Forge Home

exim

A module for configuring exim

27,865 downloads

204 latest version

5.0 quality score

Version information

  • 1.2.0 (latest)
  • 1.1.8
  • 1.1.7
  • 1.1.5
  • 1.1.4 (deleted)
  • 1.1.3
  • 1.1.2
  • 1.1.1
  • 1.1.0
  • 1.0.1
  • 1.0.0
  • 0.3.2
  • 0.3.0
  • 0.2.9
  • 0.2.8
  • 0.2.7
  • 0.2.6
  • 0.2.5
  • 0.2.4
  • 0.2.3 (deleted)
  • 0.2.2
  • 0.2.1
  • 0.2.0
  • 0.0.3
  • 0.0.2
  • 0.0.1 (deleted)
released May 12th 2022
This version is compatible with:
  • Puppet Enterprise 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.4.0 < 8.0.0
  • , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'norisnetwork-exim', '1.2.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add norisnetwork-exim
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install norisnetwork-exim --version 1.2.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: mail, exim

Documentation

norisnetwork/exim — version 1.2.0 May 12th 2022

puppet-exim

The exim puppet module installes and configures exim. The goal is to support the most complex configurations and compile them into a nice, easy to read, single configuration file.

Usage with hiera

In the simpliest form, you can just include the exim class:

  classes:
  - exim

This configures exim so that it will accept mails generated on the local system, and forwards it to mail..

This will probably not work for you, so I suggest building your own custom configuration. Here is an example replicating the default config:

Load the main class. Disable the default config. Set the acl used for rcpt checking to "acl_check_rcpt" (default, shown for demonstation)

  exim::defaults: false
  exim::acl_smtp_rcpt: 'acl_check_rcpt'

Create a new, acl list named "acl_check_rcpt" :

  exim::acls:
    'acl_check_rcpt':
      statements:
        'Accept local':
          acl_id: 1
          order:  1
          action: 'accept'
          conditions:
            hosts:
            - ':'
        'Accept hostlist':
          acl_id: 1
          order:  2
          action: 'accept'
          conditions:
            hosts:
            - '127.0.0.1'
            - '@'
        'deny all':
          acl_id: 1
          order:  3
          action: 'deny'
          conditions:
            message:
            - 'relay not permitted'

Create 2 routers, one to do aliasing, and one to send mails to a remote smarthost:

  exim::routers:
    'system_aliases':
      order: 1
      driver: 'redirect'
      domains:
        - '@'
      allow_fail: true
      allow_defer: true
      data: '${lookup{$local_part}lsearch{/etc/aliases}}'
    'smarthost':
      order: 2
      driver: 'manualroute'
      transport: 'remote_smtp'
      route_list: '* mail.%{facts.networking.domain} byname'
      host_find_failed: 'defer'
      same_domain_copy_routing: true
      no_more: true

Create an smtp-transport:

  exim::transports:
    'remote_smtp':
      driver: 'smtp'

Create an address-pipe-transport:

  exim::transports:
    'address_pipe':
      driver: 'pipe'
      log_output: true
      return_fail_output: true
      exim_environment:
        - 'USER1': 'user1'
        - 'USER2': 'user2'
      path: '/usr/bin:/bin'
      timeout: '2h'
      timeout_defer: true

Create a default retry rule for all (*) mails:

  exim::retries:
    '*': {}

Usage with "classical" puppet code

In the simpliest form, you can just include the exim class:

  include exim

This configures exim so that it will accept mails generated on the local system, and forwards it to mail..

This will probably not work for you, so I suggest building your own custom configuration. Here is an example replicating the default config:

Load the main class. Disable the default config. Set the acl used for rcpt checking to "acl_check_rcpt" (default, shown for demonstation)

  class {'exim':
    defaults      => false,
    acl_smtp_rcpt => 'acl_check_rcpt',
  }

Create a new, acl list named "acl_check_rcpt" :

  exim::acl {'acl_check_rcpt':
    statements => {
      'Accept local' => {
        action     => 'accept',
        conditions => [ ['hosts',[':']] ],
      },
      'Accept hostlist' => {
        action     => 'accept',
        conditions => [ ['hosts'   , ['@','127.0.0.1']], ]
      },
      'deny all' => {
        action     => 'deny',
        conditions => [ ['message' , ['relay not permitted']], ]
      }
    }
  }

Create 2 routers, one to do aliasing, and one to send mails to a remote smarthost:

  exim::router {'system_aliases':
    order       => 1,
    driver      => 'redirect',
    domains     => ['@'],
    allow_fail  => true,
    allow_defer => true,
    data        => '${lookup{$local_part}lsearch{/etc/aliases}}',
  }
  exim::router {'smarthost':
    order                    => 2,
    driver                   => 'manualroute',
    transport                => 'remote_smtp',
    route_list               => "* mail.${facts['networking']['domain']} byname",
    host_find_failed         => 'defer',
    same_domain_copy_routing => true,
    no_more                  => true,
  }

Create an smtp-transport:

  exim::transport {'remote_smtp':
    driver          => 'smtp',
  }

Create an address-pipe-transport:

  exim::transport {'address_pipe':
    driver             => 'pipe',
    log_output         => true,
    return_fail_output => true,
    exim_environment   => [ 
      { 'USER1'          => 'user1' },
      { 'USER2'          => 'user2' } ],
    path               => '/usr/bin:/bin',
    timeout            => '2h',
    timeout_defer      => true,
  }

Create a default retry rule for all (*) mails:

  exim::retry {'*':}