Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 4.4.0 < 8.0.0
- , ,
Start using this module
Add this module to your Puppetfile:
mod 'norisnetwork-exim', '1.1.7'
Learn more about managing modules with a PuppetfileDocumentation
puppet-exim
The exim puppet module installes and configures exim. The goal is to support the most complex configurations and compile them into a nice, easy to read, single configuration file.
Usage with hiera
In the simpliest form, you can just include the exim class:
classes:
- exim
This configures exim so that it will accept mails generated on the local system, and forwards it to mail..
This will probably not work for you, so I suggest building your own custom configuration. Here is an example replicating the default config:
Load the main class. Disable the default config. Set the acl used for rcpt checking to "acl_check_rcpt" (default, shown for demonstation)
exim::defaults: false
exim::acl_smtp_rcpt: 'acl_check_rcpt'
Create a new, acl list named "acl_check_rcpt" :
exim::acls:
'acl_check_rcpt':
statements:
'Accept local':
acl_id: 1
order: 1
action: 'accept'
conditions:
hosts:
- ':'
'Accept hostlist':
acl_id: 1
order: 2
action: 'accept'
conditions:
hosts:
- '127.0.0.1'
- '@'
'deny all':
acl_id: 1
order: 3
action: 'deny'
conditions:
message:
- 'relay not permitted'
Create 2 routers, one to do aliasing, and one to send mails to a remote smarthost:
exim::routers:
'system_aliases':
order: 1
driver: 'redirect'
domains:
- '@'
allow_fail: true
allow_defer: true
data: '${lookup{$local_part}lsearch{/etc/aliases}}'
'smarthost':
order: 2
driver: 'manualroute'
transport: 'remote_smtp'
route_list: '* mail.%{facts.networking.domain} byname'
host_find_failed: 'defer'
same_domain_copy_routing: true
no_more: true
Create an smtp-transport:
exim::transports:
'remote_smtp':
driver: 'smtp'
Create an address-pipe-transport:
exim::transports:
'address_pipe':
driver: 'pipe'
log_output: true
return_fail_output: true
exim_environment:
- 'USER1': 'user1'
- 'USER2': 'user2'
path: '/usr/bin:/bin'
timeout: '2h'
timeout_defer: true
Create a default retry rule for all (*) mails:
exim::retries:
'*': {}
Usage with "classical" puppet code
In the simpliest form, you can just include the exim class:
include exim
This configures exim so that it will accept mails generated on the local system, and forwards it to mail..
This will probably not work for you, so I suggest building your own custom configuration. Here is an example replicating the default config:
Load the main class. Disable the default config. Set the acl used for rcpt checking to "acl_check_rcpt" (default, shown for demonstation)
class {'exim':
defaults => false,
acl_smtp_rcpt => 'acl_check_rcpt',
}
Create a new, acl list named "acl_check_rcpt" :
exim::acl {'acl_check_rcpt':
statements => {
'Accept local' => {
action => 'accept',
conditions => [ ['hosts',[':']] ],
},
'Accept hostlist' => {
action => 'accept',
conditions => [ ['hosts' , ['@','127.0.0.1']], ]
},
'deny all' => {
action => 'deny',
conditions => [ ['message' , ['relay not permitted']], ]
}
}
}
Create 2 routers, one to do aliasing, and one to send mails to a remote smarthost:
exim::router {'system_aliases':
order => 1,
driver => 'redirect',
domains => ['@'],
allow_fail => true,
allow_defer => true,
data => '${lookup{$local_part}lsearch{/etc/aliases}}',
}
exim::router {'smarthost':
order => 2,
driver => 'manualroute',
transport => 'remote_smtp',
route_list => "* mail.${facts['networking']['domain']} byname",
host_find_failed => 'defer',
same_domain_copy_routing => true,
no_more => true,
}
Create an smtp-transport:
exim::transport {'remote_smtp':
driver => 'smtp',
}
Create an address-pipe-transport:
exim::transport {'address_pipe':
driver => 'pipe',
log_output => true,
return_fail_output => true,
exim_environment => [
{ 'USER1' => 'user1' },
{ 'USER2' => 'user2' } ],
path => '/usr/bin:/bin',
timeout => '2h',
timeout_defer => true,
}
Create a default retry rule for all (*) mails:
exim::retry {'*':}
Reference
Table of Contents
Classes
Public Classes
exim
: This module configures exim
Private Classes
exim::config
exim::install
: This class installes the exim packageexim::service
: This class manages the exim service
Defined types
exim::acl
: This define creates a new aclexim::acl::statement
: This define creates one acl statement in exims configurationexim::addresslist
: This define can be used to create addresslists, which can be referenced laterexim::authenticator
: This module configures a single authenticator in exims configurationexim::domainlist
: This define can be used to create domainlists, which can be referenced laterexim::hostlist
: This define can be used to create hostlists, which can be referenced laterexim::retry
: This define is used to build retry rulesexim::rewrite
: This define is used to build rewrite rulesexim::router
: This module configures a single router in exims configurationexim::transport
: This module configures a single transport in exims configuration
Classes
exim
This module configures exim
Examples
include ::exim
Parameters
The following parameters are available in the exim
class:
acl_not_smtp
acl_smtp_connect
acl_smtp_auth
acl_smtp_data
acl_smtp_predata
acl_smtp_mail
acl_smtp_mime
acl_smtp_rcpt
allow_mx_to_ip
auto_thaw
av_scanner
callout_domain_positive_expire
check_spool_space
chunking_advertise_hosts
queue_smtp_domains
config_path
daemon_smtp_ports
tls_on_connect_ports
defaults
delay_warning
deliver_queue_load_max
disable_ipv6
errors_reply_to
extract_addresses_remove_arguments
freeze_tell
gnutls_compat_mode
openssl_options
heavy
helo_allow_chars
host_lookup
hosts_treat_as_local
ignore_bounce_errors_after
includes
local_from_check
local_interfaces
log_file_path
log_lost_incoming_connection
log_retry_defer
log_sender_on_delivery
log_skip_delivery
log_smtp_confirmation
log_smtp_connection
log_smtp_protocol_error
log_smtp_syntax_error
log_tls_peerdn
log_mail_subject
log_8bitmime
log_acl_warn_skipped
log_address_rewrite
log_all_parents
