From d714e8e49a163fbc3413f4be52d00ef94736c70b Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Thu, 16 Apr 2020 14:11:53 +0200
Subject: [PATCH] Fixes #615. Aggiungere la configurazione esplicita della CA
 alla configurazione di postfix.

---
 library/roles/postfix/templates/main.cf.j2   | 3 +++
 library/roles/postfix/templates/master.cf.j2 | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/library/roles/postfix/templates/main.cf.j2 b/library/roles/postfix/templates/main.cf.j2
index 270199e..279d21d 100644
--- a/library/roles/postfix/templates/main.cf.j2
+++ b/library/roles/postfix/templates/main.cf.j2
@@ -755,14 +755,17 @@ readme_directory = no
 # TLS parameters
 {% if letsencrypt_acme_install is defined %}
 {% if postfix_use_letsencrypt %}
+smtpd_tls_CAfile={{ letsencrypt_acme_certs_dir }}/fullchain
 smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/fullchain
 smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey
 {% else %}
+smtpd_tls_CAfile=/etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 {% endif %}
 {% endif %}
 {% if letsencrypt_acme_install is not defined %}
+smtpd_tls_CAfile=/etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 {% endif %}
diff --git a/library/roles/postfix/templates/master.cf.j2 b/library/roles/postfix/templates/master.cf.j2
index 303253d..2fc6f16 100644
--- a/library/roles/postfix/templates/master.cf.j2
+++ b/library/roles/postfix/templates/master.cf.j2
@@ -20,6 +20,7 @@ submission inet n       -       n       -       -       smtpd
   -o syslog_name=postfix/submission
   -o smtpd_tls_security_level={{ postfix_smtpd_tls_security_level }}
 {% if postfix_use_letsencrypt %}
+  -o smtpd_tls_CAfile={{ letsencrypt_acme_certs_dir }}/fullchain
   -o smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/cert
   -o smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey
 {% endif %}
@@ -37,6 +38,7 @@ smtps     inet  n       -       n       -       -       smtpd
   -o syslog_name=postfix/smtps
   -o smtpd_tls_wrappermode=yes
 {% if postfix_use_letsencrypt %}
+  -o smtpd_tls_CAfile={{ letsencrypt_acme_certs_dir }}/fullchain
   -o smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/cert
   -o smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey
 {% endif %}