make unbound dependency for postfix optional

author Ralf Jung <post@ralfj.de>

Sat, 16 Jun 2018 17:57:33 +0000 (19:57 +0200)

committer Ralf Jung <post@ralfj.de>

Sat, 16 Jun 2018 17:57:33 +0000 (19:57 +0200)
author Ralf Jung <post@ralfj.de>
Sat, 16 Jun 2018 17:57:33 +0000 (19:57 +0200)
committer Ralf Jung <post@ralfj.de>
Sat, 16 Jun 2018 17:57:33 +0000 (19:57 +0200)
diff --git a/roles/email/templates/main.cf b/roles/email/templates/main.cf

index eb6bdf1660b8c4e4dd5eebed4d8e8fe92ef1f947..cbd7b3d85c4cdd515b4a24485beebc68938952d7 100644 (file)
--- a/roles/email/templates/main.cf
+++ b/roles/email/templates/main.cf
@@ -24,9 +24,10 @@ smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
  smtp_tls_ciphers = low
  smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
  smtp_tls_loglevel = 1
  smtp_tls_ciphers = low
  smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
  smtp_tls_loglevel = 1
-{% if not(postfix.relay_host is defined) %}
-smtp_tls_security_level = dane
+{% if 'unbound' in group_names %}
+# If there are TLSA records, enforce using encryption
  smtp_dns_support_level = dnssec
  smtp_dns_support_level = dnssec
+smtp_tls_security_level = dane
  {% endif %}
  
  {% if postfix.postscreen | default(False) %}
  {% endif %}
  
  {% if postfix.postscreen | default(False) %}
diff --git a/site.yml b/site.yml

index 7c0c2d5adeb24bd98ba34c20faa1536e59934639..f7fbc707f66e30071f1840e1c7f6bc9ca92b2d2a 100644 (file)
--- a/site.yml
+++ b/site.yml
@@ -28,7 +28,6 @@
    tags: letsencrypt
  
  - hosts: email
    tags: letsencrypt
  
  - hosts: email
-  # depends: unbound
    gather_facts: no
    roles:
    - email
    gather_facts: no
    roles:
    - email
author	Ralf Jung <post@ralfj.de>
	Sat, 16 Jun 2018 17:57:33 +0000 (19:57 +0200)
committer	Ralf Jung <post@ralfj.de>
	Sat, 16 Jun 2018 17:57:33 +0000 (19:57 +0200)
roles/email/templates/main.cf		patch \| blob \| history
site.yml		patch \| blob \| history