coren has submitted this change and it was merged.
Change subject: Tool Labs: update mail relay to allow incoming
......................................................................
Tool Labs: update mail relay to allow incoming
Change-Id: I560f206c9588d5ff2f7dece6ed2645feb40b7878
---
A modules/toollabs/files/localuser
A modules/toollabs/files/maintainers
M modules/toollabs/manifests/mailrelay.pp
M modules/toollabs/templates/exim4.conf.erb
4 files changed, 138 insertions(+), 38 deletions(-)
Approvals:
coren: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/toollabs/files/localuser b/modules/toollabs/files/localuser
new file mode 100755
index 0000000..1a8ba28
--- /dev/null
+++ b/modules/toollabs/files/localuser
@@ -0,0 +1,12 @@
+#! /bin/bash
+#
+# THIS FILE IS MAINTAINED BY PUPPET
+# source: modules/toollabs/files/localuser
+# from: toollabs::mailrelay
+#
+
+echo $(
+ /usr/bin/ldapsearch -LLL -x -b "uid=$1,ou=people,dc=wikimedia,dc=org" mail |
+ /bin/sed -ne '/^mail: \(.*\)/{;s//\1,/;p;}'
+) | sed -e 's/,\s*$//'
+
diff --git a/modules/toollabs/files/maintainers
b/modules/toollabs/files/maintainers
new file mode 100755
index 0000000..3071039
--- /dev/null
+++ b/modules/toollabs/files/maintainers
@@ -0,0 +1,14 @@
+#! /bin/bash
+#
+# THIS FILE IS MAINTAINED BY PUPPET
+# source: modules/toollabs/files/maintainers
+# from: toollabs::mailrelay
+#
+
+echo $(
+ (/usr/bin/ldapsearch -LLL -x -b "cn=$1,ou=servicegroups,dc=wikimedia,dc=org"
member|grep member:|while read x dn
+ do
+ /usr/bin/ldapsearch -LLL -x -b "$dn" mail
+ done) |
+ /bin/sed -ne '/^mail: \(.*\)/{;s//\1,/;p;}'
+) | sed -e 's/,\s*$//'
diff --git a/modules/toollabs/manifests/mailrelay.pp
b/modules/toollabs/manifests/mailrelay.pp
index 6090db4..85ac4b2 100644
--- a/modules/toollabs/manifests/mailrelay.pp
+++ b/modules/toollabs/manifests/mailrelay.pp
@@ -27,10 +27,27 @@
content => template('toollabs/mail-relay.erb'),
}
+ file { '/usr/local/sbin/localuser':
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0555',
+ source => 'puppet:///files/toollabs/localuser',
+ }
+
+ file { '/usr/local/sbin/maintainers':
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0555',
+ source => 'puppet:///files/toollabs/maintainers',
+ }
+
File <| title == '/etc/exim4/exim4.conf' |> {
source => undef,
content => template('toollabs/exim4.conf.erb'),
notify => Service['exim4'],
+ require => File['/usr/local/sbin/localuser',
'/usr/local/sbin/maintainers'],
}
File <| title == '/etc/default/exim4' |> {
diff --git a/modules/toollabs/templates/exim4.conf.erb
b/modules/toollabs/templates/exim4.conf.erb
index ae9ca13..0b3070c 100644
--- a/modules/toollabs/templates/exim4.conf.erb
+++ b/modules/toollabs/templates/exim4.conf.erb
@@ -1,3 +1,8 @@
+#
+# THIS FILE IS MAINTAINED BY PUPPET
+# source: modules/toollabs/templates/exim4.conf.erb
+# from: toollabs::mailrelay
+#
primary_hostname = relay.<%= @maildomain %>
qualify_domain = <%= @maildomain %>
@@ -14,6 +19,8 @@
host_lookup = *
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
+
+local_from_suffix = .*
begin acl
@@ -52,6 +59,85 @@
begin routers
+tool_fallback:
+ driver = redirect
+ local_part_prefix = <%= instanceproject %>.