log_arguments
log_connection_reject
log_delay_delivery
log_deliver_time
log_delivery_size
log_dnslist_defer
log_dnssec
log_etrn
log_host_lookup_failed
log_ident_timeout
log_incoming_interface
log_incoming_port
log_millisec
log_outgoing_interface
log_outgoing_port
log_queue_run
log_queue_time
log_queue_time_overall
log_pid
log_proxy
log_received_recipients
log_received_sender
log_rejected_header
log_return_path_on_delivery
log_sender_verify_fail
log_size_reject
log_smtp_incomplete_transaction
log_smtp_mailauth
log_smtp_no_mail
log_tls_certificate_verified
log_tls_cipher
log_tls_sni
log_unknown_in_list
log_timezone
log_file_path
macros
manage_service
message_logs
message_size_limit
mysql_servers
never_users
qualify_domain
queue_only_load
queue_run_max
remote_max_parallel
rfc1413_hosts
rfc1413_query_timeout
smtp_accept_max
smtp_accept_max_nonmail
smtp_accept_max_per_connection
smtp_accept_max_per_host
smtp_accept_queue
smtp_accept_queue_per_connection
smtp_accept_reserve
smtp_banner
received_header_text
smtp_receive_timeout
smtp_reserve_hosts
smtp_return_error_details
spamd_address
split_spool_directory
syslog_timestamp
system_filter
timeout_frozen_after
tls_advertise_hosts
tls_certificate
tls_privatekey
trusted_users
print_topbitchars
untrusted_set_sender
tls_require_ciphers
ldap_default_servers
exim_heavy_package
exim_light_package
exim_service
ensure_resources
service_enable
service_ensure
acl_not_smtp
Data type: Optional[String]
Name of acl used for local generated mail. (sendmail)
acl_smtp_connect
Data type: Optional[String]
Name of acl used on smtp connect Type: string
acl_smtp_auth
Data type: Optional[String]
Name of acl used for auth checking Type: string
acl_smtp_data
Data type: Optional[String]
Name of acl used for data checking (runs after SMTP "." command) Type: string
acl_smtp_predata
Data type: Optional[String]
Name of acl used for checking after DATA command (runs after SMTP "DATA" but before actual data) Type: string
acl_smtp_mail
Data type: Optional[String]
Name of acl used for mail checking (runs after SMTP "MAIL FROM:" command) Type: string
acl_smtp_mime
Data type: Optional[String]
Name of acl used for maime checking Type: string
acl_smtp_rcpt
Data type: Optional[String]
Name of acl used for rcpt checking. (runs after SMTP "RCPT TO:" command) Type: string
allow_mx_to_ip
Data type: Optional[Boolean]
Using an ip instead of an fqdn in DNS MX records violates the RFC, this option allows sending mails to these domains anyways. Type: bool
auto_thaw
Data type: Optional[String]
Thaw frozen mails in our mailq after this time Type: string Example: "5d"
av_scanner
Data type: Optional[String]
Configure your av-scanner here Type: string Example: "clamd:/var/run/clamav/clamd.ctl"
callout_domain_positive_expire
Data type: Optional[String]
SMTP callouts are cached, this options sets the time after a successfull callout is deleted from the cache. Type: string Example: "4h"
check_spool_space
Data type: Optional[String]
Don't accept mails, if spool space falls below this watermark. Type: string Example: 1G
chunking_advertise_hosts
Data type: Optional[Array[String]]
advertise CHUNKING to these hosts Type: array Example: ['10.0.0.1', '192.168.178.1']
queue_smtp_domains
Data type: Optional[Array[String]]
no immediaste SMTP delivery for these domains Type: array Example: ['10.0.0.1', '192.168.178.1']
config_path
Data type: String
Path to exims config file, this can be used to create an alternate config file for testing purposes. Type: string Example: "/etc/exim4/exim4.conf_test"
daemon_smtp_ports
Data type: Optional[Array[Integer]]
SMTP ports to listen on Type: array of integers Example: [25,465,587]
tls_on_connect_ports
Data type: Optional[Array[Integer]]
Ports on which to enable TLs on connect Type: array of integers Example: [465]
defaults
Data type: Optional[Boolean]
Use a default configuration, this creates a simple default config, which accepts local mails and forwards it to mail. You probably want to set this to false, and build your own config. Type: bool Default: true
delay_warning
Data type: Optional[Array[String]]
Send a warning Mail to the sender, if mails are delayed for this long: Type: Array Example: ['4h','8h','24h']
deliver_queue_load_max
Data type: Optional[Integer]
Stop running the queue if load is higher than this value Type: integer
disable_ipv6
Data type: Optional[Boolean]
Do no IPv6 processing Type: bool
errors_reply_to
Data type: Optional[String]
This sets a mail-address to be used in the reply-to header of bounce-messages. Type: String Example: postmaster@example.com
extract_addresses_remove_arguments
Data type: Optional[Boolean]
When using exims -t option, rcpts from the Mail-Headers are used, and rcpts given on the command-line are substracted, setting this to false will add the rcpts instead of substracting them
freeze_tell
Data type: Optional[String]
If a mail gets frozen, send a notification to the address defined here.
gnutls_compat_mode
Data type: Optional[Boolean]
This controls if gnutls is used in compatiblity mode. Set this to true to slightly reduce security, but improve compatiblity with older TLS implementations. Type: bool
openssl_options
Data type: Optional[String]
Adjust OpenSSL compatibility options. Type: String
heavy
Data type: Optional[Boolean]
Install the debian heavy variant, default is false does nothing for redhat
helo_allow_chars
Data type: Optional[String]
Allow additional characters in remote HELO strings. Type: string
host_lookup
Data type: Optional[String]
Reverse lookup hostname of ips. Type: String Example: '*'
hosts_treat_as_local
Data type: Optional[Array[String]]
Treat these hosts, as if they where the local host. default is empty
ignore_bounce_errors_after
Data type: Optional[String]
Discard undeliverable bounce messages after this time Type String: Example: "12d"
includes
Data type: Optional[Array]
Include additional config file snippets, files defined here will be included at the top of the configuration, but below macros.
