summaryrefslogtreecommitdiff
path: root/puppet/modules/site_postfix
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_postfix')
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp7
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtp_tls.pp4
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp2
3 files changed, 9 insertions, 4 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index d456baf3..cd493807 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -49,10 +49,9 @@ class site_postfix::mx {
value => 'static:42424';
'virtual_gid_maps':
value => 'static:42424';
- 'smtpd_tls_received_header':
- value => 'yes';
- # the following is needed for matching user's client cert fingerprints to
- # enable relaying (#3634)
+ # the two following configs are needed for matching user's client cert
+ # fingerprints to enable relaying (#3634). Satellites do not have
+ # these configured.
'smtpd_tls_fingerprint_digest':
value => 'sha1';
'relay_clientcerts':
diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp
index d56f6b54..4eb80dd6 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp
@@ -2,10 +2,14 @@ class site_postfix::mx::smtp_tls {
include site_config::x509::ca
include x509::variables
+ $cert_name = hiera('name')
$ca_path = "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt"
$cert_path = "${x509::variables::certs}/${site_config::params::cert_name}.crt"
$key_path = "${x509::variables::keys}/${site_config::params::cert_name}.key"
+ include site_config::x509::cert
+ include site_config::x509::key
+
# smtp TLS
postfix::config {
'smtp_use_tls': value => 'yes';
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp
index 0809c75f..9fed3874 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp
@@ -12,6 +12,8 @@ class site_postfix::mx::smtpd_tls {
'smtpd_tls_cert_file': value => $cert_path;
'smtpd_tls_key_file': value => $key_path;
'smtpd_tls_ask_ccert': value => 'yes';
+ 'smtpd_tls_received_header':
+ value => 'yes';
'smtpd_tls_security_level':
value => 'may';
'smtpd_tls_eecdh_grade':