1
0
forked from infra/ansible

Fix problems related to postfix running ldap maps in chroot.

This commit is contained in:
Markus 2016-04-06 22:40:38 +02:00
parent 88bf7e2f09
commit 2319827c79
2 changed files with 9 additions and 0 deletions

View File

@ -86,6 +86,12 @@
- postfix/virtual-alias - postfix/virtual-alias
notify: Run postmap notify: Run postmap
- name: Ensure postfix chroot has an LDAP CA directory
file: path=/var/spool/postfix/etc/ldap/ssl/ state=directory
- name: Ensure postfix chroot has the LDAP CA available
copy: remote_src=yes src=/etc/ldap/ssl/BKCA.crt dest=/var/spool/postfix/etc/ldap/ssl/BKCA.crt
- name: Ensure postfix certificates are available - name: Ensure postfix certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/postfix/ssl/{{ mail_server }}.key -out /etc/postfix/ssl/{{ mail_server }}.crt -days 730 -subj "/CN={{ mail_server }}" creates=/etc/postfix/ssl/{{ mail_server }}.crt command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/postfix/ssl/{{ mail_server }}.key -out /etc/postfix/ssl/{{ mail_server }}.crt -days 730 -subj "/CN={{ mail_server }}" creates=/etc/postfix/ssl/{{ mail_server }}.crt
notify: Restart postfix notify: Restart postfix

View File

@ -12,6 +12,7 @@ append_dot_mydomain = no
readme_directory = no readme_directory = no
inet_interfaces = all inet_interfaces = all
inet_protocols = ipv4
message_size_limit = 50000000 message_size_limit = 50000000
recipient_delimiter = + recipient_delimiter = +
@ -34,6 +35,8 @@ smtpd_tls_cert_file=/etc/postfix/ssl/{{ mail_server }}.crt
smtpd_tls_key_file=/etc/postfix/ssl/{{ mail_server }}.key smtpd_tls_key_file=/etc/postfix/ssl/{{ mail_server }}.key
smtpd_tls_CAfile=/etc/acme/lets-encrypt-x3-cross-signed.pem smtpd_tls_CAfile=/etc/acme/lets-encrypt-x3-cross-signed.pem
smtpd_use_tls=yes smtpd_use_tls=yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_ciphers = medium smtpd_tls_ciphers = medium