From: Tom Hughes Date: Wed, 1 Nov 2023 09:02:35 +0000 (+0000) Subject: Allow domain level blocks on email senders X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/2a9c33428c35514b1c6482482a42cd946865e480 Allow domain level blocks on email senders --- diff --git a/cookbooks/exim/recipes/default.rb b/cookbooks/exim/recipes/default.rb index 71309e609..ced5a9196 100644 --- a/cookbooks/exim/recipes/default.rb +++ b/cookbooks/exim/recipes/default.rb @@ -126,6 +126,12 @@ file "/etc/exim4/blocked-senders" do mode "644" end +file "/etc/exim4/blocked-sender-domains" do + owner "root" + group "Debian-exim" + mode "644" +end + if node[:exim][:dkim_selectors] keys = data_bag_item("exim", "dkim") diff --git a/cookbooks/exim/templates/default/exim4.conf.erb b/cookbooks/exim/templates/default/exim4.conf.erb index 0830aa141..6babb839a 100644 --- a/cookbooks/exim/templates/default/exim4.conf.erb +++ b/cookbooks/exim/templates/default/exim4.conf.erb @@ -446,6 +446,10 @@ acl_check_rcpt: message = Rejected because $sender_address is blacklisted\nQueries to postmaster@$qualify_domain !hosts = +relay_from_hosts + deny sender_domains= partial-lsearch;/etc/exim4/blocked-sender-domains + message = Rejected because $sender_address is blacklisted\nQueries to postmaster@$qualify_domain + !hosts = +relay_from_hosts + # Accept mail to postmaster in any local domain, regardless of the source, # and without verifying the sender.