smtpd.conf: Do a masquerade on senders table

Only lets people send using their proper addresses.

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>

3 files changed, 16 insertions, 10 deletions

diff --git a/common/senders b/common/senders
new file mode 100644
index 0000000..79fe0ac
--- /dev/null
+++ b/common/senders
@@ -0,0 +1,4 @@
+sysbunny: @lucifer.kyriasis.com,sysbunny@kyriasis.com,erik@kyriasis.com
+grawity: grawity@theos.kyriasis.com,grawity@kyriasis.com
+halosghost: halosghost@theos.kyriasis.com,halosghost@kyriasis.com
+kyrias: @theos.kyriasis.com,@kyriasis.com
diff --git a/lucifer.kyriasis.com/smtpd.conf b/lucifer.kyriasis.com/smtpd.conf
index 0f0efc7..2db7f99 100644
--- a/lucifer.kyriasis.com/smtpd.conf
+++ b/lucifer.kyriasis.com/smtpd.conf
@@ -12,19 +12,20 @@ pki lucifer.kyriasis.com key "/etc/smtpd/certs/lucifer.kyriasis.com.key"
 
 # If you edit the file, you have to run "smtpctl update table users"
 table users file:/etc/smtpd/users
+table sendertable file:/etc/smtpd/senders
 
 
 ##
 # Listen directives
 #
 
-listen on eth0 port 25  tls         pki lucifer.kyriasis.com auth-optional
-listen on eth0 port 587 tls-require pki lucifer.kyriasis.com auth
-listen on eth0 port 465 smtps       pki lucifer.kyriasis.com auth
+listen on enp0s4 port 25  tls         pki lucifer.kyriasis.com auth-optional senders <sendertable> masquerade
+listen on enp0s4 port 587 tls-require pki lucifer.kyriasis.com auth          senders <sendertable> masquerade
+listen on enp0s4 port 465 smtps       pki lucifer.kyriasis.com auth          senders <sendertable> masquerade
 
 listen on lo port 10029 tag DKIM-OUT
 
-listen on localhost
+listen on localhost senders <sendertable> masquerade
 
 
 ##
diff --git a/theos.kyriasis.com/smtpd.conf b/theos.kyriasis.com/smtpd.conf
index 03f1de5..7ef11dc 100644
--- a/theos.kyriasis.com/smtpd.conf
+++ b/theos.kyriasis.com/smtpd.conf
@@ -12,23 +12,24 @@ pki theos.kyriasis.com key "/etc/ssl/kyriasis-wosign/private.key"
 
 # If you edit the file, you have to run "smtpctl update table users"
 table users file:/etc/smtpd/users
+table sendertable file:/etc/smtpd/senders
 
 
 ##
 # Listen directives
 #
 
-listen on eth0 port 25  tls         pki theos.kyriasis.com auth-optional
-listen on eth0 port 587 tls-require pki theos.kyriasis.com auth
-listen on eth0 port 465 smtps       pki theos.kyriasis.com auth
+listen on ens4 port 25  tls         pki theos.kyriasis.com auth-optional senders <sendertable> masquerade
+listen on ens4 port 587 tls-require pki theos.kyriasis.com auth          senders <sendertable> masquerade
+listen on ens4 port 465 smtps       pki theos.kyriasis.com auth          senders <sendertable> masquerade
 
-listen on tun0 port 25  tls         pki theos.kyriasis.com auth-optional
-listen on tun0 port 587 tls-require pki theos.kyriasis.com auth
+listen on cjdns port 25  tls         pki theos.kyriasis.com auth-optional senders <sendertable> masquerade
+listen on cjdns port 587 tls-require pki theos.kyriasis.com auth          senders <sendertable> masquerade
 
 listen on lo port 10026 tag DKIM-IN
 listen on lo port 10029 tag DKIM-OUT
 
-listen on localhost
+listen on localhost senders <sendertable> masquerade
 
 
 ##