local_from_check
Data type: Optional[Boolean]
Check and correct From: header from local mails to username@qualify-domain
local_interfaces
Data type: Optional[Array[String]]
Specifies the interfaces exim will listen on.
log_file_path
Data type: Optional[Array[String]]
Type: string
log_lost_incoming_connection
Data type: Optional[Boolean]
Configures the log_selector to log timeouting incomming connections
log_retry_defer
Data type: Optional[Boolean]
Configures the log_selector to log if the queue runner skips a mail because it's retry time is not yet reached.
log_sender_on_delivery
Data type: Optional[Boolean]
add sender to => lines
log_skip_delivery
Data type: Optional[Boolean]
delivery skipped in a queue run
log_smtp_confirmation
Data type: Optional[Boolean]
SMTP confirmation on => lines
log_smtp_connection
Data type: Optional[Boolean]
Log SMTP connections.
log_smtp_protocol_error
Data type: Optional[Boolean]
Log SMTP protocol errors.
log_smtp_syntax_error
Data type: Optional[Boolean]
Log SMTP syntax errors.
log_tls_peerdn
Data type: Optional[Boolean]
TLS peer DN on <= and => lines
log_mail_subject
Data type: Optional[Boolean]
Log mail subjects.
log_8bitmime
Data type: Optional[Boolean]
received 8BITMIME status
log_acl_warn_skipped
Data type: Optional[Boolean]
skipped warn statement in ACL
log_address_rewrite
Data type: Optional[Boolean]
address rewriting
log_all_parents
Data type: Optional[Boolean]
all parents in => lines
log_arguments
Data type: Optional[Boolean]
command line arguments
log_connection_reject
Data type: Optional[Boolean]
connection rejections
log_delay_delivery
Data type: Optional[Boolean]
immediate delivery delayed
log_deliver_time
Data type: Optional[Boolean]
time taken to perform delivery
log_delivery_size
Data type: Optional[Boolean]
add S=nnn to => lines
log_dnslist_defer
Data type: Optional[Boolean]
defers of DNS list (aka RBL) lookups
log_dnssec
Data type: Optional[Boolean]
DNSSEC secured lookups
log_etrn
Data type: Optional[Boolean]
ETRN commands
log_host_lookup_failed
Data type: Optional[Boolean]
Log failed host lookup
log_ident_timeout
Data type: Optional[Boolean]
timeout for ident connection
log_incoming_interface
Data type: Optional[Boolean]
local interface on <= and => lines
log_incoming_port
Data type: Optional[Boolean]
remote port on <= lines
log_millisec
Data type: Optional[Boolean]
millisecond timestamps and QT,DT,D times
log_outgoing_interface
Data type: Optional[Boolean]
local interface on => lines
log_outgoing_port
Data type: Optional[Boolean]
add remote port to => lines
log_queue_run
Data type: Optional[Boolean]
start and end queue runs
log_queue_time
Data type: Optional[Boolean]
time on queue for one recipient
log_queue_time_overall
Data type: Optional[Boolean]
time on queue for whole message
log_pid
Data type: Optional[Boolean]
Exim process id
log_proxy
Data type: Optional[Boolean]
proxy address on <= and => lines
log_received_recipients
Data type: Optional[Boolean]
recipients on <= lines
log_received_sender
Data type: Optional[Boolean]
sender on <= lines
log_rejected_header
Data type: Optional[Boolean]
header contents on reject log
log_return_path_on_delivery
Data type: Optional[Boolean]
put return path on => and ** lines
log_sender_verify_fail
Data type: Optional[Boolean]
sender verification failures
log_size_reject
Data type: Optional[Boolean]
rejection because too big
log_smtp_incomplete_transaction
Data type: Optional[Boolean]
incomplete SMTP transactions
log_smtp_mailauth
Data type: Optional[Boolean]
AUTH argument to MAIL commands
log_smtp_no_mail
Data type: Optional[Boolean]
session with no MAIL commands
log_tls_certificate_verified
Data type: Optional[Boolean]
certificate verification status
log_tls_cipher
Data type: Optional[Boolean]
TLS cipher suite on <= and => lines
log_tls_sni
Data type: Optional[Boolean]
TLS SNI on <= lines
log_unknown_in_list
Data type: Optional[Boolean]
DNS lookup failed in list match
log_timezone
Data type: Optional[Boolean]
Timezone
log_file_path
File path
macros
Data type: Optional[Hash]
Allows you to set Macro definitions, note that macros must start with an uppercase letter
manage_service
Data type: Boolean
Manage exim Service
message_logs
Data type: Optional[Boolean]
This stores an aditional log file with each message in the spool file which enables you to instantly get all logs from a message in your queue by using the exim -Mvl option.
message_size_limit
Data type: Optional[String]
Max size allowed for mails, default is empty Example: 100M
mysql_servers
Data type: Optional[Array[String]]
MySQL servers to connect to Type: array
never_users
Data type: Optional[Array[String]]
Do not run deliverys as these users Type: array
qualify_domain
Data type: Optional[String]
configure the domain, which is automatically added to email addresses without a domain part. Default is empty, which exim treats as the primary hostname.
queue_only_load
Data type: Optional[Integer]
Do not run imediate deliveries if load is above this threshhold. Type: integer
queue_run_max
Data type: Optional[Integer]
Limits the number of queue runners to run in parrallel. Type: integer
remote_max_parallel
Data type: Optional[Integer]
If one message with multiple recipients is delivered, run at max these deliveries in parallel.
rfc1413_hosts
Data type: Optional[String]
use identd callback on these hosts. Type: array
rfc1413_query_timeout
Data type: Optional[String]
Timeout for identd callback
smtp_accept_max
Data type: Optional[Integer]
Limit on incomming connections Type: integer
smtp_accept_max_nonmail
Data type: Optional[Integer]
Limit the amount of non-mail commands in smtp dialog Type: integer
smtp_accept_max_per_connection
Data type: Optional[Integer]
Maximum number of Mails accepted in a single connection.
