From 339e24f1e3e2275712e5b3e2163c403113b4605d Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Thu, 25 Feb 2021 21:20:15 +0000 Subject: [PATCH] Do all mail deliveries via a controlled set of queues --- cookbooks/exim/attributes/default.rb | 1 + cookbooks/exim/recipes/default.rb | 8 +++++++ cookbooks/exim/templates/default/default.erb | 23 +++++++++++++++++++ .../exim/templates/default/exim4.conf.erb | 6 +++++ roles/mail.rb | 1 + 5 files changed, 39 insertions(+) create mode 100644 cookbooks/exim/templates/default/default.erb diff --git a/cookbooks/exim/attributes/default.rb b/cookbooks/exim/attributes/default.rb index 77b8d8716..21e999109 100644 --- a/cookbooks/exim/attributes/default.rb +++ b/cookbooks/exim/attributes/default.rb @@ -3,6 +3,7 @@ default[:exim][:relay_to_domains] = [] default[:exim][:relay_from_hosts] = ["127.0.0.1", "::1"] default[:exim][:daemon_smtp_ports] = [25] default[:exim][:trusted_users] = [] +default[:exim][:queue_run_max] = 1 default[:exim][:smarthost_name] = nil default[:exim][:smarthost_via] = "mail.openstreetmap.org:26" default[:exim][:routes] = {} diff --git a/cookbooks/exim/recipes/default.rb b/cookbooks/exim/recipes/default.rb index f1c9ddf22..8a1fd5efb 100644 --- a/cookbooks/exim/recipes/default.rb +++ b/cookbooks/exim/recipes/default.rb @@ -163,6 +163,14 @@ if node[:exim][:dkim_selectors] end end +template "/etc/default/exim4" do + source "default.erb" + owner "root" + group "root" + mode "044" + notifies :restart, "service[exim4]" +end + template "/etc/exim4/exim4.conf" do source "exim4.conf.erb" owner "root" diff --git a/cookbooks/exim/templates/default/default.erb b/cookbooks/exim/templates/default/default.erb new file mode 100644 index 000000000..2fb3dcc17 --- /dev/null +++ b/cookbooks/exim/templates/default/default.erb @@ -0,0 +1,23 @@ +# DO NOT EDIT - This file is being maintained by Chef + +# 'combined' - one daemon running queue and listening on SMTP port +# 'no' - no daemon running the queue +# 'separate' - two separate daemons +# 'ppp' - only run queue with /etc/ppp/ip-up.d/exim4. +# 'nodaemon' - no daemon is started at all. +# 'queueonly' - only a queue running daemon is started, no SMTP listener. +# setting this to 'no' will also disable queueruns from /etc/ppp/ip-up.d/exim4 +QUEUERUNNER='combined' +# how often should we run the queue +QUEUEINTERVAL='30s' +# options common to quez-runner and listening daemon +COMMONOPTIONS='' +# more options for the daemon/process running the queue (applies to the one +# started in /etc/ppp/ip-up.d/exim4, too. +QUEUERUNNEROPTIONS='' +# special flags given to exim directly after the -q. See exim(8) +QFLAGS='' +# options for daemon listening on port 25 +SMTPLISTENEROPTIONS='' +# only warn once about each error +E4BCD_WATCH_PANICLOG='once' diff --git a/cookbooks/exim/templates/default/exim4.conf.erb b/cookbooks/exim/templates/default/exim4.conf.erb index ab7a72da9..2d1d96e12 100644 --- a/cookbooks/exim/templates/default/exim4.conf.erb +++ b/cookbooks/exim/templates/default/exim4.conf.erb @@ -358,6 +358,12 @@ timeout_frozen_after = 7d trusted_users = <%= node[:exim][:trusted_users].join(" : ") %> +# Do all deliveries via a limited set of queues. + +queue_only = true +queue_run_max = <%= node[:exim][:queue_run_max] %> + + ###################################################################### # ACL CONFIGURATION # diff --git a/roles/mail.rb b/roles/mail.rb index 5783e1bda..77b3bf3f4 100644 --- a/roles/mail.rb +++ b/roles/mail.rb @@ -26,6 +26,7 @@ default_attributes( "a.mx.openstreetmaps.org", "a.mx.osm.io" ], + :queue_run_max => 5, :smarthost_name => "mail.openstreetmap.org", :smarthost_via => false, :dns_blacklists => ["zen.spamhaus.org"], -- 2.39.5