Merge branch 'bug/3868' into develop

author: Micah Anderson <micah@leap.se> 2013-09-26 16:35:48 -0400
committer: Micah Anderson <micah@leap.se> 2013-09-26 16:35:48 -0400
commit: 81fe380535c731c7afc134fb4e62b6232f690375 (patch)
tree: fd5b64565172986f352130880a95230603eb3e0a /puppet/modules
parent: a1a512bdadb0fe45a89a883ac092960807b20672 (diff)
parent: a457f610aca8544b4c9e3a3f4ddcc4d00a05baf6 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx/tls.pp b/puppet/modules/site_postfix/manifests/mx/tls.pp
index 34df72bb..89b63ba1 100644
--- a/puppet/modules/site_postfix/manifests/mx/tls.pp
+++ b/puppet/modules/site_postfix/manifests/mx/tls.pp
@@ -17,3 +17,24 @@ class site_postfix::mx::tls {
   }
 
 }
+  # smtp TLS
+  postfix::config {
+    'smtp_use_tls':        value  => 'yes';
+    'smtp_tls_CApath':     value  => '/etc/ssl/certs/';
+    'smtp_tls_CAfile':     value  => $ca_path;
+    'smtp_tls_cert_file':  value  => $cert_path;
+    'smtp_tls_key_file':   value  => $key_path;
+    'smtp_tls_ask_ccert':  value  => 'yes';
+    'smtp_tls_loglevel':   value  => '1';
+    'smtp_tls_exclude_ciphers':
+      value => 'aNULL, MD5, DES';
+    # upstream default is md5 (since 2.5 and older used it), we force sha1
+    'smtp_tls_fingerprint_digest':
+      value => 'sha1';
+    'smtp_tls_session_cache_database':
+      value => 'btree:${queue_directory}/smtp_cache';
+    'smtp_tls_security_level':
+      value  => 'may';
+  }
+
+
author	Micah Anderson <micah@leap.se>	2013-09-26 16:35:48 -0400
committer	Micah Anderson <micah@leap.se>	2013-09-26 16:35:48 -0400
commit	81fe380535c731c7afc134fb4e62b6232f690375 (patch)
tree	fd5b64565172986f352130880a95230603eb3e0a /puppet/modules
parent	a1a512bdadb0fe45a89a883ac092960807b20672 (diff)
parent	a457f610aca8544b4c9e3a3f4ddcc4d00a05baf6 (diff)