diff options
author | Micah Anderson <micah@leap.se> | 2013-12-17 12:58:22 -0500 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2013-12-18 13:08:45 -0500 |
commit | 9531b13447ff204a00a138a137818054603fe1c9 (patch) | |
tree | 43e9e48603384ec4579c3537908c7ad0a59b063d /puppet/modules/site_postfix/manifests/mx | |
parent | 411b7ebb8bce00a81002d1abb9f7c488571ddb47 (diff) |
add a smtp_tls class and include that on both mx servers and satellites
Change-Id: I779ea60e6d726d042203fa0756d73b4af079d728
Diffstat (limited to 'puppet/modules/site_postfix/manifests/mx')
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx/smtp_tls.pp | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp new file mode 100644 index 00000000..4b9c2fd9 --- /dev/null +++ b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp @@ -0,0 +1,29 @@ +class site_postfix::mx::smtp_tls { + + include x509::variables + $ca_path = "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt" + $cert_path = "${x509::variables::certs}/${site_config::params::cert_name}.crt" + $key_path = "${x509::variables::keys}/${site_config::params::cert_name}.key" + + # smtp TLS + postfix::config { + 'smtp_use_tls': value => 'yes'; + 'smtp_tls_CApath': value => '/etc/ssl/certs/'; + 'smtp_tls_CAfile': value => $ca_path; + 'smtp_tls_cert_file': value => $cert_path; + 'smtp_tls_key_file': value => $key_path; + 'smtp_tls_loglevel': value => '1'; + 'smtp_tls_exclude_ciphers': + value => 'aNULL, MD5, DES'; + # upstream default is md5 (since 2.5 and older used it), we force sha1 + 'smtp_tls_fingerprint_digest': + value => 'sha1'; + 'smtp_tls_session_cache_database': + value => 'btree:${queue_directory}/smtp_cache'; + 'smtp_tls_security_level': + value => 'may'; + # see issue #4011 + 'smtp_tls_protocols': + value => '!SSLv2, !SSLv3'; + } +} |