4 compatibility_level = 2
5 smtp_dns_support_level = dnssec
7 <%- if scope.lookupvar('site::nodeinfo')['smarthost'].empty? -%>
8 smtp_tls_security_level = dane
10 smtp_tls_security_level = dane-only
11 # yes, do MX lookups on the relayhost, since those have TLSA records
12 relayhost = <%= scope.lookupvar('site::nodeinfo')['smarthost'] %>:submission
18 smtpd_tls_cert_file = /etc/ssl/debian/certs/thishost-server.crt
19 smtpd_tls_key_file = /etc/ssl/private/thishost-server.key
20 smtpd_tls_CAfile = /etc/ssl/debian/certs/ca.crt
21 smtpd_tls_received_header = yes
22 smtpd_tls_loglevel = 1
25 smtp_tls_cert_file = /etc/ssl/debian/certs/thishost.crt
26 smtp_tls_key_file = /etc/ssl/private/thishost.key
27 smtp_tls_CAfile = /etc/ssl/debian/certs/ca.crt
28 smtp_tls_note_starttls_offer = yes
31 smtpd_tls_fingerprint_digest = sha256
32 smtp_tls_fingerprint_digest = sha256
34 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
35 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache