summaryrefslogtreecommitdiff
path: root/postfix
diff options
context:
space:
mode:
authorJonas Smedegaard <dr@jones.dk>2007-07-19 00:25:16 +0000
committerJonas Smedegaard <dr@jones.dk>2007-07-19 00:25:16 +0000
commit2e3e212fd778876a710f43e1e999c48b365f49df (patch)
treefc7cb78a6acee7bf490a3349e7e23975b8eacae9 /postfix
parenta38e6bc916a738e0f1a2a375291e7801b3f5824c (diff)
Force using TLS for peers if cacert.pem exist.
Diffstat (limited to 'postfix')
-rwxr-xr-xpostfix/postfix.sh6
1 files changed, 5 insertions, 1 deletions
diff --git a/postfix/postfix.sh b/postfix/postfix.sh
index 3ee1a6c..98eac28 100755
--- a/postfix/postfix.sh
+++ b/postfix/postfix.sh
@@ -3,7 +3,7 @@
# /etc/local-COMMON/postfix/postfix.sh
# Copyright 2002-2007 Jonas Smedegaard <dr@jones.dk>
#
-# $Id: postfix.sh,v 1.51 2007-07-18 15:56:25 jonas Exp $
+# $Id: postfix.sh,v 1.52 2007-07-19 00:25:16 jonas Exp $
#
# Auto-tweak plain installed postfix Debian package
#
@@ -191,6 +191,10 @@ if [ -n "$sasl2" ] && [ -f /etc/ssl/certs/postfix.pem ]; then
$postconf -e 'smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_scache'
# Accepting client certificates breaks SMTP AUTH on OutLook Express on Mac (Classic)
$postconf -e 'smtpd_tls_ask_ccert = no'
+ # Force using TLS for peers
+ catallfilesfromotherrealms mailhost | sort | sed 's/^/[/;s/$/]:submission secure/' > "$confdir/tls_policy"
+ postmap "$confdir/tls_policy"
+ $postconf -e 'smtp_tls_policy_maps = hash:/etc/postfix/tls_policy'
else
echo "WARNING: CA certificate not found - consider using proper signed certificates!"
fi