Commit 56865f8c authored by Kristian Klausen's avatar Kristian Klausen 🎉
Browse files

Migrate all services to use implicit TLS for SMTP Submission

parent 32e53cac
......@@ -48,11 +48,11 @@
gitlab_rails['initial_root_password'] = "{{ vault_gitlab_root_password }}"
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = 'mail.archlinux.org'
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = 'gitlab'
gitlab_rails['smtp_password'] = "{{ vault_gitlab_root_password }}"
gitlab_rails['smtp_domain'] = 'gitlab.archlinux.org'
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'gitlab@archlinux.org'
gitlab_rails['gitlab_email_display_name'] = 'GitLab'
......
......@@ -139,7 +139,8 @@ smtpd_reject_footer = For assistance contact <postmaster@archlinux.org>. Please
{% if postfix_relayhost %}
# relay all outbound mail via {{postfix_relayhost}}
# the square brackets prevents postfix from trying to lookup mx records
relayhost = [{{postfix_relayhost}}]:587
relayhost = [{{postfix_relayhost}}]:465
smtp_tls_wrappermode = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = ${indexed}/relay_passwords
# allow plaintext authentication only over tls secured connections
......
global:
resolve_timeout: 5m
smtp_smarthost: 'mail.archlinux.org:587'
smtp_smarthost: 'mail.archlinux.org:465'
smtp_from: 'alertmanager@archlinux.org'
smtp_require_tls: true
smtp_require_tls: false
smtp_auth_username: alertmanager
smtp_auth_password: {{ vault_monitoring_alertmanager_smtp_pass }}
......
......@@ -76,10 +76,10 @@ resource "keycloak_realm" "archlinux" {
smtp_server {
host = "mail.archlinux.org"
from = "accounts@archlinux.org"
port = "587"
port = "465"
from_display_name = "Arch Linux Accounts"
ssl = false
starttls = true
ssl = true
starttls = false
auth {
username = data.external.vault_keycloak.result.vault_keycloak_smtp_user
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment