Commit 07176cf8 authored by Wágner Ferenc's avatar Wágner Ferenc
Browse files

Internet Exim setup fits a list server better

Replace common.exim with a specialized router.  This enables meaninful
sender and recipient verification, because all addresses aren't
routable anymore.  And doesn't put mailing list load on our redirector
service.
parent 5c64e595
[submodule "ansible/roles/common.debian-basic"]
path = ansible/roles/common.debian-basic
url = git@dev.niif.hu:ansible/common.debian-basic
[submodule "ansible/roles/common.exim"]
path = ansible/roles/common.exim
url = git@dev.niif.hu:ansible/common.exim
[submodule "ansible/roles/common.monitored-server"]
path = ansible/roles/common.monitored-server
url = git@dev.niif.hu:ansible/common.monitored-server
......
......@@ -4,7 +4,8 @@
roles:
# Exim first, otherwise debian-basic pulls in sendmail
- common.exim
- role: mailman
tags: mailman
- common.debian-basic
- common.monitored-server
- common.munin-node
......@@ -20,8 +21,6 @@
template_name: mail
- role: apache
tags: apache
- role: mailman
tags: mailman
vars:
- nss_cn: listserv.niif.hu
......
# We share the certificate key with the Debian-exim group:
dependencies:
- role: common.exim
- role: mailman
Subproject commit 22be644b53ad50585ce24916bfdc7dd7c9874051
......@@ -8,6 +8,19 @@
register: install_mailman
# mailman.service fails and tries to restart indefinitely (Site list is missing: mailman)
- name: Prepare update-exim4.conf.conf for the restricted_redirector router
become: yes
lineinfile:
dest: /etc/exim4/update-exim4.conf.conf
regexp: ^dc_{{ item.key }}=
line: dc_{{ item.key }}='{{ item.value }}'
with_dict:
readhost: "{{ inventory_hostname }}"
smarthost: redirector.niif.hu
eximconfig_configtype: internet
when: not (ansible_check_mode and install_mailman is changed)
notify: Reload Exim
- name: Integrate Mailman with Exim
become: yes
template:
......
......@@ -1293,6 +1293,17 @@ system_aliases:
### end router/400_exim4-config_system_aliases
#####################################################
# A copy of hub_user_smarthost effective in internet setup:
restricted_redirector:
debug_print = "R: restricted_redirector for $local_part@$domain"
driver = manualroute
domains = DCreadhost
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = ignore
same_domain_copy_routing = yes
check_local_user
# http://www.exim.org/howto/mailman21.html#exconf:
# You also need to have an alias for mailman within the mm_domains,
# this picks up mail sent to the site list (or basically just sent in
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment