summaryrefslogtreecommitdiffstats
path: root/roles/common
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2018-12-09 19:03:16 +0100
committerGuilhem Moulin <guilhem@fripost.org>2018-12-09 20:25:40 +0100
commit1d2a6bfc7062c60cfe61fd74c2af23a5c828c440 (patch)
tree4b7f1938cd09305cef3b8e4f532e8a50c6593511 /roles/common
parent9039847b88dd737de1b92b08cba67cbfe9a2d840 (diff)
MSA verification probes: enable opportunistic encryption.
And use ‘noreply.fripost.org’ as HELO name rather than $myhostname (i.e., ‘smtp.fripost.org’), so the same SPF policy can be used for ehlo and envelope sender identities.
Diffstat (limited to 'roles/common')
-rw-r--r--roles/common/templates/etc/postfix/master.cf.j29
1 files changed, 9 insertions, 0 deletions
diff --git a/roles/common/templates/etc/postfix/master.cf.j2 b/roles/common/templates/etc/postfix/master.cf.j2
index 4356363..905c82e 100644
--- a/roles/common/templates/etc/postfix/master.cf.j2
+++ b/roles/common/templates/etc/postfix/master.cf.j2
@@ -46,6 +46,15 @@ proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+{% if inst is defined and inst == 'MSA' %}
+smtp_verify unix - - y - - smtp
+ -o smtp_helo_name=noreply.$mydomain
+ -o smtp_tls_security_level=may
+ -o smtp_tls_ciphers=medium
+ -o smtp_tls_protocols=!SSLv2,!SSLv3
+ -o smtp_tls_note_starttls_offer=yes
+ -o smtp_tls_session_cache_database=lmdb:$data_directory/smtp_tls_session_cache
+{% endif %}
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error