If at least smtpd_tls_eccert_file or smtpd_tls_eckey_file
is defined in the main.cf we can't use ECDSA certificates for smtpd_tls_cert_file and smtpd_tls_key_file in the master.cf. Postfix then expects an RSA certificat as input and fails to load the certificate.
This commit is contained in:
parent
343995613b
commit
111a1c05ab
1 changed files with 16 additions and 0 deletions
|
@ -17,8 +17,16 @@ tlsproxy unix - - y - 0 tlsproxy
|
|||
smtps inet n - y - 100 smtpd
|
||||
-o syslog_name=postfix/smtps
|
||||
-o smtpd_tls_wrappermode=yes
|
||||
{% if postfix_submission_smtpd_tls_eccert_file is defined %}
|
||||
-o smtpd_tls_eccert_file={{ postfix_submission_smtpd_tls_eccert_file }}
|
||||
{% else %}
|
||||
-o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
|
||||
{% endif %}
|
||||
{% if postfix_submission_smtpd_tls_eckey_file is defined %}
|
||||
-o smtpd_tls_eckey_file={{ postfix_submission_smtpd_tls_eckey_file }}
|
||||
{% else %}
|
||||
-o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
|
||||
{% endif %}
|
||||
-o smtpd_tls_dh1024_param_file={{ dhparam_file }}
|
||||
-o smtpd_tls_mandatory_protocols=!TLSv1,!TLSv1.1
|
||||
-o smtpd_tls_protocols=!TLSv1,!TLSv1.1
|
||||
|
@ -32,8 +40,16 @@ smtps inet n - y - 100 smtpd
|
|||
submission inet n - y - - smtpd
|
||||
-o syslog_name=postfix/submission
|
||||
-o smtpd_tls_security_level=encrypt
|
||||
{% if postfix_submission_smtpd_tls_eccert_file is defined %}
|
||||
-o smtpd_tls_eccert_file={{ postfix_submission_smtpd_tls_eccert_file }}
|
||||
{% else %}
|
||||
-o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
|
||||
{% endif %}
|
||||
{% if postfix_submission_smtpd_tls_eckey_file is defined %}
|
||||
-o smtpd_tls_eckey_file={{ postfix_submission_smtpd_tls_eckey_file }}
|
||||
{% else %}
|
||||
-o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
|
||||
{% endif %}
|
||||
-o smtpd_tls_dh1024_param_file={{ dhparam_file }}
|
||||
-o smtpd_client_restrictions=$submission_bad_smtp_user_check,permit_sasl_authenticated,reject
|
||||
-o smtpd_sasl_auth_enable=yes
|
||||
|
|
Loading…
Reference in a new issue