smtp_accept_max_per_host
Data type: Optional[Integer]
Maximum number of parrallel connections from a single host
smtp_accept_queue
Data type: Optional[Integer]
If the number of simultaneous incoming SMTP connections being handled via the listening daemon exceeds this value, messages received by SMTP are just placed on the queue.
smtp_accept_queue_per_connection
Data type: Optional[Integer]
Maximum number of delivery processes spawned for a single smtp connection
smtp_accept_reserve
Data type: Optional[Integer]
When smtp_accept_max is set greater than zero, this option specifies a number of SMTP connections that are reserved for connections from the hosts that are specified in smtp_reserve_hosts.
smtp_banner
Data type: Optional[String]
Initial response to SMTP connections.
received_header_text
Data type: Optional[String]
Override Received header added to each message.
smtp_receive_timeout
Data type: Optional[String]
Timeout for SMTP activity.
smtp_reserve_hosts
Data type: Optional[Array[String]]
See "smtp_accept_reserve"
smtp_return_error_details
Data type: Optional[Boolean]
Return more detailed SMTP error messages.
spamd_address
Data type: Optional[String]
Configure a spamd socket here.
split_spool_directory
Data type: Optional[Boolean]
Use split spool configuration Type: bool
syslog_timestamp
Data type: Optional[Boolean]
Don't send timestamps to syslog.
system_filter
Data type: Optional[String]
Configure a system filter file here.
timeout_frozen_after
Data type: Optional[String]
Discard frozen mails after this amount of time.
tls_advertise_hosts
Data type: Optional[Array[String]]
Advertise tls to hosts in this list
tls_certificate
Data type: Optional[String]
Path to crt file, must be used together with tls_privatekey, default is empty (no tls)
tls_privatekey
Data type: Optional[String]
Path to key file, must be used together with tls_certificate, default is empty (no tls)
trusted_users
Data type: Optional[Array[String]]
Set, to configure exims global config variable trusted_users, default is empty ('').
print_topbitchars
Data type: Optional[Boolean]
If this option ist set to true code values of 128 and above are also considered to be printing characters
untrusted_set_sender
Data type: Optional[Boolean]
This option allows you to permit untrusted users to set other envelope sender addresses in a controlled way.
tls_require_ciphers
Data type: Optional[String]
This option controls which ciphers can be used for incoming TLS connections.
ldap_default_servers
Data type: Optional[Array[String]]
Array of LDAP servers (fqdn)
exim_heavy_package
Data type: Optional[String]
Name of the Debian exim-heavy package
exim_light_package
Data type: Optional[String]
Name of the Debian exim-light package
exim_service
Data type: Optional[String]
Name of the service
ensure_resources
Data type: Optional[Boolean]
service_enable
Data type: Optional[Boolean]
service_ensure
Data type: Optional
Defined types
exim::acl
This define creates a new acl
Parameters
The following parameters are available in the exim::acl
defined type:
acl_id
Data type: Any
Id of this acl, this is needed for acl statements to reference this acl.
Default value: undef
statements
Data type: Any
Default value: undef
exim::acl::statement
This define creates one acl statement in exims configuration
Parameters
The following parameters are available in the exim::acl::statement
defined type:
acl_id
Data type: Integer
Id of parent acl this statement correspondes to. The acl-statement is part of the acl with id "acl_id".
order
Data type: Integer
Position of this statement in the acl (acl_id).
action
Data type: String
The outcome of given acl statement (e.g.: accept)
conditions
Data type: Optional[Array]
Conditions to "action" Example: [ ['hosts', ['192.168.1.2','192.168.1.3']], ['domains', ['+domainlist']], ],
Default value: undef
disable
Data type: Optional[Boolean]
This option can be used to ignore this acl statement even if other options are set. This is usefull if statements are created via hiera_hash with deep_merge, and you want to completly disable a statement defined in a lower hierachy.
Default value: false
exim::addresslist
This define can be used to create addresslists, which can be referenced later
Parameters
The following parameters are available in the exim::addresslist
defined type:
addresses
Data type: Array[String]
Array containing a list of hosts
exim::authenticator
This module configures a single authenticator in exims configuration
Parameters
The following parameters are available in the exim::authenticator
defined type:
client_name
client_secret
client_send
driver
public_name
server_secret
server_condition
server_advertise_condition
server_debug_print
server_set_id
server_prompts
client_name
Data type: Optional[String]
This string is expanded, and the result used as the user name data when computing the response to the server’s challenge.
Default value: undef
client_secret
Data type: Optional[String]
This option must be set for the authenticator to work as a client. Its value is expanded and the result used as the secret string when computing the response.
Default value: undef
client_send
Data type: Optional[String]
Array of authentication data strings. The first string is send with the AUTH command. The remaining ones are send in response to prompts from the server. Circumflex characters ('^') are converted to binary zero bytes ('\0') by Exim.
Default value: undef
driver
Data type: String
driver to use for the authenticator
public_name
Data type: String
How to anounce the authenticator to the outside (PLAIN/LOGIN)
server_secret
Data type: Optional[String]
For use with cram_md5, server_secret is expanded to obtain the password for that user.
Default value: undef
server_condition
Data type: Optional[String]
The authentication check
Default value: undef
server_advertise_condition
Data type: Optional[String]
The condition under which to advertise this authenticator
Default value: undef
server_debug_print
Data type: Optional[String]
Debug print when authentication debugging is enabled
Default value: undef
server_set_id
Data type: Optional[String]
Set the $authenticated_id variable for later use
Default value: undef
server_prompts
Data type: Optional[String]
Promt used in the smtp session to ask for data (User: Password:)
Default value: undef
exim::domainlist
This define can be used to create domainlists, which can be referenced later
Parameters
The following parameters are available in the exim::domainlist
defined type:
domains
Data type: Array[String]
Array containing a list of domains
path
Data type: Optional[String]
If path is set, domains are listed in a file located in this path, the main config will recieve a reference to this file. If path is not set, domains are written directly into the config file instead.
