From a76a6425d5f053343b942f40e6825324f442429c Mon Sep 17 00:00:00 2001 From: Matthieu Saulnier Date: Sun, 18 Jun 2017 03:07:47 +0200 Subject: add credentials for slave MTA servers --- .gitignore | 2 +- roles/mtaserver/handlers/main.yml | 3 +++ roles/mtaserver/tasks/config.yml | 7 +++++++ roles/mtaserver/templates/main.cf.j2 | 4 ++++ 4 files changed, 15 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 60e61bd..2a59c16 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ roles/dnsserver/templates/keys.j2 roles/torrelay/templates/keys.j2 roles/mtaserver/files/virtual -roles/mtaserver/files/virtual +roles/mtaserver/files/credentials diff --git a/roles/mtaserver/handlers/main.yml b/roles/mtaserver/handlers/main.yml index 57c5b50..87a6070 100644 --- a/roles/mtaserver/handlers/main.yml +++ b/roles/mtaserver/handlers/main.yml @@ -16,3 +16,6 @@ command: /usr/sbin/postmap /etc/postfix/virtual notify: reload postfix +- name: credentialmap + command: /usr/sbin/postmap /etc/postfix/credentials + notify: reload postfix diff --git a/roles/mtaserver/tasks/config.yml b/roles/mtaserver/tasks/config.yml index 7ef7f3f..97240a6 100644 --- a/roles/mtaserver/tasks/config.yml +++ b/roles/mtaserver/tasks/config.yml @@ -32,6 +32,13 @@ when: is_mtamaster is defined notify: virtualmap +- name: Installation de la table credentials + copy: src=credentials dest=/etc/postfix/credentials + owner=root + group=root + mode=400 + notify: credentialmap + - name: Configuration de l'alias root lineinfile: path: /etc/aliases diff --git a/roles/mtaserver/templates/main.cf.j2 b/roles/mtaserver/templates/main.cf.j2 index 89098b9..d42c022 100644 --- a/roles/mtaserver/templates/main.cf.j2 +++ b/roles/mtaserver/templates/main.cf.j2 @@ -351,6 +351,10 @@ mynetworks = hash:/etc/postfix/network_table relayhost = [smtp.free.fr] {% else %} relayhost = [mail.casperlefantom.net]:587 +smtp_sasl_auth_enable = yes +smtp_sasl_password_maps = hash:/etc/postfix/credentials +smtp_sasl_security_options = noanonymous +smtpd_tls_auth_only = yes {% endif %} smtp_tls_security_level = may smtp_tls_ciphers = high -- cgit