diff options
-rw-r--r-- | modules/postfix/manifests/init.pp | 11 | ||||
-rw-r--r-- | modules/postfix/templates/main.cf | 9 |
2 files changed, 15 insertions, 5 deletions
diff --git a/modules/postfix/manifests/init.pp b/modules/postfix/manifests/init.pp index 7a6f6389..8a4394df 100644 --- a/modules/postfix/manifests/init.pp +++ b/modules/postfix/manifests/init.pp @@ -10,4 +10,15 @@ class postfix { content => '', notify => Service['postfix'], } + + file { '/etc/ssl/postfix/': + ensure => directory, + } + + openssl::self_signed_splitted_cert { "${::hostname}.${::domain}": + filename => 'postfix', + directory => '/etc/ssl/postfix/', + owner => 'postfix', + group => 'postfix' + } } diff --git a/modules/postfix/templates/main.cf b/modules/postfix/templates/main.cf index 40e5d352..2322cb71 100644 --- a/modules/postfix/templates/main.cf +++ b/modules/postfix/templates/main.cf @@ -103,12 +103,11 @@ smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (<%= lsbdistid %>) unknown_local_recipient_reject_code = 450 smtp-filter_destination_concurrency_limit = 2 lmtp-filter_destination_concurrency_limit = 2 -# disabled for the time being, as the certificate do not exist -# FIXME create the cert in puppet +# disabled for the time being smtpd_use_tls = no -#smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem -#smtpd_tls_key_file = /etc/pki/tls/private/postfix.pem -#smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt +smtpd_tls_cert_file = /etc/ssl/postfix/postfix.crt +smtpd_tls_key_file = /etc/ssl/postfix/postfix.key +smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt # enable opportunistic TLS when sending smtp_tls_security_level = may smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt |