Tweak Postfix TLS config

Based on http://www.postfix.org/TLS_README.html#built-in. A quick read from logs after running tests indicates TLS now works.
author: Lars Wirzenius <liw@liw.fi> 2017-03-18 16:07:13 +0200
committer: Lars Wirzenius <liw@liw.fi> 2017-03-18 16:07:13 +0200
commit: 369fc2e57989a493ecd66e13331bcaaa41a9c0b2 (patch)
tree: 5ffafcb05f262052133cd39fe9b3fcbe35b61f34 /ansible/roles/mail-server
parent: 4bab4dad6c4410fc6f53f16d8239621ae6e57e1b (diff)
download: ansibleness-369fc2e57989a493ecd66e13331bcaaa41a9c0b2.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/ansible/roles/mail-server/templates/postfix.main.cf.j2 b/ansible/roles/mail-server/templates/postfix.main.cf.j2
index ba5c09f..936e4c9 100644
--- a/ansible/roles/mail-server/templates/postfix.main.cf.j2
+++ b/ansible/roles/mail-server/templates/postfix.main.cf.j2
@@ -17,8 +17,12 @@ home_mailbox = Maildir/
 # Configure TLS. We use the snakeoild self-signed certificate Debian
 # creates automatically. MTAs don't generally care, this is just for
 # opportunistic crypto use, but we don't rely on it.
-smtpd_use_tls = yes
+smtpd_tls_security_level = may
+smtpd_tls_loglevel = 1
 smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+
+smtp_tls_security_level = may
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtp_tls_loglevel = 1
author	Lars Wirzenius <liw@liw.fi>	2017-03-18 16:07:13 +0200
committer	Lars Wirzenius <liw@liw.fi>	2017-03-18 16:07:13 +0200
commit	369fc2e57989a493ecd66e13331bcaaa41a9c0b2 (patch)
tree	5ffafcb05f262052133cd39fe9b3fcbe35b61f34 /ansible/roles/mail-server
parent	4bab4dad6c4410fc6f53f16d8239621ae6e57e1b (diff)
download	ansibleness-369fc2e57989a493ecd66e13331bcaaa41a9c0b2.tar.gz