Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable tls without relayhost #121

Open
mvdriel opened this issue Dec 22, 2021 · 6 comments
Open

Enable tls without relayhost #121

mvdriel opened this issue Dec 22, 2021 · 6 comments
Labels
enhancement question

Comments

@mvdriel
Copy link
Member

mvdriel commented Dec 22, 2021

At the moment this role will only output smtp_tls_security_level in the configuration file (/etc/postfix/main.cf) when a postfix_relayhost is configured, so it is not possible to use TLS without relayhost. It is not totally clear to me why there is a dependency between these variables. @tersmitten Let me know whether you are open for a change; I would like to create a pull request. 😄
@tersmitten
Copy link
Member

tersmitten commented Dec 22, 2021
edited

See #83 and #117

@tersmitten
Copy link
Member

I can't remember either... But you can use:

postfix_raw_options:
  - |
    smtp_use_tls = {{ postfix_smtp_tls_security_level != 'none' | ternary('yes', 'no') }}
    smtp_tls_security_level = {{ postfix_smtp_tls_security_level}}

@mvdriel
Copy link
Member Author

mvdriel commented Dec 23, 2021

Yeah, thanks, that is my current workaround. Is the pull request something for v4.x?

@mvdriel
Copy link
Member Author

mvdriel commented Dec 23, 2021

A minor fix for your configuration suggestion are the brackets ("(" and ")") around the comparison:

postfix_raw_options:
  - |
    smtp_use_tls = {{ (postfix_smtp_tls_security_level != 'none') | ternary('yes', 'no') }}
    smtp_tls_security_level = {{ postfix_smtp_tls_security_level}}

@tersmitten
Copy link
Member

It seems to be introduced in #9

@tersmitten
Copy link
Member

tersmitten commented Mar 26, 2024
edited

Is the pull request something for v4.x?

Yes! Do you have an idea how to unwind this block:

{% if postfix_relayhost %}
{% if postfix_relayhost_mxlookup %}
relayhost = {{ postfix_relayhost }}:{{ postfix_relayhost_port }}
{% else %}
relayhost = [{{ postfix_relayhost }}]:{{ postfix_relayhost_port }}
{% endif %}
{% if postfix_sasl_auth_enable %}
smtp_sasl_auth_enable = {{ postfix_sasl_auth_enable | bool | ternary('yes', 'no') }}
smtp_sasl_password_maps = {{ postfix_default_database_type }}:{{ postfix_sasl_passwd_file }}
smtp_sasl_security_options = {{ postfix_sasl_security_options }}
smtp_sasl_tls_security_options = {{ postfix_sasl_tls_security_options }}
smtp_sasl_mechanism_filter = {{ postfix_sasl_mechanism_filter }}
{% endif %}
{% if postfix_relaytls %}
smtp_use_tls = {{ postfix_relaytls | bool | ternary('yes', 'no') }}
smtp_tls_security_level = {{ postfix_smtp_tls_security_level }}
smtp_tls_wrappermode = {{ postfix_smtp_tls_wrappermode | bool | ternary('yes', 'no') }}
smtp_tls_note_starttls_offer = {{ postfix_smtp_tls_note_starttls_offer | bool | ternary('yes', 'no') }}
{% if postfix_smtp_tls_cafile is defined %}
smtp_tls_CAfile = {{ postfix_smtp_tls_cafile }}
{% endif %}
{% endif %}
{% else %}
relayhost =
{% endif %}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mvdriel @tersmitten