+ not_local_part_prefix_optional
+ caseful_local_part
+ local_parts = passwd;<%= instanceproject %>.$local_part
+ check_ancestor
+ modemask = 002
+ data = $local_part.maintainers
+
+user_forward:
+ driver = redirect
+ caseful_local_part
+ check_local_user
+ no_expn
+ check_ancestor
+ modemask = 002
+ data = ${run{/usr/local/sbin/localuser $local_part}{$value}fail}
+
+tool_forward_specific:
+ driver = redirect
+ local_part_suffix = .*
+ not_local_part_suffix_optional
+ caseful_local_part
+ local_parts = passwd;<%= instanceproject %>.$local_part
+ require_files = <%= instanceproject
%>.$local_part:$home/.forward$local_part_suffix
+ user = <%= instanceproject %>.$local_part
+ group = <%= instanceproject %>.$local_part
+ router_home_directory = ${lookup passwd{<%= instanceproject
%>.$local_part}{${extract{5}{:}{$value}}}fail}
+ file = $home/.forward$local_part_suffix
+ no_expn
+ check_ancestor
+ modemask = 002
+ pipe_transport = gridqueue
+ no_allow_filter
+ no_allow_defer
+ allow_fail
+ forbid_include
+ forbid_file
+ forbid_smtp_code
+ hide_child_in_errmsg
+
+tool_forward_general:
+ driver = redirect
+ local_part_suffix = .*
+ not_local_part_suffix_optional
+ caseful_local_part
+ local_parts = passwd;<%= instanceproject %>.$local_part
+ require_files = <%= instanceproject %>.$local_part:$home/.forward
+ user = <%= instanceproject %>.$local_part
+ group = <%= instanceproject %>.$local_part
+ router_home_directory = ${lookup passwd{<%= instanceproject
%>.$local_part}{${extract{5}{:}{$value}}}fail}
+ file = $home/.forward
+ no_expn
+ check_ancestor
+ modemask = 002
+ pipe_transport = gridqueue
+ no_allow_filter
+ no_allow_defer
+ allow_fail
+ forbid_include
+ forbid_file
+ forbid_smtp_code
+ hide_child_in_errmsg
+
+tool_default:
+ driver = redirect
+ local_part_suffix = .*
+ not_local_part_suffix_optional
+ caseful_local_part
+ local_parts = passwd;<%= instanceproject %>.$local_part
+ user = <%= instanceproject %>.$local_part
+ group = <%= instanceproject %>.$local_part
+ router_home_directory = ${lookup passwd{<%= instanceproject
%>.$local_part}{${extract{5}{:}{$value}}}fail}
+ no_expn
+ check_ancestor
+ modemask = 002
+ data = ${run{/usr/local/sbin/maintainers <%= instanceproject
%>.$local_part}{$value}fail}
+
dnslookup:
driver = dnslookup
domains = ! +local_domains
@@ -65,48 +151,19 @@
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
-userforward:
- driver = redirect
- check_local_user
- file = $home/.forward
- no_verify
- no_expn
- check_ancestor
-
-userprocmail:
- driver = accept
- check_local_user
- require_files = $local_part:$home/.procmailrc
- transport = procmailpipe
- no_verify
- no_expn
-
-localuser:
- driver = accept
- check_local_user
- transport = local_delivery
-
begin transports
+
+gridqueue:
+ driver = pipe
+ batch_max = 1
+ umask = 007
+ path = /bin:/usr/bin:/usr/local/bin
+ allow_commands = jmail
+ return_fail_output
+ temp_errors = 73:74:75
remote_smtp:
driver = smtp
-
-procmailpipe:
- driver = pipe
- command = "/usr/bin/procmail -d"
- return_path_add
- delivery_date_add
- path = "/bin:/usr/bin:/usr/local/bin"
- envelope_to_add
- check_string = "From "
- escape_string = ">From "
-
-local_delivery:
- driver = appendfile
- file = <%= @store %>/mail/$local_part
- delivery_date_add
- envelope_to_add
- return_path_add
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
--
To view, visit https://gerrit.wikimedia.org/r/118765
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I560f206c9588d5ff2f7dece6ed2645feb40b7878
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: coren <[email protected]>
Gerrit-Reviewer: coren <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
