Puppet Class: vrts::mail

Defined in:
modules/vrts/manifests/mail.pp

Overview

SPDX-License-Identifier: Apache-2.0 Class: vrts::mail

This class installs/configures the exim part of the WMF OTRS installation

Parameters:

$vrts_mysql_database
    The name of the VRTS database
$vrts_mysql_user
    The user for exim to connect to the VRTS database
$vrts_mysql_password
    The password for exim to connect to the VRTS database
$trusted_networks
    VRTS trusted networks by exim/spamassasin

Actions:

Install/configure exim/spamassasin

Requires:

Sample Usage:

class { 'vrts::mail'
    vrts_mysql_database => 'otrs',
    vrts_mysql_user => 'exim',
    vrts_mysql_password => 'pass',
    trusted_networks => [],
}

Parameters:

  • vrts_mysql_database (String)
  • vrts_mysql_user (String)
  • vrts_mysql_password (String)
  • trusted_networks (Array)
  • mail_smarthosts (Array[Stdlib::Fqdn])


29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# File 'modules/vrts/manifests/mail.pp', line 29

class vrts::mail(
    String $vrts_mysql_database,
    String $vrts_mysql_user,
    String $vrts_mysql_password,
    Array $trusted_networks,
    Array[Stdlib::Fqdn] $mail_smarthosts,
){
    class { '::clamav':
        proxy => "webproxy.${::site}.wmnet:8080",
    }

    class { '::exim4':
        variant => 'heavy',
        config  => template('vrts/exim4.conf.vrts.erb'),
        filter  => template('vrts/system_filter.conf.vrts.erb'),
        require => [
            Class['spamassassin'],
            Class['clamav'],
        ],
    }
    class { '::spamassassin':
        required_score        => '3.5',# (5.0)
        use_bayes             => '1',  # 0|(1)
        bayes_auto_learn      => '0',  # 0|(1)
        short_report_template => true, # true|(false)
        trusted_networks      => $trusted_networks,
        custom_scores         => {
            'RP_MATCHES_RCVD'   => '-0.500',
            'SPF_SOFTFAIL'      => '2.000',
            'SUSPICIOUS_RECIPS' => '2.000',
            'DEAR_SOMETHING'    => '1.500',
        },
        debug_logging         => '--debug spf',
        proxy                 => "webproxy.${::site}.wmnet:8080",
    }

    mailalias { 'root':
        recipient => 'root@wikimedia.org',
    }

    file { '/etc/exim4/defer_domains':
        ensure  => present,
        owner   => 'root',
        group   => 'Debian-exim',
        mode    => '0444',
        require => Class['exim4'],
    }

    file { '/usr/local/bin/train_spamassassin':
        ensure => file,
        owner  => 'root',
        group  => 'root',
        mode   => '0555',
        source => 'puppet:///modules/vrts/train_spamassassin',
    }

    systemd::timer::job { 'vrts_train_spamassassin':
        ensure      => present,
        user        => 'root',
        description => 'VRTS - train spamassassin filters',
        command     => '/usr/local/bin/train_spamassassin',
        interval    => {'start' => 'OnCalendar', 'interval' => '*-*-* *:05:00'},
    }

    file { '/var/spool/spam':
        ensure => directory,
        owner  => 'otrs',
        group  => 'www-data',
        mode   => '0775',
    }

    rsyslog::input::file { 'vrts-exim-maillog':
        path => '/var/log/mail.log',
    }

    rsyslog::input::file { 'vrts-exim-mailinfo':
        path => '/var/log/mail.info',
    }

    rsyslog::input::file { 'vrts-exim-mailwarn':
        path => '/var/log/mail.warn',
    }

    rsyslog::input::file { 'vrts-exim-mailerr':
        path => '/var/log/mail.err',
    }

    rsyslog::input::file { 'vrts-clamav':
        path => '/var/log/clamav/clamav.log',
    }

    rsyslog::input::file { 'vrts-freshclam':
        path => '/var/log/clamav/freshclam.log',
    }
}