From 2e3e212fd778876a710f43e1e999c48b365f49df Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Thu, 19 Jul 2007 00:25:16 +0000
Subject: Force using TLS for peers if cacert.pem exist.

---
 postfix/postfix.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'postfix')

diff --git a/postfix/postfix.sh b/postfix/postfix.sh
index 3ee1a6c..98eac28 100755
--- a/postfix/postfix.sh
+++ b/postfix/postfix.sh
@@ -3,7 +3,7 @@
 # /etc/local-COMMON/postfix/postfix.sh
 # Copyright 2002-2007 Jonas Smedegaard <dr@jones.dk>
 #
-# $Id: postfix.sh,v 1.51 2007-07-18 15:56:25 jonas Exp $
+# $Id: postfix.sh,v 1.52 2007-07-19 00:25:16 jonas Exp $
 #
 # Auto-tweak plain installed postfix Debian package
 #
@@ -191,6 +191,10 @@ if [ -n "$sasl2" ] && [ -f /etc/ssl/certs/postfix.pem ]; then
 		$postconf -e 'smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_scache'
 		# Accepting client certificates breaks SMTP AUTH on OutLook Express on Mac (Classic)
 		$postconf -e 'smtpd_tls_ask_ccert = no'
+		# Force using TLS for peers
+		catallfilesfromotherrealms mailhost | sort | sed 's/^/[/;s/$/]:submission	secure/' > "$confdir/tls_policy"
+		postmap "$confdir/tls_policy"
+		$postconf -e 'smtp_tls_policy_maps = hash:/etc/postfix/tls_policy'
 	else
 		echo "WARNING: CA certificate not found - consider using proper signed certificates!"
 	fi
-- 
cgit v1.2.3