From bcf0ec995f364de6b3d283d7bddacff1d2fb1b70 Mon Sep 17 00:00:00 2001 From: david Date: Thu, 31 Dec 2015 16:00:43 +0100 Subject: [PATCH] add config parameter smtp_tls_CApath to validate peers --- pillar.example | 1 + postfix/files/main.cf | 1 + 2 files changed, 2 insertions(+) diff --git a/pillar.example b/pillar.example index a053198..ce3a67d 100644 --- a/pillar.example +++ b/pillar.example @@ -26,6 +26,7 @@ postfix: config: smtpd_banner: $myhostname ESMTP $mail_name + smtp_tls_CApath = /etc/ssl/certs biff: 'no' append_dot_mydomain: 'no' readme_directory: 'no' diff --git a/postfix/files/main.cf b/postfix/files/main.cf index 9299055..63d4572 100644 --- a/postfix/files/main.cf +++ b/postfix/files/main.cf @@ -57,6 +57,7 @@ {{ set_parameter('smtpd_use_tls') }} {{ set_parameter('smtpd_tls_loglevel', 1) }} {{ set_parameter('smtpd_tls_security_level', 'may') }} +{{ set_parameter('smtp_tls_CApath', '/etc/ssl/certs' }} {{ set_parameter('smtpd_tls_cert_file', '/etc/ssl/certs/ssl-cert-snakeoil.pem') }} {{ set_parameter('smtpd_tls_key_file', '/etc/ssl/private/ssl-cert-snakeoil.key') }} {{ set_parameter('smtpd_tls_session_cache_database', 'btree:${data_directory}/smtpd_scache') }}