diff options
author | Lars Wirzenius <liw@liw.fi> | 2017-03-18 16:07:13 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2017-03-18 16:07:13 +0200 |
commit | 369fc2e57989a493ecd66e13331bcaaa41a9c0b2 (patch) | |
tree | 5ffafcb05f262052133cd39fe9b3fcbe35b61f34 /ansible/roles/mail-server | |
parent | 4bab4dad6c4410fc6f53f16d8239621ae6e57e1b (diff) | |
download | ansibleness-369fc2e57989a493ecd66e13331bcaaa41a9c0b2.tar.gz |
Tweak Postfix TLS config
Based on http://www.postfix.org/TLS_README.html#built-in. A quick read
from logs after running tests indicates TLS now works.
Diffstat (limited to 'ansible/roles/mail-server')
-rw-r--r-- | ansible/roles/mail-server/templates/postfix.main.cf.j2 | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ansible/roles/mail-server/templates/postfix.main.cf.j2 b/ansible/roles/mail-server/templates/postfix.main.cf.j2 index ba5c09f..936e4c9 100644 --- a/ansible/roles/mail-server/templates/postfix.main.cf.j2 +++ b/ansible/roles/mail-server/templates/postfix.main.cf.j2 @@ -17,8 +17,12 @@ home_mailbox = Maildir/ # Configure TLS. We use the snakeoild self-signed certificate Debian # creates automatically. MTAs don't generally care, this is just for # opportunistic crypto use, but we don't rely on it. -smtpd_use_tls = yes +smtpd_tls_security_level = may +smtpd_tls_loglevel = 1 smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache + +smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache +smtp_tls_loglevel = 1 |