From 2caad1713e1dd64a7f4db9a27984b4762a0694b5 Mon Sep 17 00:00:00 2001
From: Johannes Löthberg <johannes@kyriasis.com>
Date: Mon, 7 Mar 2016 07:48:17 +0100
Subject: smtpd.conf: Do a masquerade on senders table
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Only lets people send using their proper addresses.

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
---
 common/senders                  |  4 ++++
 lucifer.kyriasis.com/smtpd.conf |  9 +++++----
 theos.kyriasis.com/smtpd.conf   | 13 +++++++------
 3 files changed, 16 insertions(+), 10 deletions(-)
 create mode 100644 common/senders

diff --git a/common/senders b/common/senders
new file mode 100644
index 0000000..79fe0ac
--- /dev/null
+++ b/common/senders
@@ -0,0 +1,4 @@
+sysbunny: @lucifer.kyriasis.com,sysbunny@kyriasis.com,erik@kyriasis.com
+grawity: grawity@theos.kyriasis.com,grawity@kyriasis.com
+halosghost: halosghost@theos.kyriasis.com,halosghost@kyriasis.com
+kyrias: @theos.kyriasis.com,@kyriasis.com
diff --git a/lucifer.kyriasis.com/smtpd.conf b/lucifer.kyriasis.com/smtpd.conf
index 0f0efc7..2db7f99 100644
--- a/lucifer.kyriasis.com/smtpd.conf
+++ b/lucifer.kyriasis.com/smtpd.conf
@@ -12,19 +12,20 @@ pki lucifer.kyriasis.com key "/etc/smtpd/certs/lucifer.kyriasis.com.key"
 
 # If you edit the file, you have to run "smtpctl update table users"
 table users file:/etc/smtpd/users
+table sendertable file:/etc/smtpd/senders
 
 
 ##
 # Listen directives
 #
 
-listen on eth0 port 25  tls         pki lucifer.kyriasis.com auth-optional
-listen on eth0 port 587 tls-require pki lucifer.kyriasis.com auth
-listen on eth0 port 465 smtps       pki lucifer.kyriasis.com auth
+listen on enp0s4 port 25  tls         pki lucifer.kyriasis.com auth-optional senders <sendertable> masquerade
+listen on enp0s4 port 587 tls-require pki lucifer.kyriasis.com auth          senders <sendertable> masquerade
+listen on enp0s4 port 465 smtps       pki lucifer.kyriasis.com auth          senders <sendertable> masquerade
 
 listen on lo port 10029 tag DKIM-OUT
 
-listen on localhost
+listen on localhost senders <sendertable> masquerade
 
 
 ##
diff --git a/theos.kyriasis.com/smtpd.conf b/theos.kyriasis.com/smtpd.conf
index 03f1de5..7ef11dc 100644
--- a/theos.kyriasis.com/smtpd.conf
+++ b/theos.kyriasis.com/smtpd.conf
@@ -12,23 +12,24 @@ pki theos.kyriasis.com key "/etc/ssl/kyriasis-wosign/private.key"
 
 # If you edit the file, you have to run "smtpctl update table users"
 table users file:/etc/smtpd/users
+table sendertable file:/etc/smtpd/senders
 
 
 ##
 # Listen directives
 #
 
-listen on eth0 port 25  tls         pki theos.kyriasis.com auth-optional
-listen on eth0 port 587 tls-require pki theos.kyriasis.com auth
-listen on eth0 port 465 smtps       pki theos.kyriasis.com auth
+listen on ens4 port 25  tls         pki theos.kyriasis.com auth-optional senders <sendertable> masquerade
+listen on ens4 port 587 tls-require pki theos.kyriasis.com auth          senders <sendertable> masquerade
+listen on ens4 port 465 smtps       pki theos.kyriasis.com auth          senders <sendertable> masquerade
 
-listen on tun0 port 25  tls         pki theos.kyriasis.com auth-optional
-listen on tun0 port 587 tls-require pki theos.kyriasis.com auth
+listen on cjdns port 25  tls         pki theos.kyriasis.com auth-optional senders <sendertable> masquerade
+listen on cjdns port 587 tls-require pki theos.kyriasis.com auth          senders <sendertable> masquerade
 
 listen on lo port 10026 tag DKIM-IN
 listen on lo port 10029 tag DKIM-OUT
 
-listen on localhost
+listen on localhost senders <sendertable> masquerade
 
 
 ##
-- 
cgit v1.2.3-54-g00ecf