MSA verification probes: enable opportunistic encryption.

And use ‘noreply.fripost.org’ as HELO name rather than $myhostname (i.e., ‘smtp.fripost.org’), so the same SPF policy can be used for ehlo and envelope sender identities.
author: Guilhem Moulin <guilhem@fripost.org> 2018-12-09 19:03:16 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2018-12-09 20:25:40 +0100
commit: 1d2a6bfc7062c60cfe61fd74c2af23a5c828c440 (patch)
tree: 4b7f1938cd09305cef3b8e4f532e8a50c6593511 /roles/common
parent: 9039847b88dd737de1b92b08cba67cbfe9a2d840 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/roles/common/templates/etc/postfix/master.cf.j2 b/roles/common/templates/etc/postfix/master.cf.j2
index 4356363..905c82e 100644
--- a/roles/common/templates/etc/postfix/master.cf.j2
+++ b/roles/common/templates/etc/postfix/master.cf.j2
@@ -46,6 +46,15 @@ proxymap  unix  -       -       n       -       -       proxymap
 proxywrite unix -       -       n       -       1       proxymap
 smtp      unix  -       -       y       -       -       smtp
 #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+{% if inst is defined and inst == 'MSA' %}
+smtp_verify unix -      -       y       -       -       smtp
+  -o smtp_helo_name=noreply.$mydomain
+  -o smtp_tls_security_level=may
+  -o smtp_tls_ciphers=medium
+  -o smtp_tls_protocols=!SSLv2,!SSLv3
+  -o smtp_tls_note_starttls_offer=yes
+  -o smtp_tls_session_cache_database=lmdb:$data_directory/smtp_tls_session_cache
+{% endif %}
 relay     unix  -       -       y       -       -       smtp
 showq     unix  n       -       y       -       -       showq
 error     unix  -       -       y       -       -       error
author	Guilhem Moulin <guilhem@fripost.org>	2018-12-09 19:03:16 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2018-12-09 20:25:40 +0100
commit	1d2a6bfc7062c60cfe61fd74c2af23a5c828c440 (patch)
tree	4b7f1938cd09305cef3b8e4f532e8a50c6593511 /roles/common
parent	9039847b88dd737de1b92b08cba67cbfe9a2d840 (diff)