Puppet Class: postfix::smtp_tls_parameters

Defined in:
manifests/smtp_tls_parameters.pp

Summary

manage the smtp tls parameters

Overview

This class manages the smtp client TLS settings.

Examples:

Basic usage


class { 'postfix::smtp_tls_parameters':
  enable_dane => true,
}

Parameters:

  • enable_dane (Any) (defaults to: false)

    Set to ‘true` to enable DANE.

    This will set ‘smtp_tls_security_level` to `dane` and `smtp_dns_support_level` to `dnssec`.



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'manifests/smtp_tls_parameters.pp', line 17

class postfix::smtp_tls_parameters (
  $enable_dane = false,
) {
  $system_ca_bundle = $::postfix::install::system_ca_bundle

  postfix::maincf::param { 'smtp_tls_protocols':
    value => '!SSLv2,!SSLv3',
  }
  postfix::maincf::param { 'smtp_tls_mandatory_protocols':
    value => '!SSLv2,!SSLv3',
  }
  postfix::maincf::param { 'smtp_tls_loglevel':
    value => '1',
  }
  postfix::maincf::param { 'tls_disable_workarounds':
    value => '0xFFFFFFFF',
  }

  postfix::maincf::param { 'smtp_tls_CAfile':
    value => $system_ca_bundle,
  }

  if( $enable_dane ) {
    postfix::maincf::param { 'smtp_tls_security_level':
      value => 'dane'
    }
    postfix::maincf::param { 'smtp_dns_support_level':
      value => 'dnssec',
    }
  }
}