtp:
+ driver = smtp
+
+local_delivery:
+ driver = appendfile
+ file = <%= store %>/mail/$local_part
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+
+begin retry
+* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
diff --git a/modules/toollabs/templates/mail-relay.erb
b/modules/toollabs/templates/mail-relay.erb
new file mode 100644
index 0000000..dfac364
--- /dev/null
+++ b/modules/toollabs/templates/mail-relay.erb
@@ -0,0 +1,11 @@
+## Managed by puppet
+
+qualify_domain = <%= maildomain %>
+local_domains =
+
+smarthost:
+ driver = domainlist
+ transport = remote_smtp
+ route_list = "* <%= fqdn %> bydns_a"
+end
+
--
To view, visit https://gerrit.wikimedia.org/r/63399
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id49556eb1acb2148609541b668db6b1fdb5d0683
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: coren <mpellet...@wikimedia.org>
Gerrit-Reviewer: coren <mpellet...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
