Changeset - 093382189478
Parent rev.
Child rev.
[Not reviewed]
0 2 0
Branko Majic (branko) - 3 months ago 2025-01-08 18:07:07
branko@majic.rs
MAR-227: Drop the workaround for older Postfix TLS protocol configuration syntax:

- Since the roles have dropped support for older versions of
Debian/Postfix, no need to use the backwards compatible syntax any
longer.
2 files changed with 1 insertions and 14 deletions:
roles/mail_server/defaults/main.yml
13
roles/mail_server/templates/master.cf.j2
1
1
0 comments (0 inline, 0 general) First comment
roles/mail_server/defaults/main.yml
Show inline comments
 
@@ -19,16 +19,3 @@ ECDHE-RSA-CHACHA20-POLY1305:\
 
!aNULL:!MD5:!EXPORT"
 
mail_message_size_limit: 10240000
 
mail_server_smtp_additional_configuration: ""
 

			




	
	
	
		
 
# Internal use only.

			




	
	
	
		
 

			




	
	
	
		
 
# Map Postfix smtpd allowed protocols based on minimum protocol

			




	
	
	
		
 
# specified (for use with submission port smtpd instance). A bit

			




	
	
	
		
 
# repetative, but easy to understand.

			




	
	
	
		
 
mail_server_smtpd_submission_protocols:

			




	
	
	
		
 
  SSLv2: ["SSLv2", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"]

			




	
	
	
		
 
  SSLv3: ["SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"]

			




	
	
	
		
 
  TLSv1: ["TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"]

			




	
	
	
		
 
  TLSv1.1: ["TLSv1.1", "TLSv1.2", "TLSv1.3"]

			




	
	
	
		
 
  TLSv1.2: ["TLSv1.2", "TLSv1.3"]

			




	
	
	
		
 
  TLSv1.3: ["TLSv1.3"]

			




        

    


    
    

    

        

                

                    roles/mail_server/templates/master.cf.j2
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -152,6 +152,6 @@ submission inet n       -       y       -       -       smtpd

			




	
	
	
		
 
  -o smtpd_relay_restrictions=

			




	
	
	
		
 
  -o smtpd_sender_restrictions=reject_sender_login_mismatch,permit_sasl_authenticated,reject

			




	
	
	
		
 
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

			




	
	
	
		
 
  -o smtpd_tls_mandatory_protocols={{ mail_server_smtpd_submission_protocols[mail_server_minimum_tls_protocol] | join(',') }}

			




	
	
	
		
 
  -o smtpd_tls_mandatory_protocols=>={{ mail_server_minimum_tls_protocol }}

			




	
	
	
		
 
  -o smtpd_tls_mandatory_ciphers=high

			




	
	
	
		
 
  -o tls_high_cipherlist={{ mail_server_tls_ciphers }}

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    First comment





    


  

  

      

      

          

            You need to be logged in to comment. Login now
          

      

      

      
      

      

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.99,
        which is
        © 2010–2024 by various authors & licensed under GPLv3.