From ed1ff6fa01bf110fc338b7116fdf577aa88a8d46 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 27 Oct 2015 15:27:24 -0400 Subject: Add initial rate-limiting for outgoing SMTP, using postfwd (#5972) Change-Id: I6a6e68908b71d7499eb3ef3c7f0173b3d5b7baa2 --- puppet/modules/postfwd/manifests/init.pp | 49 ++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 puppet/modules/postfwd/manifests/init.pp (limited to 'puppet/modules/postfwd/manifests/init.pp') diff --git a/puppet/modules/postfwd/manifests/init.pp b/puppet/modules/postfwd/manifests/init.pp new file mode 100644 index 00000000..b00bb071 --- /dev/null +++ b/puppet/modules/postfwd/manifests/init.pp @@ -0,0 +1,49 @@ +# This class provides rate-limiting for outgoing SMTP, using postfwd +# it is configured with some limits that seem reasonable for a generic +# use-case. Each of the following applies to sasl_authenticated users: +# +# . 150 recipients at a time +# . no more than 50 messages in 60 minutes +# . no more than 250 recipients in 60 minutes. +# +# This class could be easily extended to add overrides to these rules, +# maximum sizes per client, or additional rules +class postfwd { + + ensure_packages(['libnet-server-perl', 'libnet-dns-perl', 'postfwd']) + + file { + '/etc/default/postfwd': + source => 'puppet:///modules/postfwd/postfwd', + mode => '0644', + owner => root, + group => root, + require => Package['postfwd']; + + '/etc/postfix/postfwd.cf': + content => template('postfwd/postfwd.cf.erb'), + mode => '0644', + owner => root, + group => root, + require => File['/etc/postfix']; + } + + exec { + '/etc/init.d/postfwd reload': + refreshonly => true, + subscribe => [ File['/etc/postfix/postfwd.cf'], + File['/etc/default/postfwd'] ]; + } + + service { + 'postfwd': + ensure => running, + name => postfwd, + pattern => '/usr/sbin/postfwd', + enable => true, + hasrestart => true, + hasstatus => false, + require => [ File['/etc/default/postfwd'], + File['/etc/postfix/postfwd.cf']]; + } +} -- cgit v1.2.3 From ea5b55fb9a4f831c586ba773205d3238e5213260 Mon Sep 17 00:00:00 2001 From: Micah Date: Mon, 2 Nov 2015 18:45:13 -0500 Subject: fix postfwd dependency requirement Change-Id: Ied475dd1d555a2388034012f5a799a202dcc6ee7 --- puppet/modules/postfwd/manifests/init.pp | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) (limited to 'puppet/modules/postfwd/manifests/init.pp') diff --git a/puppet/modules/postfwd/manifests/init.pp b/puppet/modules/postfwd/manifests/init.pp index b00bb071..1ebc1d53 100644 --- a/puppet/modules/postfwd/manifests/init.pp +++ b/puppet/modules/postfwd/manifests/init.pp @@ -14,7 +14,7 @@ class postfwd { file { '/etc/default/postfwd': - source => 'puppet:///modules/postfwd/postfwd', + source => 'puppet:///modules/postfwd/postfwd_default', mode => '0644', owner => root, group => root, @@ -25,14 +25,7 @@ class postfwd { mode => '0644', owner => root, group => root, - require => File['/etc/postfix']; - } - - exec { - '/etc/init.d/postfwd reload': - refreshonly => true, - subscribe => [ File['/etc/postfix/postfwd.cf'], - File['/etc/default/postfwd'] ]; + require => Package['postfix']; } service { -- cgit v1.2.3 From 256105ac5641b5b28cb0edff3d7437cf5f6105c7 Mon Sep 17 00:00:00 2001 From: Micah Date: Thu, 3 Dec 2015 20:12:56 -0500 Subject: Make sure /etc/default and config file are there before service is triggered (#7618) Change-Id: Ib9fa598a94e8fd41329b1c9ed4bb52281bf04992 --- puppet/modules/postfwd/manifests/init.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'puppet/modules/postfwd/manifests/init.pp') diff --git a/puppet/modules/postfwd/manifests/init.pp b/puppet/modules/postfwd/manifests/init.pp index 1ebc1d53..6db3fa52 100644 --- a/puppet/modules/postfwd/manifests/init.pp +++ b/puppet/modules/postfwd/manifests/init.pp @@ -18,14 +18,15 @@ class postfwd { mode => '0644', owner => root, group => root, - require => Package['postfwd']; + before => Package['postfwd']; '/etc/postfix/postfwd.cf': content => template('postfwd/postfwd.cf.erb'), mode => '0644', owner => root, group => root, - require => Package['postfix']; + require => Package['postfix'], + before => Package['postfwd']; } service { -- cgit v1.2.3