Restrict MTA-STS to the MX domains

[chef.git] / cookbooks / exim / recipes / default.rb

diff --git a/cookbooks/exim/recipes/default.rb b/cookbooks/exim/recipes/default.rb
index 8489bc2d15fcd5f0a5d7139f346e09954cf46ce3..9aebb3d9f6e7bcef7a7386bed33f4559aa5af7c3 100644 (file)
--- a/cookbooks/exim/recipes/default.rb
+++ b/cookbooks/exim/recipes/default.rb
@@ -77,7 +77,7 @@ if node[:exim][:smarthost_name]
     relay_from_hosts |= host.ipaddresses(:role => :external)
   end
 
     relay_from_hosts |= host.ipaddresses(:role => :external)
   end
 

-  domains = node[:exim][:local_domains].reject { |d| ["localhost", "@", "noreply.openstreetmap.org"].any?(d) }
+  domains = node[:exim][:certificate_names].select { |c| c =~ /^a\.mx\./ }.collect { |c| c.sub(/^a\.mx./, "") }

   primary_domain = domains.first
 
   directory "/srv/mta-sts.#{primary_domain}" do
   primary_domain = domains.first
 
   directory "/srv/mta-sts.#{primary_domain}" do