Remove legacy certificate support

[chef.git] / cookbooks / exim / recipes / default.rb

diff --git a/cookbooks/exim/recipes/default.rb b/cookbooks/exim/recipes/default.rb
index 099e047c6cc1b821a8f13816a53455aeae3ef291..2aabb40ff29d3f4d862b10d23356031b1e758098 100644 (file)
--- a/cookbooks/exim/recipes/default.rb
+++ b/cookbooks/exim/recipes/default.rb
@@ -23,9 +23,7 @@ package "exim4"
 package "openssl"
 package "ssl-cert"
 
-if File.exist?("/var/run/clamav/clamd.ctl")
-  package "exim4-daemon-heavy"
-end
+package "exim4-daemon-heavy" if File.exist?("/var/run/clamav/clamd.ctl")
 
 group "ssl-cert" do
   action :modify
@@ -37,7 +35,7 @@ template "/tmp/exim.ssl.cnf" do
   source "ssl.cnf.erb"
   owner "root"
   group "root"
-  mode 0644
+  mode 0o644
   not_if do
     File.exist?("/etc/ssl/certs/exim.pem") && File.exist?("/etc/ssl/private/exim.key")
   end
@@ -76,7 +74,7 @@ template "/etc/exim4/exim4.conf" do
   source "exim4.conf.erb"
   owner "root"
   group "Debian-exim"
-  mode 0644
+  mode 0o644
   variables :relay_to_domains => relay_to_domains.sort,
             :relay_from_hosts => relay_from_hosts.sort
   notifies :restart, "service[exim4]"
@@ -103,17 +101,17 @@ template "/etc/aliases" do
   source "aliases.erb"
   owner "root"
   group "root"
-  mode 0644
+  mode 0o644
 end
 
 remote_directory "/etc/exim4/noreply" do
   source "noreply"
   owner "root"
   group "Debian-exim"
-  mode 0755
+  mode 0o755
   files_owner "root"
   files_group "Debian-exim"
-  files_mode 0755
+  files_mode 0o755
   purge true
 end
 
@@ -144,11 +142,12 @@ else
   end
 end
 
-firewall_rule "deny-outbound-smtp" do
-  action :reject
-  source "fw"
-  dest "net"
-  proto "tcp:syn"
-  dest_ports "smtp"
-  only_if { node[:exim][:smarthost_via] }
+if node[:exim][:smarthost_via] # ~FC023
+  firewall_rule "deny-outbound-smtp" do
+    action :reject
+    source "fw"
+    dest "net"
+    proto "tcp:syn"
+    dest_ports "smtp"
+  end
 end