Merge pull request 'Fixes #615. Aggiungere la configurazione esplicita della CA alla configurazione di postfix.' (#179) from adellam/ansible-roles:master into master

This commit is contained in:
Andrea Dell'Amico 2020-04-16 14:12:57 +02:00
commit acc6beed45
2 changed files with 5 additions and 0 deletions

View File

@ -755,14 +755,17 @@ readme_directory = no
# TLS parameters # TLS parameters
{% if letsencrypt_acme_install is defined %} {% if letsencrypt_acme_install is defined %}
{% if postfix_use_letsencrypt %} {% if postfix_use_letsencrypt %}
smtpd_tls_CAfile={{ letsencrypt_acme_certs_dir }}/fullchain
smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/fullchain smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/fullchain
smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey
{% else %} {% else %}
smtpd_tls_CAfile=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if letsencrypt_acme_install is not defined %} {% if letsencrypt_acme_install is not defined %}
smtpd_tls_CAfile=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
{% endif %} {% endif %}

View File

@ -20,6 +20,7 @@ submission inet n - n - - smtpd
-o syslog_name=postfix/submission -o syslog_name=postfix/submission
-o smtpd_tls_security_level={{ postfix_smtpd_tls_security_level }} -o smtpd_tls_security_level={{ postfix_smtpd_tls_security_level }}
{% if postfix_use_letsencrypt %} {% if postfix_use_letsencrypt %}
-o smtpd_tls_CAfile={{ letsencrypt_acme_certs_dir }}/fullchain
-o smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/cert -o smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/cert
-o smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey -o smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey
{% endif %} {% endif %}
@ -37,6 +38,7 @@ smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps -o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes -o smtpd_tls_wrappermode=yes
{% if postfix_use_letsencrypt %} {% if postfix_use_letsencrypt %}
-o smtpd_tls_CAfile={{ letsencrypt_acme_certs_dir }}/fullchain
-o smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/cert -o smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/cert
-o smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey -o smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey
{% endif %} {% endif %}