Default value: undef
exim::hostlist
This define can be used to create hostlists, which can be referenced later
Parameters
The following parameters are available in the exim::hostlist
defined type:
hosts
Data type: Array[String]
Array containing a list of hosts
exim::retry
This define is used to build retry rules
Parameters
The following parameters are available in the exim::retry
defined type:
order
Data type: Optional[Integer]
Determines the order, in which retry statements are evaluated
Default value: 1
error
Data type: Optional[String]
Determines on which errors the rule should apply
Default value: '*'
retries
Data type: Optional[Array]
Timing information for retries Type: array of arrays
Default value: [['F','4h','5m'],['G','16h','1h','1.5'],['F','4d','6h']]
domain
Data type: Optional[String]
Default value: $title
exim::rewrite
This define is used to build rewrite rules
Parameters
The following parameters are available in the exim::rewrite
defined type:
order
Data type: Integer
Determines the order, in which retry statements are evaluated
Default value: 1
pattern
Data type: String
Matches those addresses that are to be rewriten by rule
replacement
Data type: String
the replacement string for matching pattern
flags
Data type: Array[Enum['E','F','T','b','c','f','h','r','s','t','Q','q','R','w','S']]
The flags are single characters which indicates the address location to which the rule applies and how the rewriting takes place
exim::router
This module configures a single router in exims configuration
Parameters
The following parameters are available in the exim::router
defined type:
disable
order
address_data
caseful_local_part
retry_use_local_part
comment
driver
allow_defer
allow_fail
allow_filter
condition
data
debug_print
domains
file_transport
file
headers_add
headers_remove
host_find_failed
ignore_target_hosts
local_parts
local_part_prefix
local_part_suffix
local_part_prefix_optional
local_part_suffix_optional
no_address_test
no_more
no_verify
pipe_transport
reply_transport
qualify_preserve_domain
route_data
route_list
same_domain_copy_routing
self
senders
transport
unseen
user
errors_to
cannot_route_message
require_files
disable
Data type: Optional[Boolean]
If set to true, this router is excluded from the configuration.
Default value: false
order
Data type: Optional[Integer]
Order of routers is important, set it here
Default value: 0
address_data
Data type: Optional[String]
Set the address_data variable
Default value: undef
caseful_local_part
Data type: Optional[Boolean]
Sets the caseful_local_part option.
Default value: undef
retry_use_local_part
Data type: Optional[Boolean]
Sets the retry_use_local_part option.
Default value: undef
comment
Data type: Optional[Array[String]]
Comment a router, this will be placed as a comment just above the router.
Default value: undef
driver
Data type: String
Sets the type of router.
allow_defer
Data type: Optional[Boolean]
If set to true, the router can defer messages if needed.
Default value: false
allow_fail
Data type: Optional[Boolean]
If set to true, the router can fail messages if needed.
Default value: false
allow_filter
Data type: Optional[Boolean]
If set to true, filters can be used.
Default value: false
condition
Data type: Optional[String]
(Advanced) Conditions when this router should be used
Default value: undef
data
Data type: Optional[String]
Data source for the rewrite router
Default value: undef
debug_print
Data type: Optional[String]
Used to print debug information
Default value: undef
domains
Data type: Optional[Array[String]]
Domains for which this router should be used.
Default value: undef
file_transport
Data type: Optional[String]
Set the file_transport, used if the outcome of the router points to a file
Default value: undef
file
Data type: Optional[String]
Set the file that contains the filter rules.
Default value: undef
headers_add
Data type: Optional[Array[String]]
Add these Headers to a message
Default value: undef
headers_remove
Data type: Optional[Array[String]]
Remove these Headers to a message
Default value: undef
host_find_failed
Data type: Optional[String]
Relevant to the manualroute router, it determines what shoud happen if the used host can't be resolved to an IP address.
Default value: undef
ignore_target_hosts
Data type: Optional[Array[String]]
remove this host from hostlists gererated by this router
Default value: undef
local_parts
Data type: Optional[Array[String]]
The router is run only if the local part of the address matches the list.
Default value: undef
local_part_prefix
Data type: Optional[String]
Define a prefix, present on localparts
Default value: undef
local_part_suffix
Data type: Optional[String]
Define a suffix, present on localparts
Default value: undef
local_part_prefix_optional
Data type: Optional[Boolean]
Is the prefix optional?
Default value: false
local_part_suffix_optional
Data type: Optional[Boolean]
Is the suffix optional?
Default value: false
no_address_test
Data type: Optional[Boolean]
Skip this router in address testing mode (exim -bt)
Default value: false
no_more
Data type: Optional[Boolean]
If conditions are met for this router, but the router can't process this mail, the address fails instead of handeld down to the next router.
Default value: false
no_verify
Data type: Optional[Boolean]
Skip this router when verifying addresses.
Default value: false
pipe_transport
Data type: Optional[String]
Set the pipe_transport, used if the outcome of the router points to a pipe
Default value: undef
reply_transport
Data type: Optional[String]
Set the reply_transport, used if the outcome of the router points to mail or vacation
Default value: undef
qualify_preserve_domain
Data type: Optional[Boolean]
For redirect routers If an unqualified address (one without a domain) is generated, it is qualified with the domain of the parent address.
Default value: false
route_data
Data type: Optional[String]
If this option is set, it must expand to yield the data part of a routing rule.
Default value: undef
route_list
Data type: Optional[String]
Target server used by manualroute router.
Default value: undef
same_domain_copy_routing
Data type: Optional[Boolean]
This option copys routing information to all mails targeting the same domain.
Default value: undef
self
Data type: Optional[String]
The self option specifies what happens when the first host on the list turns out to be the local host. See official documentation for more details.
Default value: undef
senders
Data type: Optional[Array[String]]
If this option is set, the router is skipped unless the message’s sender address matches something on the list.
Default value: undef
transport
Data type: Optional[String]
Which transport should be used to send mails.
