Only allow mail from jenkins from zuul

If someone copies the production Zuul configuration, they may end
up sending emails as jenkins@o.o.  Configure our hosts to only
accept email with an envelope sender or From header of jenkins@.o.o
if the connecting host is zuul.openstack.org (or localhost, to handle
the case of exim running on zuul.o.o itself).

Change-Id: Ic92bb39659689347fea1744ee8c1b47ef21858b0

modules/exim/templates/exim4.conf.erb

@@ -457,6 +457,13 @@ acl_check_rcpt:
           control       = submission
           control       = dkim_disable_verify
 
+  # In case people cargo-cult our Zuul configuration, only allow
+  # messages with an envelope sender of jenkins from OpenStack's Zuul.
+
+   deny    senders	= jenkins@openstack.org
+           !hosts       = zuul.openstack.org : 127.0.0.1
+           message      = Sender address not permitted from this host
+
   # Insist that any other recipient address that we accept is either in one of
   # our local domains, or is in a domain for which we explicitly allow
   # relaying. Any other domain is rejected as being unacceptable for relaying.
@@ -529,6 +536,14 @@ acl_check_data:
   #                      X-Spam_bar: $spam_bar\n\
   #                      X-Spam_report: $spam_report
 
+  # In case people cargo-cult our Zuul configuration, only allow
+  # messages with a From header of jenkins from OpenStack's Zuul.
+
+  deny    condition     = ${if eq{${address:$h_from:}}\
+                                  {jenkins@openstack.org}}
+          !hosts        = zuul.openstack.org : 127.0.0.1
+          message       = From address not permitted from this host
+
   # Accept the message.
 
   accept