diff options
| author | Micah Anderson <micah@leap.se> | 2013-09-26 14:53:37 -0400 |
|---|---|---|
| committer | Micah Anderson <micah@leap.se> | 2013-09-26 14:53:37 -0400 |
| commit | a457f610aca8544b4c9e3a3f4ddcc4d00a05baf6 (patch) | |
| tree | 48848040cec32135cdfc26319f80f19ed3dc52ee | |
| parent | af6e944090a3b54ca605b1b6145fbb7c008fb093 (diff) | |
Add client-side TLS configuration (#3868)
Change-Id: I0b82930f6f6a453e57f1d57fd8b5df78d464e206
| -rw-r--r-- | puppet/modules/site_postfix/manifests/mx/tls.pp | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx/tls.pp b/puppet/modules/site_postfix/manifests/mx/tls.pp index 34df72bb..89b63ba1 100644 --- a/puppet/modules/site_postfix/manifests/mx/tls.pp +++ b/puppet/modules/site_postfix/manifests/mx/tls.pp @@ -17,3 +17,24 @@ class site_postfix::mx::tls { } } + # smtp TLS + postfix::config { + 'smtp_use_tls': value => 'yes'; + 'smtp_tls_CApath': value => '/etc/ssl/certs/'; + 'smtp_tls_CAfile': value => $ca_path; + 'smtp_tls_cert_file': value => $cert_path; + 'smtp_tls_key_file': value => $key_path; + 'smtp_tls_ask_ccert': value => 'yes'; + 'smtp_tls_loglevel': value => '1'; + 'smtp_tls_exclude_ciphers': + value => 'aNULL, MD5, DES'; + # upstream default is md5 (since 2.5 and older used it), we force sha1 + 'smtp_tls_fingerprint_digest': + value => 'sha1'; + 'smtp_tls_session_cache_database': + value => 'btree:${queue_directory}/smtp_cache'; + 'smtp_tls_security_level': + value => 'may'; + } + + |