Files @ 24120c68c6b4
Branch filter:

Location: majic-ansible-roles/testsite/group_vars/mail.yml - annotation

branko
MAR-196: Simplify allowed TLS protocol configuration for mail_server role:

- Accept minimum version allowed instead of arbitrary list.
- Fixes deprecation warnings in Dovecot logs (ssl_protocols ->
ssl_min_protocol transition).
---

mail_ldap_url: ldap://ldap.{{ testsite_domain }}/
mail_ldap_tls_truststore: "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"
mail_ldap_base_dn: "{{ testsite_ldap_base }}"
mail_ldap_postfix_password: postfix
mail_ldap_dovecot_password: dovecot

mail_user: vmail
mail_user_uid: 5000
mail_user_gid: 5000

local_mail_aliases:
  root: "root john.doe@{{ testsite_domain }}"

imap_tls_certificate: "{{ lookup('file', inventory_dir + '/tls/mail.' + testsite_domain + '_imap.pem') }}"
imap_tls_key: "{{ lookup('file', inventory_dir + '/tls/mail.' + testsite_domain + '_imap.key') }}"
smtp_tls_certificate: "{{ lookup('file', inventory_dir + '/tls/mail.' + testsite_domain + '_smtp.pem') }}"
smtp_tls_key: "{{ lookup('file', inventory_dir + '/tls/mail.' + testsite_domain + '_smtp.key') }}"
imap_folder_separator: /
smtp_rbl:
  - bl.spamcop.net
  - zen.spamhaus.org

mail_postmaster: postmaster@{{ testsite_domain }}

smtp_allow_relay_from:
  - ldap.{{ testsite_domain }}
  - xmpp.{{ testsite_domain }}
  - web.{{ testsite_domain }}
  - ws01.{{ testsite_domain }}

imap_max_user_connections_per_ip: 50

mail_server_minimum_tls_protocol: TLSv1.1

mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:\
DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:\
ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA:!aNULL:!MD5:!EXPORT"