Fix problems related to postfix running ldap maps in chroot.

2016-04-06 22:40:38 +02:00 · 2016-04-06 22:40:38 +02:00 · 2319827c79
commit 2319827c79
parent 88bf7e2f09
2 changed files with 9 additions and 0 deletions
--- a/roles/mail/tasks/main.yml
+++ b/roles/mail/tasks/main.yml
@ -86,6 +86,12 @@
  - postfix/virtual-alias
  notify: Run postmap

+- name: Ensure postfix chroot has an LDAP CA directory
+  file: path=/var/spool/postfix/etc/ldap/ssl/ state=directory
+
+- name: Ensure postfix chroot has the LDAP CA available
+  copy: remote_src=yes src=/etc/ldap/ssl/BKCA.crt dest=/var/spool/postfix/etc/ldap/ssl/BKCA.crt
+
 - name: Ensure postfix certificates are available
  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/postfix/ssl/{{ mail_server }}.key -out /etc/postfix/ssl/{{ mail_server }}.crt -days 730 -subj "/CN={{ mail_server }}" creates=/etc/postfix/ssl/{{ mail_server }}.crt
  notify: Restart postfix
--- a/roles/mail/templates/postfix/main.cf.j2
+++ b/roles/mail/templates/postfix/main.cf.j2
@ -12,6 +12,7 @@ append_dot_mydomain = no
 readme_directory = no

 inet_interfaces = all
+inet_protocols = ipv4

 message_size_limit = 50000000
 recipient_delimiter = +
@ -34,6 +35,8 @@ smtpd_tls_cert_file=/etc/postfix/ssl/{{ mail_server }}.crt
 smtpd_tls_key_file=/etc/postfix/ssl/{{ mail_server }}.key
 smtpd_tls_CAfile=/etc/acme/lets-encrypt-x3-cross-signed.pem
 smtpd_use_tls=yes
+smtpd_tls_security_level = may
+smtpd_tls_auth_only = yes

 smtpd_tls_ciphers = medium