[MediaWiki-commits] [Gerrit] Tool Labs: update mail relay to allow incoming - change (operations/puppet)

Fri, 14 Mar 2014 14:18:55 -0700 

coren has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/118765

Change subject: Tool Labs: update mail relay to allow incoming
......................................................................

Tool Labs: update mail relay to allow incoming

Change-Id: I560f206c9588d5ff2f7dece6ed2645feb40b7878
---
A modules/toollabs/files/localuser
A modules/toollabs/files/maintainers
M modules/toollabs/manifests/mailrelay.pp
M modules/toollabs/templates/exim4.conf.erb
4 files changed, 138 insertions(+), 38 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/65/118765/1

diff --git a/modules/toollabs/files/localuser b/modules/toollabs/files/localuser
new file mode 100755
index 0000000..1a8ba28
--- /dev/null
+++ b/modules/toollabs/files/localuser
@@ -0,0 +1,12 @@
+#! /bin/bash
+#
+# THIS FILE IS MAINTAINED BY PUPPET
+# source: modules/toollabs/files/localuser
+# from:   toollabs::mailrelay
+#
+
+echo $(
+  /usr/bin/ldapsearch -LLL -x -b "uid=$1,ou=people,dc=wikimedia,dc=org" mail |
+       /bin/sed -ne '/^mail: \(.*\)/{;s//\1,/;p;}'
+) | sed -e 's/,\s*$//'
+
diff --git a/modules/toollabs/files/maintainers 
b/modules/toollabs/files/maintainers
new file mode 100755
index 0000000..3071039
--- /dev/null
+++ b/modules/toollabs/files/maintainers
@@ -0,0 +1,14 @@
+#! /bin/bash
+#
+# THIS FILE IS MAINTAINED BY PUPPET
+# source: modules/toollabs/files/maintainers
+# from:   toollabs::mailrelay
+#
+
+echo $(
+  (/usr/bin/ldapsearch -LLL -x -b "cn=$1,ou=servicegroups,dc=wikimedia,dc=org" 
member|grep member:|while read x dn
+  do
+    /usr/bin/ldapsearch -LLL -x -b "$dn" mail
+  done) |
+  /bin/sed -ne '/^mail: \(.*\)/{;s//\1,/;p;}'
+) | sed -e 's/,\s*$//'
diff --git a/modules/toollabs/manifests/mailrelay.pp 
b/modules/toollabs/manifests/mailrelay.pp
index 6090db4..85ac4b2 100644
--- a/modules/toollabs/manifests/mailrelay.pp
+++ b/modules/toollabs/manifests/mailrelay.pp
@@ -27,10 +27,27 @@
         content => template('toollabs/mail-relay.erb'),
     }
 
+    file { '/usr/local/sbin/localuser':
+        ensure  => file,
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0555',
+        source  => 'puppet:///files/toollabs/localuser',
+    }
+
+    file { '/usr/local/sbin/maintainers':
+        ensure  => file,
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0555',
+        source  => 'puppet:///files/toollabs/maintainers',
+    }
+
     File <| title == '/etc/exim4/exim4.conf' |> {
         source  => undef,
         content => template('toollabs/exim4.conf.erb'),
         notify  => Service['exim4'],
+        require => File['/usr/local/sbin/localuser', 
'/usr/local/sbin/maintainers'],
     }
 
     File <| title == '/etc/default/exim4' |> {
diff --git a/modules/toollabs/templates/exim4.conf.erb 
b/modules/toollabs/templates/exim4.conf.erb
index ae9ca13..0b3070c 100644
--- a/modules/toollabs/templates/exim4.conf.erb
+++ b/modules/toollabs/templates/exim4.conf.erb
@@ -1,3 +1,8 @@
+#
+# THIS FILE IS MAINTAINED BY PUPPET
+# source: modules/toollabs/templates/exim4.conf.erb
+# from:   toollabs::mailrelay
+#
 
 primary_hostname = relay.<%= @maildomain %>
 qualify_domain = <%= @maildomain %>
@@ -14,6 +19,8 @@
 host_lookup = *
 ignore_bounce_errors_after = 2d
 timeout_frozen_after = 7d
+
+local_from_suffix = .*
 
