majic-ansible-roles Files · roles/mail

Files @ 24120c68c6b4

Branch filter:

Location: majic-ansible-roles/roles/mail_server/defaults/main.yml

24120c68c6b4 1.1 KiB text/x-yaml Show Annotation Show as Raw Download as Raw

branko

MAR-196: Simplify allowed TLS protocol configuration for mail_server role:

- Accept minimum version allowed instead of arbitrary list.
- Fixes deprecation warnings in Dovecot logs (ssl_protocols ->
ssl_min_protocol transition).

---

enable_backup: false
mail_user: vmail
imap_folder_separator: "/"
smtp_rbl: []
mail_postmaster: "postmaster@{{ ansible_domain }}"
smtp_allow_relay_from: []
local_mail_aliases: {}
imap_max_user_connections_per_ip: 10
mail_server_minimum_tls_protocol: "TLSv1.2"
mail_server_tls_ciphers: "\
DHE-RSA-AES128-GCM-SHA256:\
DHE-RSA-AES256-GCM-SHA384:\
DHE-RSA-CHACHA20-POLY1305:\
ECDHE-RSA-AES128-GCM-SHA256:\
ECDHE-RSA-AES256-GCM-SHA384:\
ECDHE-RSA-CHACHA20-POLY1305:\
!aNULL:!MD5:!EXPORT"
mail_message_size_limit: 10240000
mail_server_smtp_additional_configuration: ""

# Internal use only.

# Map Postfix smtpd allowed protocols based on minimum protocol
# specified (for use with submission port smtpd instance). A bit
# repetative, but easy to understand.
mail_server_smtpd_submission_protocols:
  SSLv2: ["SSLv2", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"]
  SSLv3: ["SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"]
  TLSv1: ["TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"]
  TLSv1.1: ["TLSv1.1", "TLSv1.2", "TLSv1.3"]
  TLSv1.2: ["TLSv1.2", "TLSv1.3"]
  TLSv1.3: ["TLSv1.3"]