Merge pull request #34 from davidkarlsen/sslCa

add config parameter smtp_tls_CApath to validate peers
2015-12-31 09:01:35 -06:00 · 2015-12-31 09:01:35 -06:00 · f7c43ae6b0
commit f7c43ae6b0
parent 9bfa97d376 bcf0ec995f
2 changed files with 2 additions and 0 deletions
--- a/pillar.example
+++ b/pillar.example
@ -26,6 +26,7 @@ postfix:

  config:
    smtpd_banner: $myhostname ESMTP $mail_name
+    smtp_tls_CApath = /etc/ssl/certs
    biff: 'no'
    append_dot_mydomain: 'no'
    readme_directory: 'no'
--- a/postfix/files/main.cf
+++ b/postfix/files/main.cf
@ -57,6 +57,7 @@
 {{ set_parameter('smtpd_use_tls') }}
 {{ set_parameter('smtpd_tls_loglevel', 1) }}
 {{ set_parameter('smtpd_tls_security_level', 'may') }}
+{{ set_parameter('smtp_tls_CApath', '/etc/ssl/certs' }}
 {{ set_parameter('smtpd_tls_cert_file', '/etc/ssl/certs/ssl-cert-snakeoil.pem') }}
 {{ set_parameter('smtpd_tls_key_file', '/etc/ssl/private/ssl-cert-snakeoil.key') }}
 {{ set_parameter('smtpd_tls_session_cache_database', 'btree:${data_directory}/smtpd_scache') }}