Default value: undef
unseen
Data type: Optional[Boolean]
When this option is set true, routing does not cease if the router accepts the address.
Default value: false
user
Data type: Optional[String]
When a router queues an address for a transport, and the transport does not specify a user, the user given here is used when running the delivery process.
Default value: undef
errors_to
Data type: Optional[String]
override the destination of a generated bounce message
Default value: undef
cannot_route_message
Data type: Optional[String]
specify a text message which is used when an address can not be routed because of no more routers to try. Default message is "Unroutable address"
Default value: undef
require_files
Data type: Optional[Array[String]]
dont run this router if specified files does not exist
Default value: undef
exim::transport
This module configures a single transport in exims configuration
- TODO The transport class is a catch all and provides options for different transports. This is not optimal. I suggest refactoring into several subclasses with specific options and validating THIS class' type maybe Volunteers, step up!
Parameters
The following parameters are available in the exim::transport
defined type:
allow_localhost
comment
driver
protocol
quota
quota_warn_threshold
quota_warn_message
quota_is_inclusive
maildir_use_size_file
connect_timeout
connection_max_messages
exim_environment
fallback_hosts
from
helo_data
headers_remove
headers_add
hosts
hosts_require_auth
hosts_require_tls
hosts_try_auth
path
port
return_fail_output
return_output
timeout
timeout_defer
tls_dh_min_bits
tls_verify_certificates
interface
dkim_domain
dkim_selector
dkim_private_key
dkim_canon
dkim_strict
once
once_repeat
once_file_size
headers
return_message
debug_print
delivery_date_add
envelope_to_add
freeze_exec_fail
initgroups
log_output
maildir_format
rcpt_include_affixes
return_path_add
temp_errors
batch_max
command
directory
directory_mode
file
group
home_directory
maildir_tag
message_prefix
message_suffix
message_size_limit
mode
socket
subject
text
to
transport_filter
user
serialize_hosts
allow_localhost
Data type: Boolean
Allow connections to localhost
Default value: false
comment
Data type: Optional[Array[String]]
Comment a router, this will be placed as a comment just above the router
Default value: undef
driver
Data type: String[1]
Type of transport
Default value: undef
protocol
Data type: Optional[String[1]]
Protocol of transport
Default value: undef
quota
Data type: Optional[String[1]]
Quota
Default value: undef
quota_warn_threshold
Data type: Optional[String[1]]
Quota warning threshold
Default value: undef
quota_warn_message
Data type: Optional[String[1]]
Quota warning message
Default value: undef
quota_is_inclusive
Data type: Boolean
Whether quota is inclusive
Default value: true
maildir_use_size_file
Data type: Boolean
Use maildir size file for quota
Default value: false
connect_timeout
Data type: Optional[String[1]]
Timeout when connecting to remote Servers
Default value: undef
connection_max_messages
Data type: Optional[Integer]
Set the maximum number of messages that can be transfered in a single connection
Default value: undef
exim_environment
Data type: Optional[Tuple]
This option is used to add additional variables to the environment in which the command runs
Default value: undef
fallback_hosts
Data type: Optional[Array[String]]
If Exim is unable to deliver to any of the hosts for a particular address, and the errors are not permanent rejections, the address is put on a separate transport queue with its host list replaced by the fallback hosts
Default value: undef
from
Data type: Optional[String[1]]
sets the from address
Default value: undef
helo_data
Data type: Optional[String[1]]
sets the helo name exim uses when connecting to a remote server
Default value: undef
headers_remove
Data type: Optional[Array[String]]
list of headers to remove
Default value: undef
headers_add
Data type: Optional[Array[String]]
list of headers to add
Default value: undef
hosts
Data type: Optional[Array[String]]
The hosts option specifies a list of hosts to be used if the address being processed does not have any hosts associated with it. The hosts specified by hosts are also used, whether or not the address has its own hosts, if hosts_override is set
Default value: undef
hosts_require_auth
Data type: Optional[Array[String]]
Specifies a list of servers for which authentication must succeed before Exim will try to transfer a message. If authentication fails for one of these servers, delivery is deferred
Default value: undef
hosts_require_tls
Data type: Optional[Array[String]]
List of hosts requiring tls, messages are only sent if tls can be established
Default value: undef
hosts_try_auth
Data type: Optional[Array[String]]
The host_try_auth option provides a list of hosts to which, provided they announce authentication support, Exim will attempt to authenticate as a client when it connects
Default value: undef
path
Data type: Optional[String[1]]
This option specifies the string that is set up in the PATH environment variable of the subprocess
Default value: undef
port
Data type: Optional[Integer]
The port exim connects to on the remote server
Default value: undef
return_fail_output
Data type: Boolean
If set to true, the command output is returned in the bounce message in case of failure
Default value: false
return_output
Data type: Boolean
If this option is true, and the command produced any output, the delivery is deemed to have failed whatever the return code from the command, and the output is returned in the bounce message
Default value: false
timeout
Data type: Optional[String[1]]
If the command fails to complete within this time, it is killed
Default value: undef
timeout_defer
Data type: Boolean
Set this to true for timeouts to become temporary errors, causing the delivery to be deferred
Default value: false
tls_dh_min_bits
Data type: Optional[Integer]
set the minimum acceptable number of bits in the Diffie-Hellman prime offered by a server, default is 1024
Default value: undef
tls_verify_certificates
Data type: Optional[String[1]]
Give a path to certificates agains which connections are verified
Default value: undef
interface
Data type: Optional[String[1]]
sets the outgoing ip for smtp transports
Default value: undef
dkim_domain
Data type: Optional[Array[String]]
The domain(s) you want to sign with
Default value: undef
dkim_selector
Data type: Optional[String[1]]
This sets the key selector string
Default value: undef
dkim_private_key
Data type: Optional[String[1]]
This sets the private key to use. You can use the $dkim_domain and $dkim_selector expansion variables to determine the private key to use The result can either
- be a valid RSA private key in ASCII armor, including line breaks
- start with a slash, in which case it is treated as a file that contains the private key
- be "0", "false" or the empty string, in which case the message will not be signed. This case will not result in an error, even if dkim_strict is set
Default value: undef
dkim_canon
Data type: Optional[String[1]]
This option sets the canonicalization method used when signing a message The DKIM RFC currently supports two methods: "simple" and "relaxed" Note: the current implementation only supports using the same canonicalization method for both headers and body
