From 2319827c79c0d10aed03e214d2511e739367d2fb Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Wed, 6 Apr 2016 22:40:38 +0200 Subject: [PATCH] Fix problems related to postfix running ldap maps in chroot. --- roles/mail/tasks/main.yml | 6 ++++++ roles/mail/templates/postfix/main.cf.j2 | 3 +++ 2 files changed, 9 insertions(+) diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index f6593b2..5c256ff 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -86,6 +86,12 @@ - postfix/virtual-alias notify: Run postmap +- name: Ensure postfix chroot has an LDAP CA directory + file: path=/var/spool/postfix/etc/ldap/ssl/ state=directory + +- name: Ensure postfix chroot has the LDAP CA available + copy: remote_src=yes src=/etc/ldap/ssl/BKCA.crt dest=/var/spool/postfix/etc/ldap/ssl/BKCA.crt + - name: Ensure postfix certificates are available command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/postfix/ssl/{{ mail_server }}.key -out /etc/postfix/ssl/{{ mail_server }}.crt -days 730 -subj "/CN={{ mail_server }}" creates=/etc/postfix/ssl/{{ mail_server }}.crt notify: Restart postfix diff --git a/roles/mail/templates/postfix/main.cf.j2 b/roles/mail/templates/postfix/main.cf.j2 index ec6060c..0cad6cc 100644 --- a/roles/mail/templates/postfix/main.cf.j2 +++ b/roles/mail/templates/postfix/main.cf.j2 @@ -12,6 +12,7 @@ append_dot_mydomain = no readme_directory = no inet_interfaces = all +inet_protocols = ipv4 message_size_limit = 50000000 recipient_delimiter = + @@ -34,6 +35,8 @@ smtpd_tls_cert_file=/etc/postfix/ssl/{{ mail_server }}.crt smtpd_tls_key_file=/etc/postfix/ssl/{{ mail_server }}.key smtpd_tls_CAfile=/etc/acme/lets-encrypt-x3-cross-signed.pem smtpd_use_tls=yes +smtpd_tls_security_level = may +smtpd_tls_auth_only = yes smtpd_tls_ciphers = medium