Restrict MTA-STS to the MX domains
authorTom Hughes <tom@compton.nu>
Tue, 28 Jan 2020 18:56:21 +0000 (18:56 +0000)
committerTom Hughes <tom@compton.nu>
Tue, 28 Jan 2020 18:56:21 +0000 (18:56 +0000)
cookbooks/exim/recipes/default.rb

index 8489bc2d15fcd5f0a5d7139f346e09954cf46ce3..9aebb3d9f6e7bcef7a7386bed33f4559aa5af7c3 100644 (file)
@@ -77,7 +77,7 @@ if node[:exim][:smarthost_name]
     relay_from_hosts |= host.ipaddresses(:role => :external)
   end
 
-  domains = node[:exim][:local_domains].reject { |d| ["localhost", "@", "noreply.openstreetmap.org"].any?(d) }
+  domains = node[:exim][:certificate_names].select { |c| c =~ /^a\.mx\./ }.collect { |c| c.sub(/^a\.mx./, "") }
   primary_domain = domains.first
 
   directory "/srv/mta-sts.#{primary_domain}" do