blob: 5330d11c6795b4b2a6897234bed1dbcf3dcd2064 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
# {{ ansible_managed }}
# /!\ WARNING: smtp_tls_fingerprint_digest MUST be sha256!
{% if 'out' not in group_names %}
[outgoing.fripost.org]:{{ postfix_instance.out.port }} fingerprint ciphers=high protocols=!SSLv2:!SSLv3:!TLSv1:!TLSv1.1
{% for h in groups.out | sort %}
match={{ lookup('pipe', 'openssl x509 -in certs/postfix/'+h+'.pem -noout -pubkey | openssl pkey -pubin -outform DER | openssl dgst -sha256 -c | sed "s/[^ =]*=\s*//"') }}
{% endfor %}
{% endif %}
{% if 'MX' in group_names %}
{% if 'IMAP' not in group_names %}
[mda.fripost.org]:{{ postfix_instance.IMAP.port }} fingerprint ciphers=high protocols=!SSLv2:!SSLv3:!TLSv1:!TLSv1.1
{% for h in groups.IMAP | sort %}
match={{ lookup('pipe', 'openssl x509 -in certs/postfix/'+h+'.pem -noout -pubkey | openssl pkey -pubin -outform DER | openssl dgst -sha256 -c | sed "s/[^ =]*=\s*//"') }}
{% endfor %}
{% endif %}
{% if 'lists' not in group_names %}
[lists.fripost.org]:{{ postfix_instance.lists.port }} fingerprint ciphers=high protocols=!SSLv2:!SSLv3:!TLSv1:!TLSv1.1
{% for h in groups.lists | sort %}
match={{ lookup('pipe', 'openssl x509 -in certs/postfix/'+h+'.pem -noout -pubkey | openssl pkey -pubin -outform DER | openssl dgst -sha256 -c | sed "s/[^ =]*=\s*//"') }}
{% endfor %}
{% endif %}
{% endif %}
|
