Fix problems related to postfix running ldap maps in chroot.

roles/mail/tasks/main.yml

@@ -86,6 +86,12 @@
   - postfix/virtual-alias
   notify: Run postmap
 
+- name: Ensure postfix chroot has an LDAP CA directory
+  file: path=/var/spool/postfix/etc/ldap/ssl/ state=directory
+
+- name: Ensure postfix chroot has the LDAP CA available
+  copy: remote_src=yes src=/etc/ldap/ssl/BKCA.crt dest=/var/spool/postfix/etc/ldap/ssl/BKCA.crt
+
 - name: Ensure postfix certificates are available
   command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/postfix/ssl/{{ mail_server }}.key -out /etc/postfix/ssl/{{ mail_server }}.crt -days 730 -subj "/CN={{ mail_server }}" creates=/etc/postfix/ssl/{{ mail_server }}.crt
   notify: Restart postfix

roles/mail/templates/postfix/main.cf.j2

@@ -12,6 +12,7 @@ append_dot_mydomain = no
 readme_directory = no
 
 inet_interfaces = all
+inet_protocols = ipv4
 
 message_size_limit = 50000000
 recipient_delimiter = +
@@ -34,6 +35,8 @@ smtpd_tls_cert_file=/etc/postfix/ssl/{{ mail_server }}.crt
 smtpd_tls_key_file=/etc/postfix/ssl/{{ mail_server }}.key
 smtpd_tls_CAfile=/etc/acme/lets-encrypt-x3-cross-signed.pem
 smtpd_use_tls=yes
+smtpd_tls_security_level = may
+smtpd_tls_auth_only = yes
 
 smtpd_tls_ciphers = medium