Open mvdriel opened 2 years ago
See #83 and #117
I can't remember either... But you can use:
postfix_raw_options:
- |
smtp_use_tls = {{ postfix_smtp_tls_security_level != 'none' | ternary('yes', 'no') }}
smtp_tls_security_level = {{ postfix_smtp_tls_security_level}}
Yeah, thanks, that is my current workaround. Is the pull request something for v4.x?
A minor fix for your configuration suggestion are the brackets ("(" and ")") around the comparison:
postfix_raw_options:
- |
smtp_use_tls = {{ (postfix_smtp_tls_security_level != 'none') | ternary('yes', 'no') }}
smtp_tls_security_level = {{ postfix_smtp_tls_security_level}}
It seems to be introduced in #9
Is the pull request something for v4.x?
Yes! Do you have an idea how to unwind this block:
{% if postfix_relayhost %}
{% if postfix_relayhost_mxlookup %}
relayhost = {{ postfix_relayhost }}:{{ postfix_relayhost_port }}
{% else %}
relayhost = [{{ postfix_relayhost }}]:{{ postfix_relayhost_port }}
{% endif %}
{% if postfix_sasl_auth_enable %}
smtp_sasl_auth_enable = {{ postfix_sasl_auth_enable | bool | ternary('yes', 'no') }}
smtp_sasl_password_maps = {{ postfix_default_database_type }}:{{ postfix_sasl_passwd_file }}
smtp_sasl_security_options = {{ postfix_sasl_security_options }}
smtp_sasl_tls_security_options = {{ postfix_sasl_tls_security_options }}
smtp_sasl_mechanism_filter = {{ postfix_sasl_mechanism_filter }}
{% endif %}
{% if postfix_relaytls %}
smtp_use_tls = {{ postfix_relaytls | bool | ternary('yes', 'no') }}
smtp_tls_security_level = {{ postfix_smtp_tls_security_level }}
smtp_tls_wrappermode = {{ postfix_smtp_tls_wrappermode | bool | ternary('yes', 'no') }}
smtp_tls_note_starttls_offer = {{ postfix_smtp_tls_note_starttls_offer | bool | ternary('yes', 'no') }}
{% if postfix_smtp_tls_cafile is defined %}
smtp_tls_CAfile = {{ postfix_smtp_tls_cafile }}
{% endif %}
{% endif %}
{% else %}
relayhost =
{% endif %}
At the moment this role will only output
smtp_tls_security_level
in the configuration file (/etc/postfix/main.cf
) when apostfix_relayhost
is configured, so it is not possible to use TLS without relayhost. It is not totally clear to me why there is a dependency between these variables. @tersmitten Let me know whether you are open for a change; I would like to create a pull request. :smile: