Only allow external SMTP connections on the mail server

[chef.git] / cookbooks / exim / recipes / default.rb

diff --git a/cookbooks/exim/recipes/default.rb b/cookbooks/exim/recipes/default.rb
index 1e333b42cc34ac39f72fe0989d78260fc381b8cd..b92bc31f43a924472a9f80c9ea3b0e3040a7769a 100644 (file)
--- a/cookbooks/exim/recipes/default.rb
+++ b/cookbooks/exim/recipes/default.rb
@@ -126,7 +126,7 @@ end
 munin_plugin "exim_mailqueue"
 munin_plugin "exim_mailstats"
 
-if not relay_to_domains.empty? or not node[:exim][:local_domains].empty?
+if node[:exim][:smarthost_name]
   node[:exim][:daemon_smtp_ports].each do |port|
     firewall_rule "accept-inbound-smtp-#{port}" do
       action :accept
@@ -137,6 +137,17 @@ if not relay_to_domains.empty? or not node[:exim][:local_domains].empty?
       source_ports "1024:"
     end
   end
+else
+  node[:exim][:daemon_smtp_ports].each do |port|
+    firewall_rule "accept-inbound-smtp-#{port}" do
+      action :accept
+      source "bm:mail.openstreetmap.org"
+      dest "fw"
+      proto "tcp:syn"
+      dest_ports port
+      source_ports "1024:"
+    end
+  end
 end
 
 if node[:exim][:smarthost_via]