Only allow external SMTP connections on the mail server

author Tom Hughes <tom@compton.nu>

Fri, 24 Oct 2014 16:48:39 +0000 (17:48 +0100)

committer Tom Hughes <tom@compton.nu>

Fri, 24 Oct 2014 16:56:23 +0000 (17:56 +0100)
author Tom Hughes <tom@compton.nu>
Fri, 24 Oct 2014 16:48:39 +0000 (17:48 +0100)
committer Tom Hughes <tom@compton.nu>
Fri, 24 Oct 2014 16:56:23 +0000 (17:56 +0100)
diff --git a/cookbooks/exim/recipes/default.rb b/cookbooks/exim/recipes/default.rb

index 1e333b42cc34ac39f72fe0989d78260fc381b8cd..b92bc31f43a924472a9f80c9ea3b0e3040a7769a 100644 (file)
--- a/cookbooks/exim/recipes/default.rb
+++ b/cookbooks/exim/recipes/default.rb
@@ -126,7 +126,7 @@ end
  munin_plugin "exim_mailqueue"
  munin_plugin "exim_mailstats"
  
-if not relay_to_domains.empty? or not node[:exim][:local_domains].empty?
+if node[:exim][:smarthost_name]
    node[:exim][:daemon_smtp_ports].each do |port|
      firewall_rule "accept-inbound-smtp-#{port}" do
        action :accept
@@ -137,6 +137,17 @@ if not relay_to_domains.empty? or not node[:exim][:local_domains].empty?
        source_ports "1024:"
      end
    end
+else
+  node[:exim][:daemon_smtp_ports].each do |port|
+    firewall_rule "accept-inbound-smtp-#{port}" do
+      action :accept
+      source "bm:mail.openstreetmap.org"
+      dest "fw"
+      proto "tcp:syn"
+      dest_ports port
+      source_ports "1024:"
+    end
+  end
  end
  
  if node[:exim][:smarthost_via]
author	Tom Hughes <tom@compton.nu>
	Fri, 24 Oct 2014 16:48:39 +0000 (17:48 +0100)
committer	Tom Hughes <tom@compton.nu>
	Fri, 24 Oct 2014 16:56:23 +0000 (17:56 +0100)