Jgreen has uploaded a new change for review.
https://gerrit.wikimedia.org/r/77813
Change subject: remove unneeded exim4.otrs.erb, tweak
exim4.conf.SMTP_IMAP_MM.erb for otrs transport
......................................................................
remove unneeded exim4.otrs.erb, tweak exim4.conf.SMTP_IMAP_MM.erb for otrs
transport
Change-Id: I6088d689f7772a8c1b9a48a5a60ee8e049321878
---
M manifests/role/otrs.pp
M templates/exim/exim4.conf.SMTP_IMAP_MM.erb
D templates/exim/exim4.otrs.erb
3 files changed, 21 insertions(+), 204 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/13/77813/1
diff --git a/manifests/role/otrs.pp b/manifests/role/otrs.pp
index 21fcc91..be0e357 100644
--- a/manifests/role/otrs.pp
+++ b/manifests/role/otrs.pp
@@ -47,7 +47,6 @@
class { 'exim::roled':
enable_otrs_server => 'true',
- enable_imap_delivery => 'true',
enable_spamassassin => 'true',
}
}
diff --git a/templates/exim/exim4.conf.SMTP_IMAP_MM.erb
b/templates/exim/exim4.conf.SMTP_IMAP_MM.erb
index e6a6e9f..06f5ba7 100644
--- a/templates/exim/exim4.conf.SMTP_IMAP_MM.erb
+++ b/templates/exim/exim4.conf.SMTP_IMAP_MM.erb
@@ -71,7 +71,7 @@
hostlist otrs_mail_from_hosts = mchenry.wikimedia.org
<% end -%>
-<% if enable_imap_delivery == "true" then -%>
+<% if enable_imap_delivery == "true" or enable_otrs_server == "true" then -%>
# Interfaces
daemon_smtp_ports = smtp : ssmtp
<% end -%>
@@ -89,8 +89,8 @@
helo_try_verify_hosts = *
<% end -%>
-<% if rt_relay == "true" then -%>
-# Allow RT to use any sender address
+<% if rt_relay == "true" or enable_otrs_server == "true" then -%>
+# Allow RT, OTRS to use any sender address
untrusted_set_sender = *
local_from_check = false
<% end -%>
@@ -120,7 +120,7 @@
# Content filtering
spamd_address = 127.0.0.1 783
<% end %>
-<% if enable_imap_delivery == "true" then -%>
+<% if enable_imap_delivery == "true" enable_otrs_server == "true" then -%>
# TLS
tls_certificate = /etc/ssl/certs/wikimedia.org.pem
tls_privatekey = /etc/ssl/private/wikimedia.org.key
@@ -645,6 +645,23 @@
user = mail
group = mail
return_fail_output
+
+<% end -%>
+<% if enable_otrs_server == "true" then -%>
+# OTRS pipe transport
+
+otrs:
+ driver = pipe
+ command = OTRS_POSTMASTER
+ current_directory = OTRS_HOME
+ home_directory = OTRS_HOME
+ user = OTRS_USER
+ group = OTRS_GROUP
+ freeze_exec_fail
+ log_fail_output
+ timeout = 1m
+ timeout_defer
+
<% end -%>
<% if enable_mailman == "true" then -%>
diff --git a/templates/exim/exim4.otrs.erb b/templates/exim/exim4.otrs.erb
deleted file mode 100644
index 3a0afd9..0000000
--- a/templates/exim/exim4.otrs.erb
+++ /dev/null
@@ -1,199 +0,0 @@
-# Exim 4 configuration file for <%= fqdn %>
-# Written on 2009-01-28 by Mark Bergsma <[email protected]>
-
-##########
-# Macros #
-##########
-
-CONFDIR=/etc/exim4
-
-OTRS_POSTMASTER=/opt/otrs/bin/PostMaster.pl
-OTRS_HOME=/opt/otrs-home
-OTRS_USER=otrs
-OTRS_GROUP=otrs
-
-###############################
-# Main configuration settings #
-###############################
-
-# MySQL lookups (OTRS)
-hide mysql_servers = db48.pmtpa.wmnet/otrs/exim/<%=
scope.lookupvar('exim::smtp::otrs_mysql_password') %> :
db49.pmtpa.wmnet/otrs/exim/<%=
scope.lookupvar('exim::smtp::otrs_mysql_password') %>
-
-# Standard lists
-hostlist wikimedia_nets = <; <%=
scope.lookupvar('network::constants::all_networks').join(" ; ") %>
-domainlist system_domains = @
-
-domainlist local_domains = +system_domains
-hostlist otrs_mail_from_hosts = mchenry.wikimedia.org
-hostlist relay_from_hosts = <; @[]
-
-# Interfaces
-daemon_smtp_ports = smtp
-
-# Administration
-log_selector = +address_rewrite +all_parents +delivery_size +deliver_time
+incoming_interface +incoming_port +smtp_confirmation +smtp_protocol_error
+smtp_syntax_error +tls_cipher +tls_peerdn
-
-# Policy control
-acl_smtp_connect = acl_check_connect
-acl_smtp_rcpt = acl_check_rcpt
-acl_smtp_data = acl_check_data
-
-helo_try_verify_hosts = *
-
