]> git.openstreetmap.org Git - chef.git/blobdiff - roles/mail.rb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
openssh: disable password authentication by default (except dev)
[chef.git] / roles / mail.rb
diff --git a/roles/mail.rb b/roles/mail.rb
index 5cdb8372fedeb86fcf75393c9558c282987cc46b..d1b2af87d387bf5285de72442c433888f3aa6399 100644 (file)
--- a/roles/mail.rb
+++ b/roles/mail.rb
@@ -3,33 +3,60 @@ description "Role applied to all mail servers"
 
 default_attributes(
   :exim => {
 
 default_attributes(
   :exim => {
-    :local_domains => [ "openstreetmap.org", "osm.org", "noreply.openstreetmap.org" ],
-    :daemon_smtp_ports => [ 25, 26 ],
+    :local_domains => [
+      "openstreetmap.org",
+      "osm.org",
+      "noreply.openstreetmap.org",
+      "openstreetmap.co.uk",
+      "openstreetmap.org.uk",
+      "openstreetmap.com",
+      "openstreetmap.io",
+      "openstreetmap.pro",
+      "openstreetmaps.org",
+      "osm.io"
+    ],
+    :daemon_smtp_ports => [25, 26],
+    :certificate_names => [
+      "mail.openstreetmap.org",
+      "a.mx.openstreetmap.org",
+      "a.mx.osm.org",
+      "a.mx.openstreetmap.com",
+      "a.mx.openstreetmap.io",
+      "a.mx.openstreetmap.pro",
+      "a.mx.openstreetmaps.org",
+      "a.mx.osm.io"
+    ],
+    :queue_run_max => 25,
+    :smtp_accept_max => 200,
     :smarthost_name => "mail.openstreetmap.org",
     :smarthost_via => false,
     :smarthost_name => "mail.openstreetmap.org",
     :smarthost_via => false,
-    :dns_blacklists => [ "sbl-xbl.spamhaus.org" ],
+    :dns_blacklists => ["zen.spamhaus.org"],
     :routes => {
       :messages => {
         :comment => "messages.openstreetmap.org",
     :routes => {
       :messages => {
         :comment => "messages.openstreetmap.org",
-        :domains => [ "messages.openstreetmap.org" ],
-        :host => [ "spike-01.openstreetmap.org", "spike-02.openstreetmap.org", "spike-03.openstreetmap.org" ]
+        :domains => ["messages.openstreetmap.org"],
+        :host => ["spike-06.openstreetmap.org", "spike-07.openstreetmap.org", "spike-08.openstreetmap.org"]
       },
       :otrs => {
         :comment => "otrs.openstreetmap.org",
       },
       :otrs => {
         :comment => "otrs.openstreetmap.org",
-        :domains => [ "otrs.openstreetmap.org" ],
+        :domains => ["otrs.openstreetmap.org"],
         :host => "ridley.ucl.openstreetmap.org"
       },
         :host => "ridley.ucl.openstreetmap.org"
       },
-      :tickets => {
-        :comment => "tickets.openstreetmap.org",
-        :domains => [ "tickets.openstreetmap.org" ],
+      :join => {
+        :comment => "join.osmfoundation.org",
+        :domains => ["join.osmfoundation.org"],
         :host => "ridley.ucl.openstreetmap.org"
       },
         :host => "ridley.ucl.openstreetmap.org"
       },
-      :crm => {
-        :comment => "crm.osmfoundation.org",
-        :domains => [ "crm.osmfoundation.org" ],
-        :host => "ridley.ucl.openstreetmap.org"
+      :community => {
+        :comment => "community.openstreetmap.org",
+        :domains => ["community.openstreetmap.org"],
+        :host => "jakelong.dub.openstreetmap.org::2500"
       }
     },
       }
     },
+    :dkim_selectors => {
+      "openstreetmap.org" => "20200301",
+      "osmfoundation.org" => "20201112"
+    },
     :aliases => {
       "abuse" => "root",
       "postmaster" => "root",
     :aliases => {
       "abuse" => "root",
       "postmaster" => "root",
@@ -38,7 +65,7 @@ default_attributes(
       "rails" => "root",
       "trac" => "root",
       "munin" => "root",
       "rails" => "root",
       "trac" => "root",
       "munin" => "root",
-      "thinkup" => "root",
+      "prometheus" => "root",
       "www-data" => "root",
       "osmbackup" => "root",
       "noreply" => "/dev/null",
       "www-data" => "root",
       "osmbackup" => "root",
       "noreply" => "/dev/null",
@@ -54,23 +81,30 @@ default_attributes(
       "support" => "support@otrs.openstreetmap.org",
       "memorial" => "communication@osmfoundation.org",
       "legal" => "legal@osmfoundation.org",
       "support" => "support@otrs.openstreetmap.org",
       "memorial" => "communication@osmfoundation.org",
       "legal" => "legal@osmfoundation.org",
-      "dmca" => "dmca@osmfoundation.org"
+      "dmca" => "dmca@osmfoundation.org",
+      "program-sotm" => "sotm-program@otrs.openstreetmap.org"
     },
     :private_aliases => "mail"
   },
   :munin => {
     :plugins => {
       :exim_mailqueue => {
     },
     :private_aliases => "mail"
   },
   :munin => {
     :plugins => {
       :exim_mailqueue => {
-        :mails => { 
+        :mails => {
           :warning => 500,
           :critical => 1000
         }
       }
     }
           :warning => 500,
           :critical => 1000
         }
       }
     }
+  },
+  :prometheus => {
+    :metrics => {
+      :exim_queue_limit => { :metric => 250 }
+    }
   }
 )
 
 run_list(
   "recipe[clamav]",
   }
 )
 
 run_list(
   "recipe[clamav]",
+  "recipe[exim]",
   "recipe[spamassassin]"
 )
   "recipe[spamassassin]"
 )
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.