diff options
author | Micah <micah@leap.se> | 2015-12-08 14:17:11 -0500 |
---|---|---|
committer | Micah <micah@leap.se> | 2015-12-09 16:26:28 -0500 |
commit | 7d5b9461958cdb795990459cd0dad29a36e59fdd (patch) | |
tree | 16a9d5b14ca4e0595d9d2e023c99edad4f7780a9 /puppet/modules/site_postfix/manifests/mx.pp | |
parent | 40968b97e8a01957667d12fe627a1a194d57be77 (diff) |
Use client cert fingerprint lookup to determine if the user is allowed
to relay mail through us (#3634)
Change-Id: I46cf3ffbef4261839c376f4c36a50d9c44eb1374
Diffstat (limited to 'puppet/modules/site_postfix/manifests/mx.pp')
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 7ec60d49..75378480 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -51,6 +51,12 @@ class site_postfix::mx { value => 'static:42424'; 'smtpd_tls_received_header': value => 'yes'; + # the following is needed for matching user's client cert fingerprints to + # enable relaying (#3634) + 'smtpd_tls_fingerprint_digest': + value => 'sha1'; + 'relay_clientcerts': + value => 'tcp:localhost:2424'; # Note: we are setting this here, instead of in site_postfix::mx::smtp_tls # because the satellites need to have a different value 'smtp_tls_security_level': |