ansible-postfix icon indicating copy to clipboard operation
ansible-postfix copied to clipboard

Published 20 hours ago verified publisher icon Oefenweb

Enable tls without relayhost

Open mvdriel opened this issue 3 years ago • 6 comments

At the moment this role will only output smtp_tls_security_level in the configuration file (/etc/postfix/main.cf) when a postfix_relayhost is configured, so it is not possible to use TLS without relayhost. It is not totally clear to me why there is a dependency between these variables. @tersmitten Let me know whether you are open for a change; I would like to create a pull request. :smile:

mvdriel avatar Dec 22 '21 20:12 mvdriel

See #83 and #117

tersmitten avatar Dec 22 '21 23:12 tersmitten

I can't remember either... But you can use:

postfix_raw_options:
  - |
    smtp_use_tls = {{ postfix_smtp_tls_security_level != 'none' | ternary('yes', 'no') }}
    smtp_tls_security_level = {{ postfix_smtp_tls_security_level}}

tersmitten avatar Dec 22 '21 23:12 tersmitten

Yeah, thanks, that is my current workaround. Is the pull request something for v4.x?

mvdriel avatar Dec 23 '21 10:12 mvdriel

A minor fix for your configuration suggestion are the brackets ("(" and ")") around the comparison:

postfix_raw_options:
  - |
    smtp_use_tls = {{ (postfix_smtp_tls_security_level != 'none') | ternary('yes', 'no') }}
    smtp_tls_security_level = {{ postfix_smtp_tls_security_level}}

mvdriel avatar Dec 23 '21 16:12 mvdriel

It seems to be introduced in #9

tersmitten avatar Mar 26 '24 09:03 tersmitten

Is the pull request something for v4.x?

Yes! Do you have an idea how to unwind this block:

{% if postfix_relayhost %}
{% if postfix_relayhost_mxlookup %}
relayhost = {{ postfix_relayhost }}:{{ postfix_relayhost_port }}
{% else %}
relayhost = [{{ postfix_relayhost }}]:{{ postfix_relayhost_port }}
{% endif %}
{% if postfix_sasl_auth_enable %}
smtp_sasl_auth_enable = {{ postfix_sasl_auth_enable | bool | ternary('yes', 'no') }}
smtp_sasl_password_maps = {{ postfix_default_database_type }}:{{ postfix_sasl_passwd_file }}
smtp_sasl_security_options = {{ postfix_sasl_security_options }}
smtp_sasl_tls_security_options = {{ postfix_sasl_tls_security_options }}
smtp_sasl_mechanism_filter = {{ postfix_sasl_mechanism_filter }}
{% endif %}
{% if postfix_relaytls %}
smtp_use_tls = {{ postfix_relaytls | bool | ternary('yes', 'no') }}
smtp_tls_security_level = {{ postfix_smtp_tls_security_level }}
smtp_tls_wrappermode = {{ postfix_smtp_tls_wrappermode | bool | ternary('yes', 'no') }}
smtp_tls_note_starttls_offer = {{ postfix_smtp_tls_note_starttls_offer | bool | ternary('yes', 'no') }}
{% if postfix_smtp_tls_cafile is defined %}
smtp_tls_CAfile = {{ postfix_smtp_tls_cafile }}
{% endif %}
{% endif %}
{% else %}
relayhost =
{% endif %}

tersmitten avatar Mar 26 '24 11:03 tersmitten