 begin acl
 
@@ -52,6 +59,85 @@
 
 begin routers
 
+tool_fallback:
+  driver = redirect
+  local_part_prefix = <%= instanceproject %>.
+  not_local_part_prefix_optional
+  caseful_local_part
+  local_parts = passwd;<%= instanceproject %>.$local_part
+  check_ancestor
+  modemask = 002
+  data = $local_part.maintainers
+
+user_forward:
+  driver = redirect
+  caseful_local_part
+  check_local_user
+  no_expn
+  check_ancestor
+  modemask = 002
+  data = ${run{/usr/local/sbin/localuser $local_part}{$value}fail}
+
+tool_forward_specific:
+  driver = redirect
+  local_part_suffix = .*
+  not_local_part_suffix_optional
+  caseful_local_part
+  local_parts = passwd;<%= instanceproject %>.$local_part
+  require_files = <%= instanceproject 
%>.$local_part:$home/.forward$local_part_suffix
+  user = <%= instanceproject %>.$local_part
+  group = <%= instanceproject %>.$local_part
+  router_home_directory = ${lookup passwd{<%= instanceproject 
%>.$local_part}{${extract{5}{:}{$value}}}fail}
+  file = $home/.forward$local_part_suffix
+  no_expn
+  check_ancestor
+  modemask = 002
+  pipe_transport = gridqueue
+  no_allow_filter
+  no_allow_defer
+  allow_fail
+  forbid_include
+  forbid_file
+  forbid_smtp_code
+  hide_child_in_errmsg
+
+tool_forward_general:
+  driver = redirect
+  local_part_suffix = .*
+  not_local_part_suffix_optional
+  caseful_local_part
+  local_parts = passwd;<%= instanceproject %>.$local_part
+  require_files = <%= instanceproject %>.$local_part:$home/.forward
+  user = <%= instanceproject %>.$local_part
+  group = <%= instanceproject %>.$local_part
+  router_home_directory = ${lookup passwd{<%= instanceproject 
%>.$local_part}{${extract{5}{:}{$value}}}fail}
+  file = $home/.forward
+  no_expn
+  check_ancestor
+  modemask = 002
+  pipe_transport = gridqueue
+  no_allow_filter
+  no_allow_defer
+  allow_fail
+  forbid_include
+  forbid_file
+  forbid_smtp_code
+  hide_child_in_errmsg
+
+tool_default:
+  driver = redirect
+  local_part_suffix = .*
+  not_local_part_suffix_optional
+  caseful_local_part
+  local_parts = passwd;<%= instanceproject %>.$local_part
+  user = <%= instanceproject %>.$local_part
+  group = <%= instanceproject %>.$local_part
+  router_home_directory = ${lookup passwd{<%= instanceproject 
%>.$local_part}{${extract{5}{:}{$value}}}fail}
+  no_expn
+  check_ancestor
+  modemask = 002
+  data = ${run{/usr/local/sbin/maintainers <%= instanceproject 
%>.$local_part}{$value}fail}
+
 dnslookup:
   driver = dnslookup
   domains = ! +local_domains
@@ -65,48 +151,19 @@
   allow_defer
   data = ${lookup{$local_part}lsearch{/etc/aliases}}
 
-userforward:
-  driver = redirect
-  check_local_user
-  file = $home/.forward
-  no_verify
-  no_expn
-  check_ancestor
-
-userprocmail:
-  driver = accept
-  check_local_user
-  require_files = $local_part:$home/.procmailrc
-  transport = procmailpipe
-  no_verify
-  no_expn
-
-localuser:
-  driver = accept
-  check_local_user
-  transport = local_delivery
-
 begin transports
+
+gridqueue:
+  driver = pipe
+  batch_max = 1
+  umask = 007
+  path = /bin:/usr/bin:/usr/local/bin
+  allow_commands = jmail
+  return_fail_output
+  temp_errors = 73:74:75
 
 remote_smtp:
   driver = smtp
-
-procmailpipe:
-  driver = pipe
-  command = "/usr/bin/procmail -d"
-  return_path_add
-  delivery_date_add
-  path = "/bin:/usr/bin:/usr/local/bin"
-  envelope_to_add
-  check_string = "From "
-  escape_string = ">From "
-
-local_delivery:
-  driver = appendfile
-  file = <%= @store %>/mail/$local_part
-  delivery_date_add
-  envelope_to_add
-  return_path_add
 
 begin retry
 *   *   F,2h,15m; G,16h,1h,1.5; F,4d,6h

-- 
To view, visit https://gerrit.wikimedia.org/r/118765
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I560f206c9588d5ff2f7dece6ed2645feb40b7878
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: coren <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to