projects
/
ansible.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
make unbound dependency for postfix optional
[ansible.git]
/
roles
/
email
/
templates
/
main.cf
diff --git
a/roles/email/templates/main.cf
b/roles/email/templates/main.cf
index eb6bdf1660b8c4e4dd5eebed4d8e8fe92ef1f947..cbd7b3d85c4cdd515b4a24485beebc68938952d7 100644
(file)
--- a/
roles/email/templates/main.cf
+++ b/
roles/email/templates/main.cf
@@
-24,9
+24,10
@@
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_ciphers = low
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_loglevel = 1
smtp_tls_ciphers = low
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_loglevel = 1
-{% if
not(postfix.relay_host is defined)
%}
-smtp_tls_security_level = dane
+{% if
'unbound' in group_names
%}
+# If there are TLSA records, enforce using encryption
smtp_dns_support_level = dnssec
smtp_dns_support_level = dnssec
+smtp_tls_security_level = dane
{% endif %}
{% if postfix.postscreen | default(False) %}
{% endif %}
{% if postfix.postscreen | default(False) %}