diff options
author | Micah <micah@leap.se> | 2015-10-27 15:27:24 -0400 |
---|---|---|
committer | Micah <micah@leap.se> | 2015-11-02 10:19:48 -0500 |
commit | ed1ff6fa01bf110fc338b7116fdf577aa88a8d46 (patch) | |
tree | 0a9650f4e7b2e25cf879e8236c9b96d4e9ad9454 /puppet/modules/postfwd/manifests/init.pp | |
parent | e97a9d3800b173375a630e18e4b1aa0894eb96e1 (diff) |
Add initial rate-limiting for outgoing SMTP, using postfwd (#5972)
Change-Id: I6a6e68908b71d7499eb3ef3c7f0173b3d5b7baa2
Diffstat (limited to 'puppet/modules/postfwd/manifests/init.pp')
-rw-r--r-- | puppet/modules/postfwd/manifests/init.pp | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/puppet/modules/postfwd/manifests/init.pp b/puppet/modules/postfwd/manifests/init.pp new file mode 100644 index 00000000..b00bb071 --- /dev/null +++ b/puppet/modules/postfwd/manifests/init.pp @@ -0,0 +1,49 @@ +# This class provides rate-limiting for outgoing SMTP, using postfwd +# it is configured with some limits that seem reasonable for a generic +# use-case. Each of the following applies to sasl_authenticated users: +# +# . 150 recipients at a time +# . no more than 50 messages in 60 minutes +# . no more than 250 recipients in 60 minutes. +# +# This class could be easily extended to add overrides to these rules, +# maximum sizes per client, or additional rules +class postfwd { + + ensure_packages(['libnet-server-perl', 'libnet-dns-perl', 'postfwd']) + + file { + '/etc/default/postfwd': + source => 'puppet:///modules/postfwd/postfwd', + mode => '0644', + owner => root, + group => root, + require => Package['postfwd']; + + '/etc/postfix/postfwd.cf': + content => template('postfwd/postfwd.cf.erb'), + mode => '0644', + owner => root, + group => root, + require => File['/etc/postfix']; + } + + exec { + '/etc/init.d/postfwd reload': + refreshonly => true, + subscribe => [ File['/etc/postfix/postfwd.cf'], + File['/etc/default/postfwd'] ]; + } + + service { + 'postfwd': + ensure => running, + name => postfwd, + pattern => '/usr/sbin/postfwd', + enable => true, + hasrestart => true, + hasstatus => false, + require => [ File['/etc/default/postfwd'], + File['/etc/postfix/postfwd.cf']]; + } +} |