From 7a5cc5032b036f110a19b899cfc264065b473ed1 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 2 Jul 2014 17:54:24 +0200 Subject: Use stunnel to secure the connection from the IMAP proxy to the IMAP server. The reason is that we don't want to rely on CAs to verify the certificate of our server. Dovecot currently doesn't offer a way to match said cert against a local copy or known fingerprint. stunnel does. --- roles/IMAP/tasks/imap.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'roles/IMAP/tasks') diff --git a/roles/IMAP/tasks/imap.yml b/roles/IMAP/tasks/imap.yml index 3e93c53..be451ef 100644 --- a/roles/IMAP/tasks/imap.yml +++ b/roles/IMAP/tasks/imap.yml @@ -82,6 +82,16 @@ tags: - genkey +- name: Fetch Dovecot's X.509 certificate + # Ensure we don't fetch private data + sudo: False + fetch: src=/etc/dovecot/ssl/imap.fripost.org.pem + dest=certs/dovecot/ + fail_on_missing=yes + flat=yes + tags: + - genkey + - name: Configure Dovecot copy: src=etc/dovecot/{{ item }} dest=/etc/dovecot/{{ item }} -- cgit v1.2.3