summaryrefslogtreecommitdiff
path: root/puppet/modules
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2014-04-02 15:35:01 -0400
committerMicah Anderson <micah@leap.se>2014-04-02 15:35:01 -0400
commit1551f785c5c7c515781995928eec7659365d8988 (patch)
tree973285910d91ddaa12c2b9243832f81202d16247 /puppet/modules
parent5cca6d100ffd991e6f943d916361bf0497728d70 (diff)
Force satellite hosts that only speak to relayhost to have a
smtp_tls_security_level of 'encrypt', so it is not optional (#1902) Change-Id: I61ad0823e3eb8df6c224767d63f0911dcba42a16
Diffstat (limited to 'puppet/modules')
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp4
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtp_tls.pp2
-rw-r--r--puppet/modules/site_postfix/manifests/satellite.pp11
3 files changed, 14 insertions, 3 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index a37c7af9..bdfee665 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -31,6 +31,10 @@ class site_postfix::mx {
value => 'vmail';
'smtpd_tls_received_header':
value => 'yes';
+ # Note: we are setting this here, instead of in site_postfix::mx::smtp_tls
+ # because the satellites need to have a different value
+ 'smtp_tls_security_level':
+ value => 'may';
}
include site_postfix::mx::smtpd_checks
diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp
index 3cc7ea72..d9b59f40 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp
@@ -20,8 +20,6 @@ class site_postfix::mx::smtp_tls {
value => 'sha1';
'smtp_tls_session_cache_database':
value => 'btree:${data_directory}/smtp_cache';
- 'smtp_tls_security_level':
- value => 'may';
# see issue #4011
'smtp_tls_protocols':
value => '!SSLv2, !SSLv3';
diff --git a/puppet/modules/site_postfix/manifests/satellite.pp b/puppet/modules/site_postfix/manifests/satellite.pp
index f5d5c7b7..5725e6b8 100644
--- a/puppet/modules/site_postfix/manifests/satellite.pp
+++ b/puppet/modules/site_postfix/manifests/satellite.pp
@@ -32,7 +32,16 @@ class site_postfix::satellite {
# we could also make this an optional parameter for providers without
# dns / local domains
- postfix::config { 'smtp_host_lookup': value => 'native'; }
+ postfix::config {
+ 'smtp_host_lookup':
+ value => 'native';
+
+ # Note: we are setting this here, instead of in site_postfix::mx::smtp_tls
+ # because the mx server has to have a different value
+ 'smtp_tls_security_level':
+ value => 'encrypt';
+ }
include site_postfix::mx::smtp_tls
+
}