projects
/
ansible.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(from parent 1:
d337571
)
make unbound dependency for postfix optional
author
Ralf Jung
<post@ralfj.de>
Sat, 16 Jun 2018 17:57:33 +0000
(19:57 +0200)
committer
Ralf Jung
<post@ralfj.de>
Sat, 16 Jun 2018 17:57:33 +0000
(19:57 +0200)
roles/email/templates/main.cf
patch
|
blob
|
history
site.yml
patch
|
blob
|
history
diff --git
a/roles/email/templates/main.cf
b/roles/email/templates/main.cf
index eb6bdf1660b8c4e4dd5eebed4d8e8fe92ef1f947..cbd7b3d85c4cdd515b4a24485beebc68938952d7 100644
(file)
--- a/
roles/email/templates/main.cf
+++ b/
roles/email/templates/main.cf
@@
-24,9
+24,10
@@
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_ciphers = low
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_loglevel = 1
-{% if
not(postfix.relay_host is defined)
%}
-smtp_tls_security_level = dane
+{% if
'unbound' in group_names
%}
+# If there are TLSA records, enforce using encryption
smtp_dns_support_level = dnssec
+smtp_tls_security_level = dane
{% endif %}
{% if postfix.postscreen | default(False) %}
diff --git
a/site.yml
b/site.yml
index 7c0c2d5adeb24bd98ba34c20faa1536e59934639..f7fbc707f66e30071f1840e1c7f6bc9ca92b2d2a 100644
(file)
--- a/
site.yml
+++ b/
site.yml
@@
-28,7
+28,6
@@
tags: letsencrypt
- hosts: email
- # depends: unbound
gather_facts: no
roles:
- email