aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--modules/postfix/manifests/init.pp11
-rw-r--r--modules/postfix/templates/main.cf9
2 files changed, 15 insertions, 5 deletions
diff --git a/modules/postfix/manifests/init.pp b/modules/postfix/manifests/init.pp
index 7a6f6389..8a4394df 100644
--- a/modules/postfix/manifests/init.pp
+++ b/modules/postfix/manifests/init.pp
@@ -10,4 +10,15 @@ class postfix {
content => '',
notify => Service['postfix'],
}
+
+ file { '/etc/ssl/postfix/':
+ ensure => directory,
+ }
+
+ openssl::self_signed_splitted_cert { "${::hostname}.${::domain}":
+ filename => 'postfix',
+ directory => '/etc/ssl/postfix/',
+ owner => 'postfix',
+ group => 'postfix'
+ }
}
diff --git a/modules/postfix/templates/main.cf b/modules/postfix/templates/main.cf
index 40e5d352..2322cb71 100644
--- a/modules/postfix/templates/main.cf
+++ b/modules/postfix/templates/main.cf
@@ -103,12 +103,11 @@ smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (<%= lsbdistid %>)
unknown_local_recipient_reject_code = 450
smtp-filter_destination_concurrency_limit = 2
lmtp-filter_destination_concurrency_limit = 2
-# disabled for the time being, as the certificate do not exist
-# FIXME create the cert in puppet
+# disabled for the time being
smtpd_use_tls = no
-#smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
-#smtpd_tls_key_file = /etc/pki/tls/private/postfix.pem
-#smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
+smtpd_tls_cert_file = /etc/ssl/postfix/postfix.crt
+smtpd_tls_key_file = /etc/ssl/postfix/postfix.key
+smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
# enable opportunistic TLS when sending
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt