blob: 3cc7ea721277785a3d82da91e8a63c98b18c8a10 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
class site_postfix::mx::smtp_tls {
include x509::variables
$ca_path = "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt"
$cert_path = "${x509::variables::certs}/${site_config::params::cert_name}.crt"
$key_path = "${x509::variables::keys}/${site_config::params::cert_name}.key"
# smtp TLS
postfix::config {
'smtp_use_tls': value => 'yes';
'smtp_tls_CApath': value => '/etc/ssl/certs/';
'smtp_tls_CAfile': value => $ca_path;
'smtp_tls_cert_file': value => $cert_path;
'smtp_tls_key_file': value => $key_path;
'smtp_tls_loglevel': value => '1';
'smtp_tls_exclude_ciphers':
value => 'aNULL, MD5, DES';
# upstream default is md5 (since 2.5 and older used it), we force sha1
'smtp_tls_fingerprint_digest':
value => 'sha1';
'smtp_tls_session_cache_database':
value => 'btree:${data_directory}/smtp_cache';
'smtp_tls_security_level':
value => 'may';
# see issue #4011
'smtp_tls_protocols':
value => '!SSLv2, !SSLv3';
}
}
|