From ff26ca98604d9e3f3856cca2af678b21c096d1ee Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Fri, 30 Aug 2013 15:19:43 -0400
Subject: postfix enable submission port using starttls, so the client can
 transition to the more restrictive TLS wrapper mode

Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa
---
 puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp')

diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
index 640f2390..7ade8588 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
@@ -18,8 +18,10 @@ class site_postfix::mx::smtpd_checks {
     # we use permit_tls_clientcerts with the $relay_clientcerts lookup
     'smtps_recipient_restrictions':
       value => 'permit_tls_all_clientcerts, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit';
+    'submission_recipient_restrictions':
+      value => 'permit_tls_all_clientcerts, check_recipient_access tcp:localhost:2244, reject_unauth_destination, permit';
     'smtpd_sender_restrictions':
       value => 'permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit';
-  }
+    }
 
 }
-- 
cgit v1.2.3