diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-07-10 05:00:41 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-07-10 05:03:39 +0200 |
| commit | 37464e75e1863a89d757077400543dea7b9317ac (patch) | |
| tree | 44b1e9249be3622a48e5042b36512c461daf2103 /roles/MSA | |
| parent | c52344acb365be570a638f9f256cc33730ffa616 (diff) | |
Postfix MX/MSA instances: don't ask the remote SMTP client for a client certificate.
See postconf(5). This avoids the “(Client did not present a
certificate)” messages in the Received headers.
Diffstat (limited to 'roles/MSA')
| -rw-r--r-- | roles/MSA/templates/etc/postfix/main.cf.j2 | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index 29f9480..e998f39 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -64,41 +64,40 @@ smtp_bind_address = 127.0.0.1 smtp_tls_security_level = encrypt smtp_tls_ciphers = high smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtp_tls_exclude_ciphers = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5 smtp_tls_cert_file = /etc/postfix/ssl/{{ ansible_fqdn }}.pem smtp_tls_key_file = /etc/postfix/ssl/{{ ansible_fqdn }}.key smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache smtp_tls_policy_maps = cdb:/etc/postfix/tls_policy smtp_tls_fingerprint_digest = sha256 {% endif %} smtpd_tls_security_level = encrypt smtpd_tls_ciphers = high smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_exclude_ciphers = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5 smtpd_tls_cert_file = /etc/postfix/ssl/smtp.fripost.org.pem smtpd_tls_key_file = /etc/postfix/ssl/smtp.fripost.org.key smtpd_tls_dh1024_param_file = /etc/ssl/dhparams.pem smtpd_tls_session_cache_database= smtpd_tls_received_header = yes -smtpd_tls_ask_ccert = yes # SASL smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_local_domain = smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sasl_path = unix:private/dovecot-auth strict_rfc821_envelopes = yes smtpd_delay_reject = yes disable_vrfy_command = yes address_verify_sender = $double_bounce_sender@$mydomain address_verify_sender_ttl = 24h unverified_recipient_defer_code = 250 |