debfranca
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

The TLS level is now a paremeter everywhere.

This commit is contained in:
Andrea Dell'Amico 2019-12-18 15:46:23 +01:00
parent 05e4cb9478
commit f6dcee2182
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
library/roles/postfix/defaults/main.yml
View File

@ -27,7 +27,7 @@ postfix_tls_dhparam_file: /etc/postfix/dhparam.pem
# Accepted values: none, may, encrypt
postfix_smtpd_tls_security_level: encrypt
# Accepted values: none, may, encrypt, fingerprint, verify, secure. And from 2.11: dane, dane-only
postfix_smtp_tls_security_level: encrypt
postfix_smtp_tls_security_level: may
postfix_use_sasl_auth: True
postfix_smtp_sasl_auth_enable: "yes"
postfix_smtp_create_relay_user: True

2
library/roles/postfix/templates/master.cf.j2
View File

@ -16,7 +16,7 @@ smtp inet n - n - - smtpd
{% if postfix_smtpd_server %}
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_security_level={{ postfix_smtpd_tls_security_level }}
{% if postfix_use_letsencrypt %}
-o smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/cert
-o smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey