From a457f610aca8544b4c9e3a3f4ddcc4d00a05baf6 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 26 Sep 2013 14:53:37 -0400 Subject: Add client-side TLS configuration (#3868) Change-Id: I0b82930f6f6a453e57f1d57fd8b5df78d464e206 --- puppet/modules/site_postfix/manifests/mx/tls.pp | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/puppet/modules/site_postfix/manifests/mx/tls.pp b/puppet/modules/site_postfix/manifests/mx/tls.pp index 34df72bb..89b63ba1 100644 --- a/puppet/modules/site_postfix/manifests/mx/tls.pp +++ b/puppet/modules/site_postfix/manifests/mx/tls.pp @@ -17,3 +17,24 @@ class site_postfix::mx::tls { } } + # smtp TLS + postfix::config { + 'smtp_use_tls': value => 'yes'; + 'smtp_tls_CApath': value => '/etc/ssl/certs/'; + 'smtp_tls_CAfile': value => $ca_path; + 'smtp_tls_cert_file': value => $cert_path; + 'smtp_tls_key_file': value => $key_path; + 'smtp_tls_ask_ccert': value => 'yes'; + 'smtp_tls_loglevel': value => '1'; + 'smtp_tls_exclude_ciphers': + value => 'aNULL, MD5, DES'; + # upstream default is md5 (since 2.5 and older used it), we force sha1 + 'smtp_tls_fingerprint_digest': + value => 'sha1'; + 'smtp_tls_session_cache_database': + value => 'btree:${queue_directory}/smtp_cache'; + 'smtp_tls_security_level': + value => 'may'; + } + + -- cgit v1.2.3