~dricottone/container-images: Fix encryption setup

5e6531c821b9b67bbe6876037cb6376e4012d5eb — Dominic Ricottone 1 year, 2 months ago d7b52b6

Fix encryption setup

Configuration was a bit confused on account of running both SMTPD and
Submission ports. I am going to prefer port 465 with implicit TLS, and
to correctly support that mode I am setting wrapper mode on.

patch browse .tar.gz

3 files changed, 3 insertions(+), 1 deletions(-)

M postfix/main.cf
M postfix/main.cf.tls-in
M postfix/master.cf

M postfix/main.cf => postfix/main.cf +1 -0

@@ 39,6 39,7 @@ smtpd_sasl_security_options = noanonymous
 smtpd_sasl_service = smtpd
 smtpd_sasl_tls_security_options = noanonymous
 smtpd_tls_auth_only = yes
+smtpd_tls_wrappermode=yes
 
 # Encryption
 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

M postfix/main.cf.tls-in => postfix/main.cf.tls-in +1 -0

@@ 37,6 37,7 @@ smtpd_sasl_security_options = noanonymous
 smtpd_sasl_service = smtpd
 smtpd_sasl_tls_security_options = noanonymous
 smtpd_tls_auth_only = yes
+smtpd_tls_wrappermode=yes
 
 # Encryption
 smtpd_tls_chain_files = /var/letsencrypt/chain.pem

M postfix/master.cf => postfix/master.cf +1 -1

@@ 14,7 14,7 @@ smtp      inet  n       -       n       -       -       smtpd
 #smtpd     pass  -       -       n       -       -       smtpd
 #dnsblog   unix  -       -       n       -       0       dnsblog
 #tlsproxy  unix  -       -       n       -       0       tlsproxy
-submission inet n       -       n       -       -       smtpd
+#submission inet n       -       n       -       -       smtpd
 #  -o syslog_name=postfix/submission
 #  -o smtpd_tls_security_level=encrypt
 #  -o smtpd_sasl_auth_enable=yes