From bfb1d93569dc728cf17d29f5f0c4d3f252d8d0ba Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 28 Jan 2020 18:56:21 +0000
Subject: [PATCH 1/1] Restrict MTA-STS to the MX domains

---
 cookbooks/exim/recipes/default.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cookbooks/exim/recipes/default.rb b/cookbooks/exim/recipes/default.rb
index 8489bc2d1..9aebb3d9f 100644
--- a/cookbooks/exim/recipes/default.rb
+++ b/cookbooks/exim/recipes/default.rb
@@ -77,7 +77,7 @@ if node[:exim][:smarthost_name]
     relay_from_hosts |= host.ipaddresses(:role => :external)
   end
 
-  domains = node[:exim][:local_domains].reject { |d| ["localhost", "@", "noreply.openstreetmap.org"].any?(d) }
+  domains = node[:exim][:certificate_names].select { |c| c =~ /^a\.mx\./ }.collect { |c| c.sub(/^a\.mx./, "") }
   primary_domain = domains.first
 
   directory "/srv/mta-sts.#{primary_domain}" do
-- 
2.43.2