From 6083a79b10b701c403660d2e8fc80e8f4e1d6654 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Tue, 6 Aug 2024 12:47:51 +0100
Subject: [PATCH] Allow customizing access-helo REJECTs

---
 roles/mail/defaults/main.yml                | 3 +++
 roles/mail/templates/postfix-in/access-helo | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/roles/mail/defaults/main.yml b/roles/mail/defaults/main.yml
index 1f526afd..b9c2b496 100644
--- a/roles/mail/defaults/main.yml
+++ b/roles/mail/defaults/main.yml
@@ -54,6 +54,9 @@ mail_blacklist_senders: []
 # Recipients that will be blacklisted
 mail_blacklist_recipients: []
 
+# HELO hosts to be blocked
+mail_blacklist_helo: []
+
 # Clean up TxRep entries older than this
 txrep_cleanup_days: 30
 
diff --git a/roles/mail/templates/postfix-in/access-helo b/roles/mail/templates/postfix-in/access-helo
index 4487e9c8..84fcf9cb 100644
--- a/roles/mail/templates/postfix-in/access-helo
+++ b/roles/mail/templates/postfix-in/access-helo
@@ -1,2 +1,5 @@
 # Cutwail botnet
 ylmf-pc REJECT
+{% for helo in mail_blacklist_helo %}
+{{ helo }} REJECT
+{% endfor %}
-- 
GitLab