From 369fc2e57989a493ecd66e13331bcaaa41a9c0b2 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sat, 18 Mar 2017 16:07:13 +0200
Subject: Tweak Postfix TLS config

Based on http://www.postfix.org/TLS_README.html#built-in. A quick read
from logs after running tests indicates TLS now works.
---
 ansible/roles/mail-server/templates/postfix.main.cf.j2 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'ansible/roles/mail-server')

diff --git a/ansible/roles/mail-server/templates/postfix.main.cf.j2 b/ansible/roles/mail-server/templates/postfix.main.cf.j2
index ba5c09f..936e4c9 100644
--- a/ansible/roles/mail-server/templates/postfix.main.cf.j2
+++ b/ansible/roles/mail-server/templates/postfix.main.cf.j2
@@ -17,8 +17,12 @@ home_mailbox = Maildir/
 # Configure TLS. We use the snakeoild self-signed certificate Debian
 # creates automatically. MTAs don't generally care, this is just for
 # opportunistic crypto use, but we don't rely on it.
-smtpd_use_tls = yes
+smtpd_tls_security_level = may
+smtpd_tls_loglevel = 1
 smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+
+smtp_tls_security_level = may
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtp_tls_loglevel = 1
-- 
cgit v1.2.1