add credentials for slave MTA servers

4 files changed, 15 insertions, 1 deletions

diff --git a/.gitignore b/.gitignore
index 60e61bd..2a59c16 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
 roles/dnsserver/templates/keys.j2
 roles/torrelay/templates/keys.j2
 roles/mtaserver/files/virtual
-roles/mtaserver/files/virtual
+roles/mtaserver/files/credentials
diff --git a/roles/mtaserver/handlers/main.yml b/roles/mtaserver/handlers/main.yml
index 57c5b50..87a6070 100644
--- a/roles/mtaserver/handlers/main.yml
+++ b/roles/mtaserver/handlers/main.yml
@@ -16,3 +16,6 @@
   command: /usr/sbin/postmap /etc/postfix/virtual
   notify: reload postfix
 
+- name: credentialmap
+  command: /usr/sbin/postmap /etc/postfix/credentials
+  notify: reload postfix
diff --git a/roles/mtaserver/tasks/config.yml b/roles/mtaserver/tasks/config.yml
index 7ef7f3f..97240a6 100644
--- a/roles/mtaserver/tasks/config.yml
+++ b/roles/mtaserver/tasks/config.yml
@@ -32,6 +32,13 @@
   when: is_mtamaster is defined
   notify: virtualmap
 
+- name: Installation de la table credentials
+  copy: src=credentials dest=/etc/postfix/credentials
+        owner=root
+        group=root
+        mode=400
+  notify: credentialmap
+
 - name: Configuration de l'alias root
   lineinfile:
     path: /etc/aliases
diff --git a/roles/mtaserver/templates/main.cf.j2 b/roles/mtaserver/templates/main.cf.j2
index 89098b9..d42c022 100644
--- a/roles/mtaserver/templates/main.cf.j2
+++ b/roles/mtaserver/templates/main.cf.j2
@@ -351,6 +351,10 @@ mynetworks = hash:/etc/postfix/network_table
 relayhost = [smtp.free.fr]
 {% else %}
 relayhost = [mail.casperlefantom.net]:587
+smtp_sasl_auth_enable = yes
+smtp_sasl_password_maps = hash:/etc/postfix/credentials
+smtp_sasl_security_options = noanonymous
+smtpd_tls_auth_only = yes
 {% endif %}
 smtp_tls_security_level = may
 smtp_tls_ciphers = high