1 files changed, 13 insertions, 0 deletions

diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml
index 4b38974..bf17702 100644
--- a/roles/MSA/tasks/main.yml
+++ b/roles/MSA/tasks/main.yml
@@ -23,40 +23,53 @@
 - name: Create '_postfix-sender-login' user
   user: name=_postfix-sender-login system=yes
         group=nogroup
         createhome=no
         home=/nonexistent
         shell=/usr/sbin/nologin
         password=!
         state=present
 
 - name: Copy Postfix sender login socketmap systemd unit files
   copy: src=etc/systemd/system/{{ item }}
         dest=/etc/systemd/system/{{ item }}
         owner=root group=root
         mode=0644
   with_items:
     - postfix-sender-login.service
     - postfix-sender-login.socket
   notify:
     - systemctl daemon-reload
 
+- name: Copy the SMTP TLS policy maps
+  template: src=etc/postfix/smtp_tls_policy.j2
+            dest=/etc/postfix-{{ postfix_instance[inst].name }}/smtp_tls_policy
+            owner=root group=root
+            mode=0644
+
+- name: Compile the SMTP TLS policy maps
+  postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/smtp_tls_policy db=lmdb
+           owner=root group=root
+           mode=0644
+  notify:
+    - Reload Postfix
+
 - meta: flush_handlers
 
 - name: Enable Postfix sender login socketmap
   service: name=postfix-sender-login.socket state=started enabled=yes
 
 - name: Configure Postfix
   template: src=etc/postfix/{{ item }}.j2
             dest=/etc/postfix-{{ postfix_instance[inst].name }}/{{ item }}
             owner=root group=root
             mode=0644
   with_items:
     - main.cf
     - master.cf
   notify:
     - Reload Postfix
 
 - name: Copy the Regex to anonymize senders
   # no need to reload upon change, as cleanup(8) is short-running
   copy: src=etc/postfix/anonymize_sender.pcre
         dest=/etc/postfix-{{ postfix_instance[inst].name }}/anonymize_sender.pcre