senselab/ansible-role-postfix
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Enable dual use of RSA and ECDSA certificates

Browse source 
for submission und smtp port
This commit is contained in:
phil 2024-06-27 18:52:09 +02:00
parent 111a1c05ab
commit 45c7bf0c50
1 changed files with 12 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
templates/postfix/master.cf.j2
View file

@ -17,15 +17,17 @@ tlsproxy unix - - y - 0 tlsproxy
smtps inet n - y - 100 smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
{% if postfix_smtpd_tls_cert_file is defined %}
-o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
{% endif %}
{% if postfix_smtpd_tls_key_file is defined %}
-o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
{% endif %}
{% if postfix_submission_smtpd_tls_eccert_file is defined %}
-o smtpd_tls_eccert_file={{ postfix_submission_smtpd_tls_eccert_file }}
{% else %}
-o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
{% endif %}
{% if postfix_submission_smtpd_tls_eckey_file is defined %}
-o smtpd_tls_eckey_file={{ postfix_submission_smtpd_tls_eckey_file }}
{% else %}
-o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
{% endif %}
-o smtpd_tls_dh1024_param_file={{ dhparam_file }}
-o smtpd_tls_mandatory_protocols=!TLSv1,!TLSv1.1
@ -40,15 +42,17 @@ smtps inet n - y - 100 smtpd
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
{% if postfix_smtpd_tls_cert_file is defined %}
-o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
{% endif %}
{% if postfix_smtpd_tls_key_file is defined %}
-o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
{% endif %}
{% if postfix_submission_smtpd_tls_eccert_file is defined %}
-o smtpd_tls_eccert_file={{ postfix_submission_smtpd_tls_eccert_file }}
{% else %}
-o smtpd_tls_cert_file={{ postfix_submission_smtpd_tls_cert_file }}
{% endif %}
{% if postfix_submission_smtpd_tls_eckey_file is defined %}
-o smtpd_tls_eckey_file={{ postfix_submission_smtpd_tls_eckey_file }}
{% else %}
-o smtpd_tls_key_file={{ postfix_submission_smtpd_tls_key_file }}
{% endif %}
-o smtpd_tls_dh1024_param_file={{ dhparam_file }}
-o smtpd_client_restrictions=$submission_bad_smtp_user_check,permit_sasl_authenticated,reject