Fixes #615. Aggiungere la configurazione esplicita della CA alla configurazione di postfix.

2020-04-16 14:11:53 +02:00 · 2020-04-16 14:11:53 +02:00 · d714e8e49a
parent 0124bdbd75
commit d714e8e49a
2 changed files with 5 additions and 0 deletions
--- a/library/roles/postfix/templates/main.cf.j2
+++ b/library/roles/postfix/templates/main.cf.j2
@ -755,14 +755,17 @@ readme_directory = no
 # TLS parameters
 {% if letsencrypt_acme_install is defined %}
 {% if postfix_use_letsencrypt %}
+smtpd_tls_CAfile={{ letsencrypt_acme_certs_dir }}/fullchain
 smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/fullchain
 smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey
 {% else %}
+smtpd_tls_CAfile=/etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 {% endif %}
 {% endif %}
 {% if letsencrypt_acme_install is not defined %}
+smtpd_tls_CAfile=/etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 {% endif %}
--- a/library/roles/postfix/templates/master.cf.j2
+++ b/library/roles/postfix/templates/master.cf.j2
@ -20,6 +20,7 @@ submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level={{ postfix_smtpd_tls_security_level }}
 {% if postfix_use_letsencrypt %}
+  -o smtpd_tls_CAfile={{ letsencrypt_acme_certs_dir }}/fullchain
  -o smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/cert
  -o smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey
 {% endif %}
@ -37,6 +38,7 @@ smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
 {% if postfix_use_letsencrypt %}
+  -o smtpd_tls_CAfile={{ letsencrypt_acme_certs_dir }}/fullchain
  -o smtpd_tls_cert_file={{ letsencrypt_acme_certs_dir }}/cert
  -o smtpd_tls_key_file={{ letsencrypt_acme_certs_dir }}/privkey
 {% endif %}