summaryrefslogtreecommitdiffstats
path: root/roles/IMAP/tasks/mda.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/IMAP/tasks/mda.yml')
-rw-r--r--roles/IMAP/tasks/mda.yml26
1 files changed, 24 insertions, 2 deletions
diff --git a/roles/IMAP/tasks/mda.yml b/roles/IMAP/tasks/mda.yml
index 0358f12..4a74ed3 100644
--- a/roles/IMAP/tasks/mda.yml
+++ b/roles/IMAP/tasks/mda.yml
@@ -9,7 +9,7 @@
dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf
owner=root group=root
mode=0644
- register: r
+ register: r1
notify:
- Restart Postfix
@@ -35,8 +35,30 @@
owner=root group=root
mode=0644
+- name: Build the Postfix relay clientcerts map
+ sudo: False
+ # smtpd_tls_fingerprint_digest MUST be sha256!
+ local_action: shell openssl x509 -in certs/postfix/{{ item }}.pem -noout -fingerprint -sha256 | sed -nr 's/^.*=(.*)/\1 {{ item }}/p'
+ with_items: groups.MX | difference([inventory_hostname]) | sort
+ register: relay_clientcerts
+ changed_when: False
+
+- name: Copy the Postfix relay clientcerts map
+ template: src=etc/postfix/relay_clientcerts.j2
+ dest=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts
+ owner=root group=root
+ mode=0644
+
+- name: Compile the Postfix relay clientcerts map
+ postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts db=cdb
+ owner=root group=root
+ mode=0644
+ register: r2
+ notify:
+ - Restart Postfix
+
- name: Start Postfix
service: name=postfix state=started
- when: not r.changed
+ when: not (r1.changed or r2.changed)
- meta: flush_handlers
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-13 22:13:13 +0000