summaryrefslogtreecommitdiff
path: root/puppet/modules/postfwd/manifests/init.pp
diff options
context:
space:
mode:
authorMicah <micah@leap.se>2015-10-27 15:27:24 -0400
committerMicah <micah@leap.se>2015-11-02 10:19:48 -0500
commited1ff6fa01bf110fc338b7116fdf577aa88a8d46 (patch)
tree0a9650f4e7b2e25cf879e8236c9b96d4e9ad9454 /puppet/modules/postfwd/manifests/init.pp
parente97a9d3800b173375a630e18e4b1aa0894eb96e1 (diff)
Add initial rate-limiting for outgoing SMTP, using postfwd (#5972)
Change-Id: I6a6e68908b71d7499eb3ef3c7f0173b3d5b7baa2
Diffstat (limited to 'puppet/modules/postfwd/manifests/init.pp')
-rw-r--r--puppet/modules/postfwd/manifests/init.pp49
1 files changed, 49 insertions, 0 deletions
diff --git a/puppet/modules/postfwd/manifests/init.pp b/puppet/modules/postfwd/manifests/init.pp
new file mode 100644
index 00000000..b00bb071
--- /dev/null
+++ b/puppet/modules/postfwd/manifests/init.pp
@@ -0,0 +1,49 @@
+# This class provides rate-limiting for outgoing SMTP, using postfwd
+# it is configured with some limits that seem reasonable for a generic
+# use-case. Each of the following applies to sasl_authenticated users:
+#
+# . 150 recipients at a time
+# . no more than 50 messages in 60 minutes
+# . no more than 250 recipients in 60 minutes.
+#
+# This class could be easily extended to add overrides to these rules,
+# maximum sizes per client, or additional rules
+class postfwd {
+
+ ensure_packages(['libnet-server-perl', 'libnet-dns-perl', 'postfwd'])
+
+ file {
+ '/etc/default/postfwd':
+ source => 'puppet:///modules/postfwd/postfwd',
+ mode => '0644',
+ owner => root,
+ group => root,
+ require => Package['postfwd'];
+
+ '/etc/postfix/postfwd.cf':
+ content => template('postfwd/postfwd.cf.erb'),
+ mode => '0644',
+ owner => root,
+ group => root,
+ require => File['/etc/postfix'];
+ }
+
+ exec {
+ '/etc/init.d/postfwd reload':
+ refreshonly => true,
+ subscribe => [ File['/etc/postfix/postfwd.cf'],
+ File['/etc/default/postfwd'] ];
+ }
+
+ service {
+ 'postfwd':
+ ensure => running,
+ name => postfwd,
+ pattern => '/usr/sbin/postfwd',
+ enable => true,
+ hasrestart => true,
+ hasstatus => false,
+ require => [ File['/etc/default/postfwd'],
+ File['/etc/postfix/postfwd.cf']];
+ }
+}