self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2025-11-23 22:04:47 +02:00
Code Issues Releases Activity

handle DEFER_ON_TLS_ERROR as bool

Browse Source 
use /conf/mta-sts-daemon.yml when override is missing
This commit is contained in:
Alexander Graf
2021-09-09 17:30:46 +02:00
parent d464187477
commit b02ceab72f
4 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
core/postfix/Dockerfile
View File

@@ -20,7 +20,6 @@ RUN apk add --no-cache postfix postfix-pcre cyrus-sasl-login
COPY conf /conf COPY conf /conf
COPY start.py /start.py COPY start.py /start.py
COPY mta-sts-daemon.yml /etc/
EXPOSE 25/tcp 10025/tcp EXPOSE 25/tcp 10025/tcp
VOLUME ["/queue"] VOLUME ["/queue"]

2
core/postfix/conf/main.cf
View File

@@ -59,7 +59,7 @@ tls_ssl_options = NO_COMPRESSION, NO_TICKET
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols =!SSLv2,!SSLv3 smtp_tls_protocols =!SSLv2,!SSLv3
smtp_tls_security_level = {{ OUTBOUND_TLS_LEVEL|default('dane') }} smtp_tls_security_level = {{ OUTBOUND_TLS_LEVEL|default('dane') }}
smtp_tls_dane_insecure_mx_policy = {% if DEFER_ON_TLS_ERROR == 'false' %}may{% else %}dane{% endif %} smtp_tls_dane_insecure_mx_policy = {{ 'dane' if DEFER_ON_TLS_ERROR else 'may' }}
smtp_tls_policy_maps=lmdb:/etc/postfix/tls_policy.map, ${podop}dane, socketmap:unix:/tmp/mta-sts.socket:postfix smtp_tls_policy_maps=lmdb:/etc/postfix/tls_policy.map, ${podop}dane, socketmap:unix:/tmp/mta-sts.socket:postfix
smtp_tls_CApath = /etc/ssl/certs smtp_tls_CApath = /etc/ssl/certs
smtp_tls_session_cache_database = lmdb:/dev/shm/postfix/smtp_scache smtp_tls_session_cache_database = lmdb:/dev/shm/postfix/smtp_scache

2
core/postfix/mta-sts-daemon.yml → core/postfix/conf/mta-sts-daemon.yml
View File

@@ -6,5 +6,5 @@ cache:
options: options:
cache_size: 10000 cache_size: 10000
default_zone: default_zone:
strict_testing: {{ DEFER_ON_TLS_ERROR |default('true') }} strict_testing: {{ 'true' if DEFER_ON_TLS_ERROR else 'false' }}
timeout: 4 timeout: 4

5
core/postfix/start.py
View File

@@ -76,8 +76,9 @@ for map_file in glob.glob("/overrides/*.map"):
os.remove(destination) os.remove(destination)
if os.path.exists("/overrides/mta-sts-daemon.yml"): if os.path.exists("/overrides/mta-sts-daemon.yml"):
shutil.copyfile("/overrides/mta-sts-daemon.yml", "/etc/mta-sts-daemon.yml") conf.jinja("/overrides/mta-sts-daemon.yml", os.environ, "/etc/mta-sts-daemon.yml")
conf.jinja("/etc/mta-sts-daemon.yml", os.environ, "/etc/mta-sts-daemon.yml") else:
conf.jinja("/conf/mta-sts-daemon.yml", os.environ, "/etc/mta-sts-daemon.yml")
if not os.path.exists("/etc/postfix/tls_policy.map.lmdb"): if not os.path.exists("/etc/postfix/tls_policy.map.lmdb"):
open("/etc/postfix/tls_policy.map", "a").close() open("/etc/postfix/tls_policy.map", "a").close()