projects / mirror / dsa-puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Try to avoid reserved site keyword
[mirror/dsa-puppet.git] / modules / postfix / templates / main.cf-header.erb
1 # postfix main.cf
2
3 mydomain = debian.org
4 compatibility_level = 2
5 smtp_dns_support_level = dnssec
6
7 <%- if scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? -%>
8 smtp_tls_security_level = dane
9 <%- else -%>
10 smtp_tls_security_level = dane-only
11 # yes, do MX lookups on the relayhost, since those have TLSA records
12 relayhost = <%= scope.lookupvar('deprecated::nodeinfo')['smarthost'] %>:submission
13 <%- end -%>
14
15 # tls stuff
16 #
17 smtpd_use_tls = yes
18 smtpd_tls_cert_file = /etc/ssl/debian/certs/thishost-server.crt
19 smtpd_tls_key_file = /etc/ssl/private/thishost-server.key
20 smtpd_tls_CAfile = /etc/ssl/debian/certs/ca.crt
21 smtpd_tls_received_header = yes
22 smtpd_tls_loglevel = 1
23
24 smtp_use_tls = yes
25 smtp_tls_cert_file = /etc/ssl/debian/certs/thishost.crt
26 smtp_tls_key_file = /etc/ssl/private/thishost.key
27 smtp_tls_CAfile = /etc/ssl/debian/certs/ca.crt
28 smtp_tls_note_starttls_offer = yes
29 smtp_tls_loglevel = 1
30
31 smtpd_tls_fingerprint_digest = sha256
32 smtp_tls_fingerprint_digest = sha256
33
34 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
35 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
36
Unnamed repository; edit this file 'description' to name the repository.