From ff26ca98604d9e3f3856cca2af678b21c096d1ee Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Fri, 30 Aug 2013 15:19:43 -0400
Subject: postfix enable submission port using starttls, so the client can
 transition to the more restrictive TLS wrapper mode

Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa
---
 puppet/modules/site_postfix/manifests/mx.pp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'puppet/modules/site_postfix/manifests/mx.pp')

diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index e9f662c3..eddf19f2 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -35,7 +35,13 @@ class site_postfix::mx {
     preseed             => true,
     root_mail_recipient => $root_mail_recipient,
     smtp_listen         => 'all',
-    mastercf_tail       => "smtps     inet  n       -       -       -       -       smtpd\n  -o smtpd_tls_wrappermode=yes\n  -o smtpd_tls_security_level=encrypt\n  -o smtpd_recipient_restrictions=\$smtps_recipient_restrictions",
+    mastercf_tail       =>
+    "smtps     inet  n       -       -       -       -       smtpd\n
+    -o smtpd_tls_wrappermode=yes\n
+    -o smtpd_tls_security_level=encrypt\n
+    submission inet n        -       n       -       -       smtpd\n
+    -o smtpd_tls_security_level=encrypt\n
+    -o smtpd_recipient_restrictions=\$submission_recipient_restrictions",
     require             => [ X509::Key[$cert_name], X509::Cert[$cert_name],
                              User['vmail'] ]
   }
-- 
cgit v1.2.3