Files
@ c063f27000b9
Branch filter:
Location: majic-ansible-roles/roles/mail_forwarder/templates/ferm_mail.conf.j2 - annotation
c063f27000b9
717 B
text/plain
MAR-175: Mail server should be opportunistic in using TLS when delivering mail to remove servers:
- Previously the mail server would only deliver mails over plaintext.
- Deploy a simple SMTP server on both client1/client2
machines. Servers are set-up to require/refuse the STARTTLS over
SMTP.
- Added tests for checking if STARTTLS is used when available for mail
delivery.
- Fixed the wrong configurtion (making sure the TLS security level is
properly set for Postfix).
- Previously the mail server would only deliver mails over plaintext.
- Deploy a simple SMTP server on both client1/client2
machines. Servers are set-up to require/refuse the STARTTLS over
SMTP.
- Added tests for checking if STARTTLS is used when available for mail
delivery.
- Fixed the wrong configurtion (making sure the TLS security level is
properly set for Postfix).
d92577936630 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 13fd27e4004c 13fd27e4004c 13fd27e4004c 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 7df70ebc439c 13fd27e4004c | {% if smtp_relay_host and smtp_from_relay_allowed %}
domain ip {
# Accept incoming connections on port 25 from SMTP relay host.
table filter {
chain INPUT {
# SMTP for server communication.
proto tcp dport 25 {
saddr {{ smtp_relay_host }} ACCEPT;
}
}
}
}
{% if lookup('dig', smtp_relay_host + '/AAAA') not in ['NXDOMAIN', ''] %}
domain ip6 {
# Accept incoming connections on port 25 from SMTP relay host.
table filter {
chain INPUT {
# SMTP for server communication.
proto tcp dport 25 {
saddr {{ smtp_relay_host }} ACCEPT;
}
}
}
}
{% endif %}
{% endif %}
|