Default value: undef
dkim_strict
Data type: Optional[Integer]
This option defines how Exim behaves when signing a message that should be signed fails for some reason When the expansion evaluates to either "1" or "true", Exim will defer Otherwise Exim will send the message unsigned You can use the $dkim_domain and $dkim_selector expansion variables here
Default value: undef
once
Data type: Optional[String[1]]
Use:autoreply;Type:string;Default:unset; This option names a file or DBM database in which a record of each To: recipient is kept when the message is specified by the transport
Default value: undef
once_repeat
Data type: Optional[String[1]]
Use:autoreply;Type:time;Default:0s; specifies a maximum time between repeats
Default value: undef
once_file_size
Data type: Optional[String[1]]
Use:autoreply;Type:integer;Default:0; If once_file_size is zero, a DBM database is used to remember recipients, and it is allowed to grow as large as necessary. If once_file_size is set greater than zero, it changes the way Exim implements the once option. Instead of using a DBM file to record every recipient it sends to, it uses a regular file, whose size will never get larger than the given value
Default value: undef
headers
Data type: Optional[String[1]]
Use:autoreply;Type:string;Default:unset; This specifies additional RFC 2822 headers that are to be added to the message when the message is specified by the transport. Several can be given by using “\n” to separate them There is no check on the format
Default value: undef
return_message
Data type: Optional[String[1]]
Use:autoreply;Type:boolean;Default:false; If this is set, a copy of the original message is returned with the new message, subject to the maximum size set in the return_size_limit global configuration option
Default value: undef
debug_print
Data type: Optional[String[1]]
Used to print debug information
Default value: undef
delivery_date_add
Data type: Boolean
If this option is true, a Delivery-date: header is added to the message This gives the actual time the delivery was made. As this is not a standard header, Exim has a configuration option (delivery_date_remove) which requests its removal from incoming messages, so that delivered messages can safely be resent to other recipients
Default value: false
envelope_to_add
Data type: Boolean
If this option is true, an Envelope-to: header is added to the message This gives the original address(es) in the incoming envelope that caused this delivery to happen. More than one address may be present if batch or bsmtp is set on transports that support them, or if more than one original address was aliased or forwarded to the same final address. As this is not a standard header, Exim has a configuration option (envelope_to_remove) which requests its removal from incoming messages, so that delivered messages can safely be resent to other recipients
Default value: false
freeze_exec_fail
Data type: Boolean
Failure to exec the command in a pipe transport is by default treated like any other failure while running the command. However, if freeze_exec_fail is set, failure to exec is treated specially, and causes the message to be frozen, whatever the setting of ignore_status
Default value: false
initgroups
Data type: Boolean
If this option is true and the uid for the delivery process is provided by the transport, the initgroups() function is called when running the transport to ensure that any additional groups associated with the uid are set up
Default value: false
log_output
Data type: Boolean
This limits the number of addresses that can be handled in a single delivery. See the description of local delivery batching in chapter 25
Default value: false
maildir_format
Data type: Boolean
If this option is set with the directory option, the delivery is into a new file, in the “maildir” format that is used by other mail software
Default value: false
rcpt_include_affixes
Data type: Boolean
When this option is false (the default), and an address that has had any affixes (prefixes or suffixes) removed from the local part is delivered by any form of SMTP or LMTP, the affixes are not included
Default value: false
return_path_add
Data type: Boolean
If this option is true, a Return-path: header is added to the message Although the return path is normally available in the prefix line of BSD mailboxes, this is commonly not displayed by MUAs, and so the user does not have easy access to it
Default value: false
temp_errors
Data type: Optional[Array[String]]
This option contains either a colon-separated list of numbers, or a single asterisk
Default value: undef
batch_max
Data type: Optional[Integer]
This limits the number of addresses that can be handled in a single delivery. See the description of local delivery batching in chapter 25
Default value: undef
command
Data type: Optional[String[1]]
This option need not be set when pipe is being used to deliver to pipes obtained from address expansions
Default value: undef
directory
Data type: Optional[String[1]]
When directory is set, the string is expanded, and the message is delivered into a new file or files in or below the given directory, instead of being appended to a single mailbox file
Default value: undef
directory_mode
Data type: Optional[String[1]]
If appendfile creates any directories as a result of the create_directory option, their mode is specified by this option
Default value: undef
file
Data type: Optional[String[1]]
The file option specifies a single file, to which the message is appended
Default value: undef
group
Data type: Optional[String[1]]
This option specifies a gid for running the transport process
Default value: undef
home_directory
Data type: Optional[String[1]]
This option specifies a home directory setting for a local transport
Default value: undef
maildir_tag
Data type: Optional[String[1]]
This option applies only to deliveries in maildir format, and is described in section 26.5 below
Default value: undef
message_prefix
Data type: Optional[String[1]]
The string specified here is expanded and output at the start of every message
Default value: undef
message_suffix
Data type: Optional[String[1]]
The string specified here is expanded and output at the end of every message
Default value: undef
message_size_limit
Data type: Optional[String[1]]
The string specified here is expanded and determines the maximum size of the message
Default value: undef
mode
Data type: Optional[String[1]]
If the output file is created, it is given this mode
Default value: undef
socket
Data type: Optional[String[1]]
This option must be set if command is not set. The result of expansion must be the name of a Unix domain socket
Default value: undef
subject
Data type: Optional[String[1]]
This specifies the contents of the Subject: header when the message is specified by the transport
Default value: undef
text
Data type: Optional[String[1]]
This specifies a single string to be used as the body of the message when the message is specified by the transport. If both text and file are set, the text comes first
Default value: undef
to
Data type: Optional[String[1]]
This specifies recipients of the message and the contents of the To: header when the message is specified by the transport
Default value: undef
transport_filter
Data type: Optional[String[1]]
