From 6bc0fd1a62b0c097d1af47b31fe796144ea8319c Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 8 Jul 2016 09:58:07 +0200 Subject: [PATCH] tls config in main.cf --- rootfs/etc/confd/templates/main.cf.tmpl | 12 ++++++++++-- rootfs/etc/confd/templates/master.cf.tmpl | 8 +------- rootfs/etc/confd/templates/sender-transport.tmpl | 2 +- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl index df42ad1..63c6ada 100644 --- a/rootfs/etc/confd/templates/main.cf.tmpl +++ b/rootfs/etc/confd/templates/main.cf.tmpl @@ -28,7 +28,7 @@ smtpd_milters = inet:{{getenv "SPAMASSASSINHOST"}}:{{getenv "SPAMASSASSINPORT"}} non_smtpd_milters = $smtpd_milters milter_default_action = accept -milter_connect_macros = "i j {daemon_name} v {if_name} _" +#milter_connect_macros = "i j {daemon_name} v {if_name} _" message_size_limit = {{getenv "MESSAGESIZELIMIT"}} sender_dependent_default_transport_maps = hash:/etc/postfix/sender-transport smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache @@ -37,4 +37,12 @@ smtpd_tls_mandatory_protocols = {{getenv "TLSMANDATORYPROTOCOLS"}} tls_preempt_cipherlist = yes smtpd_tls_mandatory_ciphers = {{getenv "TLSMANDATORYCIPHERS"}} smtpd_tls_ciphers = {{getenv "TLSCIPHERS"}} -smtpd_tls_mandatory_exclude_ciphers = {{getenv "TLSMANDATORYEXCLUDECIPHERS"}} \ No newline at end of file +smtpd_tls_mandatory_exclude_ciphers = {{getenv "TLSMANDATORYEXCLUDECIPHERS"}} +smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers +smtp_tls_ciphers = $smtpd_tls_ciphers +lmtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers +lmtp_tls_ciphers = $smtpd_tls_ciphers +smtputf8_enable = no +biff = no +smtpd_tls_key_file=/etc/ssl/mail/privkey.pem +smtpd_tls_cert_file=/etc/ssl/mail/fullchain.pem diff --git a/rootfs/etc/confd/templates/master.cf.tmpl b/rootfs/etc/confd/templates/master.cf.tmpl index bed11a8..dd69f1c 100644 --- a/rootfs/etc/confd/templates/master.cf.tmpl +++ b/rootfs/etc/confd/templates/master.cf.tmpl @@ -1,10 +1,8 @@ smtp inet n - - - - smtpd -o syslog_name=postfix/smtp -o myhostname={{getenv "MYDOMAIN"}} - -o smtpd_tls_key_file=/etc/ssl/mail/privkey.pem - -o smtpd_tls_cert_file=/etc/ssl/mail/fullchain.pem -{{getenv "MYDOMAIN"}}-out unix - - - - - smtp +{{getenv "MYDOMAIN"}}-out unix - - - - - smtp -o smtp_helo_name={{getenv "MYHOSTNAME"}} -o syslog_name=postfix/smtp-out @@ -15,14 +13,10 @@ submission inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination -o milter_macro_daemon_name=ORIGINATING - -o smtpd_tls_key_file=/etc/ssl/mail/privkey.pem - -o smtpd_tls_cert_file=/etc/ssl/mail/fullchain.pem -smtp inet n - n - - smtpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr -#qmgr unix n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce diff --git a/rootfs/etc/confd/templates/sender-transport.tmpl b/rootfs/etc/confd/templates/sender-transport.tmpl index abb7743..c430201 100644 --- a/rootfs/etc/confd/templates/sender-transport.tmpl +++ b/rootfs/etc/confd/templates/sender-transport.tmpl @@ -1 +1 @@ -@{{getenv "MYDOMAIN"}} {{getenv "MYDOMAIN"}}-out \ No newline at end of file +@{{getenv "MYDOMAIN"}} {{getenv "MYDOMAIN"}}-out