From ef8883f73a36ead4c26a42b413baa913c008cfa6 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Fri, 9 Feb 2024 00:53:52 -0800 Subject: Create a self-signed certificate for incoming mail (mga#29514) This still needs to be enabled once it's checked. --- modules/postfix/manifests/init.pp | 11 +++++++++++ modules/postfix/templates/main.cf | 9 ++++----- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/modules/postfix/manifests/init.pp b/modules/postfix/manifests/init.pp index 7a6f6389..8a4394df 100644 --- a/modules/postfix/manifests/init.pp +++ b/modules/postfix/manifests/init.pp @@ -10,4 +10,15 @@ class postfix { content => '', notify => Service['postfix'], } + + file { '/etc/ssl/postfix/': + ensure => directory, + } + + openssl::self_signed_splitted_cert { "${::hostname}.${::domain}": + filename => 'postfix', + directory => '/etc/ssl/postfix/', + owner => 'postfix', + group => 'postfix' + } } diff --git a/modules/postfix/templates/main.cf b/modules/postfix/templates/main.cf index 40e5d352..2322cb71 100644 --- a/modules/postfix/templates/main.cf +++ b/modules/postfix/templates/main.cf @@ -103,12 +103,11 @@ smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (<%= lsbdistid %>) unknown_local_recipient_reject_code = 450 smtp-filter_destination_concurrency_limit = 2 lmtp-filter_destination_concurrency_limit = 2 -# disabled for the time being, as the certificate do not exist -# FIXME create the cert in puppet +# disabled for the time being smtpd_use_tls = no -#smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem -#smtpd_tls_key_file = /etc/pki/tls/private/postfix.pem -#smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt +smtpd_tls_cert_file = /etc/ssl/postfix/postfix.crt +smtpd_tls_key_file = /etc/ssl/postfix/postfix.key +smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt # enable opportunistic TLS when sending smtp_tls_security_level = may smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt -- cgit v1.2.1