From 542be4f5bb42c3042a6d1baef231a267fb26b20c Mon Sep 17 00:00:00 2001 From: Gilles Dartiguelongue Date: Sun, 23 Aug 2015 00:12:36 +0200 Subject: [PATCH] Wrap TLS and relay options in conditional blocks Basic setting enabling such feature enable the rest of the default statements. --- postfix/files/main.cf | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/postfix/files/main.cf b/postfix/files/main.cf index cc488ee..a1f27d4 100644 --- a/postfix/files/main.cf +++ b/postfix/files/main.cf @@ -37,15 +37,16 @@ {{ set_parameter('readme_directory', 'no') }} -# TLS parameters +{%- if config.get('smtpd_use_tls', 'yes') == 'yes' %} +# TLS parameters (http://www.postfix.org/TLS_README.html) +# Recipient settings +{{ set_parameter('smtpd_use_tls') }} {{ set_parameter('smtpd_tls_cert_file', '/etc/ssl/certs/ssl-cert-snakeoil.pem') }} {{ set_parameter('smtpd_tls_key_file', '/etc/ssl/private/ssl-cert-snakeoil.key') }} -{{ set_parameter('smtpd_use_tls', 'yes') }} {{ set_parameter('smtpd_tls_session_cache_database', 'btree:${data_directory}/smtpd_scache') }} +# Relay/Sender settings {{ set_parameter('smtp_tls_session_cache_database', 'btree:${data_directory}/smtp_scache') }} - -# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for -# information on enabling SSL in the smtp client. +{%- endif %} {{ set_parameter('myhostname', grains['fqdn']) }} {{ set_parameter('alias_maps', 'hash:' ~ postfix.aliases_file) }} @@ -58,6 +59,7 @@ {{ set_parameter('inet_interfaces', 'all') }} {{ set_parameter('message_size_limit', '41943040') }} +{%- if config.get('relayhost') %} {% set relay_restrictions = ['permit_mynetworks', 'permit_sasl_authenticated', 'defer_unauth_destination'] %} {% set policyd_spf = salt['pillar.get']('postfix:policyd-spf', {}) %} {% if policyd_spf.get('enabled', False) %} @@ -65,6 +67,7 @@ policy-spf_time_limit = {{ policyd_spf.get('time_limit', '3600s') }} {% endif %} {{ set_parameter('smtpd_relay_restrictions', relay_restrictions) }} +{%- endif %} {% set recipient_restrictions = ['permit_mynetworks', 'permit_sasl_authenticated', 'reject_unauth_destination'] %} {% set postgrey_config = salt['pillar.get']('postfix:postgrey', {}) %}