From 889b5aa42538e863bba9487aa834c226127ddc9e Mon Sep 17 00:00:00 2001
From: Julien Palard <julien@palard.fr>
Date: Tue, 17 Jan 2023 10:04:19 +0100
Subject: [PATCH] Send emails using IPv4 due to Gandi not prividing whole /64.

SpamHaus expect the IPv6 /64 to be owned by the same entity.

This is not the case for Gandi VPS that are provided with a single
IPv6.

Gandi is working on it, they want to provide /64 to organisations, but
it's not ready yet.

In the meantime we're blocked by spamhaus since a few days on both the
/64 used by git.afpy.org and the /64 used by discuss.afpy.org.

So as a trash fix I propose sending emails using IPv4.
---
 discuss.yml                                  | 1 +
 gitea.yml                                    | 1 +
 roles/exim4/defaults/main.yml                | 2 +-
 roles/exim4/tasks/configure.yml              | 2 +-
 roles/exim4/templates/exim4.conf.localmacros | 5 ++++-
 5 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/discuss.yml b/discuss.yml
index 967dd0c..a69a420 100644
--- a/discuss.yml
+++ b/discuss.yml
@@ -3,6 +3,7 @@
 - hosts: webservers
   vars:
     discourse_domain: discuss.afpy.org
+    exim4_sendonly_remote_smtp_interface: '46.226.104.155'  # See: https://discuss.afpy.org/t/git-afpy-org-sur-la-bl-de-spamhaus/1191/2
     discourse_admins:
       - julien@palard.fr
       - marc@debureaux.fr
diff --git a/gitea.yml b/gitea.yml
index a49e50a..f45b224 100644
--- a/gitea.yml
+++ b/gitea.yml
@@ -3,6 +3,7 @@
 - hosts: gitea
   vars:
     gitea_version: "1.17.4"  # To upgrade, read the README file first.
+    exim4_sendonly_remote_smtp_interface: '46.226.104.208'  # See: https://discuss.afpy.org/t/git-afpy-org-sur-la-bl-de-spamhaus/1191/2
     gitea_internal_token: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           65396439373538656633396363313333663233343661643739633135306131613434353335353634
diff --git a/roles/exim4/defaults/main.yml b/roles/exim4/defaults/main.yml
index 61a8d77..879acf0 100644
--- a/roles/exim4/defaults/main.yml
+++ b/roles/exim4/defaults/main.yml
@@ -5,7 +5,7 @@ exim4_sendonly_enable_tls: true
 exim4_sendonly_smarthost: ''
 exim4_sendonly_username: ''
 exim4_sendonly_password: ''
-
+exim4_sendonly_remote_smtp_interface: ''
 exim4_sendonly_email_addresses: []
 #  root: 'your@email.com'
 
diff --git a/roles/exim4/tasks/configure.yml b/roles/exim4/tasks/configure.yml
index 449645e..efd47e9 100644
--- a/roles/exim4/tasks/configure.yml
+++ b/roles/exim4/tasks/configure.yml
@@ -34,7 +34,7 @@
     src: 'passwd.client'
     dest: '/etc/exim4/passwd.client'
 
-- name: Enable TLS
+- name: Define local macros
   notify: restart exim4
   template:
     src: 'exim4.conf.localmacros'
diff --git a/roles/exim4/templates/exim4.conf.localmacros b/roles/exim4/templates/exim4.conf.localmacros
index 45836d7..6d45d66 100755
--- a/roles/exim4/templates/exim4.conf.localmacros
+++ b/roles/exim4/templates/exim4.conf.localmacros
@@ -1 +1,4 @@
-MAIN_TLS_ENABLE = 1
\ No newline at end of file
+MAIN_TLS_ENABLE = 1
+{% if exim4_sendonly_remote_smtp_interface != '' %}
+REMOTE_SMTP_INTERFACE='{{ exim4_sendonly_remote_smtp_interface }}'
+{% endif %}