This option sets up a filtering (in the Unix shell sense) process for messages at transport time. It should not be confused with mail filtering as set up by individual users or via a system filter
Default value: undef
user
Data type: Optional[String[1]]
This option specifies the user under whose uid the delivery process is to be run
Default value: undef
serialize_hosts
Data type: Optional[Array[String]]
Default value: undef
Change log
All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
v1.1.5 (2021-09-22)
v1.1.4 (2021-09-22)
v1.1.2 (2021-07-19)
v1.1.1 (2020-09-22)
Added
Fixed
- ISSUE-51: Put require_files array in correct formatting #52 (mleiner)
- ISSUE-49: Get rid of FacterDB facter version incompats #50 (mleiner)
v1.1.0 (2020-08-28)
Added
v1.0.1 (2020-07-27)
Added
v0.3.2 (2020-06-04)
v1.0.0 (2020-06-04)
Added
Fixed
v0.3.1 (2020-06-04)
v0.3.0 (2020-05-18)
Added
- Update metadata #34 (mleiner)
- Implement client_name and client_secret #33 (mleiner)
- add rewrite rules #31 (moritzfriedrich)
- add option disable_ipv6 #27 (dmitrybayanov)
- Support server_secret for authenticators #23 (lorenzbausch)
- Support openssl_options #22 (lorenzbausch)
Fixed
v0.2.9 (2019-08-06)
Added
- add options: require_files, protocol #30 (kroeckelein)
v0.2.8 (2018-07-18)
Added
- add new options cannot_route_message, tls_require_ciphers #21 (kroeckelein)
- Support log_timezone configuration parameter #20 (lorenzbausch)
v0.2.7 (2018-04-18)
Added
- added new options #19 (kroeckelein)
v0.2.6 (2018-03-14)
Added
- Add router option #18 (kroeckelein)
v0.2.5 (2018-03-13)
Added
- Autoreplay options #17 (kroeckelein)
v0.2.4 (2018-02-27)
Added
- Log selectors #16 (kroeckelein)
- Log selectors #15 (kroeckelein)
v0.2.2 (2018-02-12)
Added
- Dkim #14 (jvetter83)
- added support for log_selector subject, added support for from in transports, added support for chunking_advertise_hosts #13 (jvetter83)
- Add client support for authenticators #8 (mark0n)
- Add support for auth to transport.pp #7 (mark0n)
- minor update #3 (derJD)
- inherit all variables from init to config class #2 (moritzfriedrich)
Fixed
- Fix service restart on redhat based systems #11 (kasimon)
- Fixed Problem with Default Setting #10 (Syphdias)
- Update hostlist.pp #6 (kasimon)
- Update domainlist.pp #5 (kasimon)
- Fix puppet and exim syntax errors in README examples #4 (ssm)
- remove double content #1 (moritzfriedrich)
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/stdlib (>= 3.0.0 < 8.2.0)
- puppetlabs/concat (>= 3.0.0 < 7.2.0)
GNU LESSER GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. 0. Additional Definitions. As used herein, "this License" refers to version 3 of the GNU Lesser General Public License, and the "GNU GPL" refers to version 3 of the GNU General Public License. "The Library" refers to a covered work governed by this License, other than an Application or a Combined Work as defined below. An "Application" is any work that makes use of an interface provided by the Library, but which is not otherwise based on the Library. Defining a subclass of a class defined by the Library is deemed a mode of using an interface provided by the Library. A "Combined Work" is a work produced by combining or linking an Application with the Library. The particular version of the Library with which the Combined Work was made is also called the "Linked Version". The "Minimal Corresponding Source" for a Combined Work means the Corresponding Source for the Combined Work, excluding any source code for portions of the Combined Work that, considered in isolation, are based on the Application, and not on the Linked Version. The "Corresponding Application Code" for a Combined Work means the object code and/or source code for the Application, including any data and utility programs needed for reproducing the Combined Work from the Application, but excluding the System Libraries of the Combined Work. 1. Exception to Section 3 of the GNU GPL. You may convey a covered work under sections 3 and 4 of this License without being bound by section 3 of the GNU GPL. 2. Conveying Modified Versions. If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version: a) under this License, provided that you make a good faith effort to ensure that, in the event an Application does not supply the function or data, the facility still operates, and performs whatever part of its purpose remains meaningful, or b) under the GNU GPL, with none of the additional permissions of this License applicable to that copy. 3. Object Code Incorporating Material from Library Header Files. The object code form of an Application may incorporate material from a header file that is part of the Library. You may convey such object code under terms of your choice, provided that, if the incorporated material is not limited to numerical parameters, data structure layouts and accessors, or small macros, inline functions and templates (ten or fewer lines in length), you do both of the following: a) Give prominent notice with each copy of the object code that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the object code with a copy of the GNU GPL and this license document. 4. Combined Works. You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the Combined Work with a copy of the GNU GPL and this license document. c) For a Combined Work that displays copyright notices during execution, include the copyright notice for the Library among these notices, as well as a reference directing the user to the copies of the GNU GPL and this license document. d) Do one of the following: 0) Convey the Minimal Corresponding Source under the terms of this License, and the Corresponding Application Code in a form suitable for, and under terms that permit, the user to recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work, in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source. 1) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (a) uses at run time a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked Version. e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the GNU GPL, and only to the extent that such information is necessary to install and execute a modified version of the Combined Work produced by recombining or relinking the Application with a modified version of the Linked Version. (If you use option 4d0, the Installation Information must accompany the Minimal Corresponding Source and Corresponding Application Code. If you use option 4d1, you must provide the Installation Information in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.) 5. Combined Libraries. You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities, conveyed under the terms of this License. b) Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 6. Revised Versions of the GNU Lesser General Public License. The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library as you received it specifies that a certain numbered version of the GNU Lesser General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that published version or of any later version published by the Free Software Foundation. If the Library as you received it does not specify a version number of the GNU Lesser General Public License, you may choose any version of the GNU Lesser General Public License ever published by the Free Software Foundation. If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library.