-# Allow OTRS to use any sender address
-untrusted_set_sender = *
-local_from_check = false
-
-# Resource control
-check_spool_space = 50M
-deliver_queue_load_max = 75.0
-queue_only_load = 50.0
-smtp_accept_max = 100
-smtp_accept_max_per_host = 10
-smtp_reserve_hosts = <; 127.0.0.1 ; ::1 ; +wikimedia_nets
-smtp_accept_reserve = 20
-smtp_accept_queue_per_connection = 500
-remote_max_parallel = 25
-smtp_connect_backlog = 32
-
-# Lookups
-host_lookup = *
-rfc1413_hosts =
-rfc1413_query_timeout = 5s
-
-# Other
-never_users = root : daemon : bin
-ignore_bounce_errors_after = 0h
-
-###############################
-# Access Control Lists (ACLs) #
-###############################
-
-begin acl
-
-acl_check_connect:
- # We only accept mail from our own mail relays
- require message = This server does not accept external mail
- hosts = <; 127.0.0.0/8 ; ::1 ; +wikimedia_nets
-
- accept
-
-acl_check_rcpt:
-
- # Accept if the source is local SMTP (a pipe)
-
- accept hosts = :
-
- # Deny if the local part contains @, %, /, | or !, or starts with a dot
-
- deny local_parts = ^.*[@%!/|] : ^\\.
-
- # Accept relaying from networks we control. Note: no address
verification
- # is done at this point, which is good for mail submission, but may
render
- # recipient callout verification by affected hosts useless.
-
- accept hosts = +otrs_mail_from_hosts : +relay_from_hosts
-
- # Require recipient domain to be local, or a domain we relay for
-
- require message = Relay not permitted
- domains = +local_domains
-
- # { recipient domain is under our administrative control }
-
- # Verify the recipient address for local domains, or require the
- # recipient domain to exist for remote domains
-
- require verify = recipient
-
- # Mail can be safely accepted here, but we may want to do more
- # rfc compliance checking and spam filtering.
-
- # Trust that the mail relay has done all checking
-
- accept
-
-acl_check_data:
- # Run a SpamAssassin check on any non-locally submitted messages.
- # If the message is estimated to be spam, we discard it, since
- # rejecting only moves the problem to mchenry.
-
- accept hosts = :
-
- discard message = This message scored $spam_score spam points.
- spam = otrs/defer_ok
-
- accept
-
-
-###########
-# Routers #
-###########
-
-begin routers
-
-# Use the system aliasfile /etc/aliases for system domains
-
-system_aliases:
- driver = redirect
- domains = +system_domains
- data = ${lookup{$local_part}lsearch{/etc/aliases}}
- pipe_transport = address_pipe
- allow_fail
- allow_defer
- forbid_file
-
-# Mail destined for OTRS
-
-otrs:
- driver = accept
- condition = ${lookup mysql{SELECT value0 FROM system_address WHERE
value0='${quote_mysql:$local_part@$domain}'}{true}fail}
- transport = otrs
-
-# Send all mail not destined for the local machine via a set of
-# mail relays ("smart hosts")
-
-smart_route:
- driver = manualroute
- transport = remote_smtp
- route_list = * mchenry.wikimedia.org:lists.wikimedia.org
-
-##############
-# Transports #
-##############
-
-begin transports
-
-# Generic remote SMTP transport
-
-remote_smtp:
- driver = smtp
- hosts_avoid_tls = <; 0.0.0.0/0 ; 0::0/0
-
-# Generic pipe local delivery transport (for use by alias/forward files)
-
-address_pipe:
- driver = pipe
- return_output
-
-# OTRS pipe transport
-
-otrs:
- driver = pipe
- command = OTRS_POSTMASTER
- current_directory = OTRS_HOME
- home_directory = OTRS_HOME
- user = OTRS_USER
- group = OTRS_GROUP
- freeze_exec_fail
- log_fail_output
- timeout = 1m
- timeout_defer
-
-###############
-# Retry rules #
-###############
-
-begin retry
-
-* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
--
To view, visit https://gerrit.wikimedia.org/r/77813
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I6088d689f7772a8c1b9a48a5a60ee8e049321878
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Jgreen <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
