From: Stephen Gran <steve@lobefin.net>
Date: Sat, 4 Apr 2009 23:06:39 +0000 (+0100)
Subject: Make exim use tls certs distributed by puppet
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=4f85b7c40485b024bebeeed0c28745bc6c1deaf0;p=mirror%2Fdsa-puppet.git

Make exim use tls certs distributed by puppet
Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/exim/files/common/exim4.conf b/modules/exim/files/common/exim4.conf
index 18bf9c879..c9e1e0253 100644
--- a/modules/exim/files/common/exim4.conf
+++ b/modules/exim/files/common/exim4.conf
@@ -124,6 +124,13 @@ RESERVEDADDRS = 0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : \
 
 hostlist reservedaddrs = RESERVEDADDRS
 
+tls_certificate = /etc/exim4/ssl/thishost.crt
+tls_privatekey = /etc/exim4/ssl/thishost.key
+.ifdef RELAY_HOST
+tls_try_verify_hosts = *
+tls_verify_certificates = /etc/exim4/ssl/client_certs.pem
+.endif
+
 #system_filter = /etc/exim4/filter
 #system_filter_file_transport = address_file
 
@@ -190,6 +197,7 @@ admin_groups = adm
 remote_sort_domains = *.debian.org:*.debian.net
 
 pipelining_advertise_hosts = !*
+tls_advertise_hosts = *
 smtp_enforce_sync = true
 
 log_selector = +tls_cipher +tls_peerdn +queue_time +deliver_time +smtp_connection +smtp_incomplete_transaction +smtp_confirmation
@@ -1117,7 +1125,9 @@ address_reply:
 remote_smtp:
   driver = smtp
   connect_timeout = 1m
-  hosts_avoid_tls = *
+  tls_tempfail_tryclear = true
+  tls_certificate = /etc/exim4/ssl/thishost.crt
+  tls_privatekey = /etc/exim4/ssl/thishost.key
 
 # Send the message to procmail
 procmail_pipe: