make unbound dependency for postfix optional
authorRalf Jung <post@ralfj.de>
Sat, 16 Jun 2018 17:57:33 +0000 (19:57 +0200)
committerRalf Jung <post@ralfj.de>
Sat, 16 Jun 2018 17:57:33 +0000 (19:57 +0200)
roles/email/templates/main.cf
site.yml

index eb6bdf1660b8c4e4dd5eebed4d8e8fe92ef1f947..cbd7b3d85c4cdd515b4a24485beebc68938952d7 100644 (file)
@@ -24,9 +24,10 @@ smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
 smtp_tls_ciphers = low
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 smtp_tls_loglevel = 1
 smtp_tls_ciphers = low
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 smtp_tls_loglevel = 1
-{% if not(postfix.relay_host is defined) %}
-smtp_tls_security_level = dane
+{% if 'unbound' in group_names %}
+# If there are TLSA records, enforce using encryption
 smtp_dns_support_level = dnssec
 smtp_dns_support_level = dnssec
+smtp_tls_security_level = dane
 {% endif %}
 
 {% if postfix.postscreen | default(False) %}
 {% endif %}
 
 {% if postfix.postscreen | default(False) %}
index 7c0c2d5adeb24bd98ba34c20faa1536e59934639..f7fbc707f66e30071f1840e1c7f6bc9ca92b2d2a 100644 (file)
--- a/site.yml
+++ b/site.yml
@@ -28,7 +28,6 @@
   tags: letsencrypt
 
 - hosts: email
   tags: letsencrypt
 
 - hosts: email
-  # depends: unbound
   gather_facts: no
   roles:
   - email
   gather_facts: no
   roles:
   - email