summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2013-11-27 13:10:01 -0500
committerMicah Anderson <micah@leap.se>2013-11-27 13:10:01 -0500
commitfee571ccc4cd0cf8c665cf7446a0bb99c6dd30cf (patch)
tree22c7d1c519e6d409fcb6ea88c292ca069a8b418b
parent82544d7ce6c1952fe9d1043facd64c4737b5f4f3 (diff)
disable starttls over submission for client connections, we are using TLS wrapper mode on the smtps port 465 now (#4366)
enable the missing smtpd_helo_restrictions for smtps Change-Id: Iac497369d65c5ad8fd7e93e6fcabb830b855b4f6
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp5
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp4
2 files changed, 2 insertions, 7 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 474ed03d..59d3030d 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -55,10 +55,7 @@ class site_postfix::mx {
-o smtpd_tls_wrappermode=yes
-o smtpd_tls_security_level=encrypt
-o smtpd_recipient_restrictions=\$smtps_recipient_restrictions
-submission inet n - n - - smtpd
- -o smtpd_tls_security_level=encrypt
- -o smtpd_recipient_restrictions=\$submission_recipient_restrictions
- -o smtpd_helo_restrictions=\$submission_helo_restrictions",
+ -o smtpd_helo_restrictions=\$smtps_helo_restrictions",
require => [
Class['Site_config::X509::Key'],
Class['Site_config::X509::Cert'],
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
index 0f1500a4..0ec40277 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
@@ -22,9 +22,7 @@ class site_postfix::mx::smtpd_checks {
# we use permit_tls_clientcerts with the $relay_clientcerts lookup
'smtps_recipient_restrictions':
value => 'permit_tls_all_clientcerts, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit';
- 'submission_recipient_restrictions':
- value => 'permit_tls_all_clientcerts, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit';
- 'submission_helo_restrictions':
+ 'smtps_helo_restrictions':
value => 'permit_mynetworks, check_helo_access hash:$checks_dir/helo_checks, permit';
'smtpd_sender_restrictions':
value => 'permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit';