From 895483e82331ad5ac748bc1da732be900b66b47a Mon Sep 17 00:00:00 2001 From: Andre Keller Date: Tue, 24 May 2016 17:20:12 +0200 Subject: [PATCH] Add some more SSL/TLS paramters. --- manifests/server.pp | 8 ++++++++ templates/main.cf-el5.erb | 23 ++++++++++++++++++++++- templates/main.cf.erb | 23 ++++++++++++++++++++++- 3 files changed, 52 insertions(+), 2 deletions(-) diff --git a/manifests/server.pp b/manifests/server.pp index 94a43cf..15bd08d 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -73,13 +73,21 @@ $smtp_tls_key_file = undef, $smtp_tls_cert_file = undef, $smtp_tls_security_level = undef, + $smtpd_tls_security_level = undef, $smtp_tls_secure_cert_match = undef, $smtp_tls_note_starttls_offer = false, + $smtp_tls_mandatory_protocols = undef, + $smtpd_tls_mandatory_protocols = undef, + $smtp_tls_protocols = undef, + $smtpd_tls_protocols = undef, $smtp_tls_mandatory_ciphers = undef, + $smtpd_tls_mandatory_ciphers = undef, $smtpd_tls_ask_ccert = false, $tls_append_default_CA = false, + $tls_high_cipherlist = undef, $smtp_sasl_tls = false, $smtp_use_tls = false, + $smtpd_use_tls = false, $canonical_maps = false, $sender_canonical_maps = false, $smtp_generic_maps = false, diff --git a/templates/main.cf-el5.erb b/templates/main.cf-el5.erb index 95adb67..0fbc599 100644 --- a/templates/main.cf-el5.erb +++ b/templates/main.cf-el5.erb @@ -721,7 +721,7 @@ sample_directory = <%= @sample_directory %> # readme_directory = <%= @readme_directory %> -<% if @ssl -%> +<% if @ssl or @smtpd_use_tls-%> # TLS stuff smtpd_use_tls = yes smtpd_tls_loglevel = 1 @@ -738,9 +738,21 @@ smtpd_tls_cert_file = /etc/pki/tls/certs/<%= @ssl %>.crt <% if @smtpd_tls_CAfile -%> smtpd_tls_CAfile = <%= @smtpd_tls_CAfile %> <% end -%> +<% if @smtpd_tls_security_level -%> +smtpd_tls_security_level = <%= @smtpd_tls_security_level %> +<% end -%> <% if @smtpd_tls_ask_ccert -%> smtpd_tls_ask_ccert = yes <% end -%> +<% if @smtpd_tls_mandatory_ciphers -%> +smtpd_tls_mandatory_ciphers = <%= @smtpd_tls_mandatory_ciphers %> +<% end -%> +<% if @smtpd_tls_mandatory_protocols -%> +smtpd_tls_mandatory_protocols = <%= @smtpd_tls_mandatory_protocols %> +<% end -%> +<% if @smtpd_tls_protocols -%> +smtpd_tls_protocols = <%= @smtpd_tls_protocols %> +<% end -%> <% if @tls_append_default_CA -%> tls_append_default_CA = yes <% end -%> @@ -790,6 +802,15 @@ smtp_tls_note_starttls_offer = yes <% if @smtp_tls_mandatory_ciphers -%> smtp_tls_mandatory_ciphers = <%= @smtp_tls_mandatory_ciphers %> <% end -%> +<% if @smtp_tls_mandatory_protocols -%> +smtp_tls_mandatory_protocols = <%= @smtp_tls_mandatory_protocols %> +<% end -%> +<% if @smtp_tls_protocols -%> +smtp_tls_protocols = <%= @smtp_tls_protocols %> +<% end -%> +<% if @tls_high_cipherlist -%> +tls_high_cipherlist = <%= @tls_high_cipherlist %> +<% end -%> <% end -%> <% if @mail_name -%> diff --git a/templates/main.cf.erb b/templates/main.cf.erb index 2e0beb0..43f87c5 100644 --- a/templates/main.cf.erb +++ b/templates/main.cf.erb @@ -738,7 +738,7 @@ sample_directory = <%= @sample_directory %> # readme_directory = <%= @readme_directory %> -<% if @ssl -%> +<% if @ssl or @smtpd_use_tls -%> # TLS stuff smtpd_use_tls = yes smtpd_tls_loglevel = 1 @@ -755,9 +755,21 @@ smtpd_tls_cert_file = /etc/pki/tls/certs/<%= @ssl %>.crt <% if @smtpd_tls_CAfile -%> smtpd_tls_CAfile = <%= @smtpd_tls_CAfile %> <% end -%> +<% if @smtpd_tls_security_level -%> +smtpd_tls_security_level = <%= @smtpd_tls_security_level %> +<% end -%> <% if @smtpd_tls_ask_ccert -%> smtpd_tls_ask_ccert = yes <% end -%> +<% if @smtpd_tls_mandatory_ciphers -%> +smtpd_tls_mandatory_ciphers = <%= @smtpd_tls_mandatory_ciphers %> +<% end -%> +<% if @smtpd_tls_mandatory_protocols -%> +smtpd_tls_mandatory_protocols = <%= @smtpd_tls_mandatory_protocols %> +<% end -%> +<% if @smtpd_tls_protocols -%> +smtpd_tls_protocols = <%= @smtpd_tls_protocols %> +<% end -%> <% if @tls_append_default_CA -%> tls_append_default_CA = yes <% end -%> @@ -807,6 +819,15 @@ smtp_tls_note_starttls_offer = yes <% if @smtp_tls_mandatory_ciphers -%> smtp_tls_mandatory_ciphers = <%= @smtp_tls_mandatory_ciphers %> <% end -%> +<% if @smtp_tls_mandatory_protocols -%> +smtp_tls_mandatory_protocols = <%= @smtp_tls_mandatory_protocols %> +<% end -%> +<% if @smtp_tls_protocols -%> +smtp_tls_protocols = <%= @smtp_tls_protocols %> +<% end -%> +<% if @tls_high_cipherlist -%> +tls_high_cipherlist = <%= @tls_high_cipherlist %> +<% end -%> <% end -%> <% if @mail_name -%>