Rush has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/377697 )
Change subject: tools: add an exim sender blocklist
......................................................................
tools: add an exim sender blocklist
Add an /etc/exim4/deny_senders.list file that can be used to selectively
deny sending outbound mail based on the envelope sender's address.
Change-Id: Ifc3c017ec84ff9645bc265f8ecd420c260aa44a8
---
M modules/toollabs/manifests/mailrelay.pp
M modules/toollabs/templates/mail-relay.exim4.conf.erb
2 files changed, 17 insertions(+), 0 deletions(-)
Approvals:
Alexandros Kosiaris: Looks good to me, but someone else must approve
Rush: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/toollabs/manifests/mailrelay.pp
b/modules/toollabs/manifests/mailrelay.pp
index 4fb54f6..26fc367 100644
--- a/modules/toollabs/manifests/mailrelay.pp
+++ b/modules/toollabs/manifests/mailrelay.pp
@@ -25,6 +25,18 @@
'/usr/local/sbin/maintainers'],
}
+ # Manually maintained outbound sender blocklist
+ file { '/etc/exim4/deny_senders.list':
+ ensure => present,
+ owner => 'root',
+ group => 'Debian-exim',
+ mode => '0440',
+ replace => false,
+ content => '# Add MAIL FROM address to block. One per line',
+ require => Package['exim4-config'],
+ notify => Service['exim4'],
+ }
+
file { '/usr/local/sbin/localuser':
ensure => file,
owner => 'root',
diff --git a/modules/toollabs/templates/mail-relay.exim4.conf.erb
b/modules/toollabs/templates/mail-relay.exim4.conf.erb
index 2b6d93a..7422a1e 100644
--- a/modules/toollabs/templates/mail-relay.exim4.conf.erb
+++ b/modules/toollabs/templates/mail-relay.exim4.conf.erb
@@ -51,6 +51,7 @@
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
+acl_smtp_mail = acl_check_mail
never_users = root
@@ -99,6 +100,10 @@
acl_check_data:
accept
+acl_check_mail:
+ deny senders = /etc/exim4/deny_senders.list
+ accept
+
###########
# Routers #
###########
--
To view, visit https://gerrit.wikimedia.org/r/377697
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ifc3c017ec84ff9645bc265f8ecd420c260aa44a8
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BryanDavis <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Coren <[email protected]>
Gerrit-Reviewer: Herron <[email protected]>
Gerrit-Reviewer: Merlijn van Deen <[email protected]>
Gerrit-Reviewer: Rush <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
