config.m4: Don't deploy the Lets Encrypt certificate on submission.

diff --git a/config.m4 b/config.m4
index a9b30b891c27fbc1e8b1e0be5827883e1c7787e2..981f67205f4e360e2739685c72fef67f8f14855a 100644 (file)
--- a/config.m4
+++ b/config.m4
@@ -83,8 +83,9 @@ DEFCONF(relay_clients, <m4_dnl
 DEFCONF(certlist,
 <:m4_ifelse(t, m4_ifelse(MODE, hub, nil, MODE, srv, nil, t),
 <:CONF_sysconf_dir/server.certlist:>,
-<:CONF_sysconf_dir/${if match_ip{$sender_host_address}{+trusted} \
-       {server}{letsencrypt}}.certlist:>):>)
+<:CONF_sysconf_dir/${if ={$received_port}{CONF_submission_port}{server}\
+                       {${if match_ip{$sender_host_address}{+trusted} \
+                                     {server}{letsencrypt}}}}.certlist:>):>)
 
 ## TLS-related settings.  We're assuming GNUTLS here, rather than OpenSSL.
 ## For local connections we are very strict.  For random clients, we try