summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-05-17 20:35:37 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-05-17 22:07:45 +0200
commit7a562e807515506d7dca2f370f63057be7366c34 (patch)
tree129a3fb021685ce04f9916c3163eb13ae3f30570
parentc459a95cd4013e489ef4f9d47c05d1c98798522c (diff)
roundube: Pin X.509 certificate for sieve.fripost.org:4190.
-rw-r--r--roles/webmail/tasks/roundcube.yml10
-rw-r--r--roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 (renamed from roles/webmail/files/etc/roundcube/plugins/managesieve/config.inc.php)7
2 files changed, 11 insertions, 6 deletions
diff --git a/roles/webmail/tasks/roundcube.yml b/roles/webmail/tasks/roundcube.yml
index eb04ba1..e416656 100644
--- a/roles/webmail/tasks/roundcube.yml
+++ b/roles/webmail/tasks/roundcube.yml
@@ -27,7 +27,6 @@
- roundcube-plugins
- php-net-sieve
- php-net-ldap3
- - php-mail-mimedecode
- name: Copy fripost's logo
copy: src=usr/share/roundcube/skins/{{ item }}/images/fripost_logo.png
@@ -97,9 +96,16 @@
with_items:
- additional_message_headers
- jqueryui
- - managesieve
- password
+- name: Configure Roundcube plugins (2)
+ template: src=etc/roundcube/plugins/{{ item }}/config.inc.php.j2
+ dest=/etc/roundcube/plugins/{{ item }}/config.inc.php
+ owner=root group=root
+ mode=0644
+ with_items:
+ - managesieve
+
- name: Start php5-fpm
service: name=php5-fpm state=started
diff --git a/roles/webmail/files/etc/roundcube/plugins/managesieve/config.inc.php b/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2
index 9c9b3fc..6ad7343 100644
--- a/roles/webmail/files/etc/roundcube/plugins/managesieve/config.inc.php
+++ b/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2
@@ -26,7 +26,7 @@ $config['managesieve_auth_pw'] = null;
// use or not TLS for managesieve server connection
// Note: tls:// prefix in managesieve_host is also supported
-$config['managesieve_usetls'] = false;
+$config['managesieve_usetls'] = true;
// Connection scket context options
// See http://php.net/manual/en/context.ssl.php
@@ -34,10 +34,9 @@ $config['managesieve_usetls'] = false;
$config['managesieve_conn_options'] = array(
'ssl' => array(
'verify_peer' => true,
- 'verify_depth' => 3,
- 'cafile' => '/etc/stunnel/certs/imap.fripost.org.pem',
'disable_compression' => true,
- 'ciphers' => 'EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL',
+ 'ciphers' => 'EECDH+AES!MEDIUM!LOW!EXP!aNULL!eNULL',
+ 'peer_fingerprint' => array('sha1' => '{{ lookup('pipe', 'openssl x509 -in certs/public/imap.fripost.org.pem -noout -fingerprint -sha1 | sed "s/[^=]*=\s*//" | tr -d :') }}'),
),
);