Commit 56865f8c authored by Kristian Klausen's avatar Kristian Klausen 🎉
Browse files

Migrate all services to use implicit TLS for SMTP Submission

parent 32e53cac
...@@ -48,11 +48,11 @@ ...@@ -48,11 +48,11 @@
gitlab_rails['initial_root_password'] = "{{ vault_gitlab_root_password }}" gitlab_rails['initial_root_password'] = "{{ vault_gitlab_root_password }}"
gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = 'mail.archlinux.org' gitlab_rails['smtp_address'] = 'mail.archlinux.org'
gitlab_rails['smtp_port'] = 587 gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = 'gitlab' gitlab_rails['smtp_user_name'] = 'gitlab'
gitlab_rails['smtp_password'] = "{{ vault_gitlab_root_password }}" gitlab_rails['smtp_password'] = "{{ vault_gitlab_root_password }}"
gitlab_rails['smtp_domain'] = 'gitlab.archlinux.org' gitlab_rails['smtp_domain'] = 'gitlab.archlinux.org'
gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_enabled'] = true gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'gitlab@archlinux.org' gitlab_rails['gitlab_email_from'] = 'gitlab@archlinux.org'
gitlab_rails['gitlab_email_display_name'] = 'GitLab' gitlab_rails['gitlab_email_display_name'] = 'GitLab'
......
...@@ -139,7 +139,8 @@ smtpd_reject_footer = For assistance contact <postmaster@archlinux.org>. Please ...@@ -139,7 +139,8 @@ smtpd_reject_footer = For assistance contact <postmaster@archlinux.org>. Please
{% if postfix_relayhost %} {% if postfix_relayhost %}
# relay all outbound mail via {{postfix_relayhost}} # relay all outbound mail via {{postfix_relayhost}}
# the square brackets prevents postfix from trying to lookup mx records # the square brackets prevents postfix from trying to lookup mx records
relayhost = [{{postfix_relayhost}}]:587 relayhost = [{{postfix_relayhost}}]:465
smtp_tls_wrappermode = yes
smtp_sasl_auth_enable = yes smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = ${indexed}/relay_passwords smtp_sasl_password_maps = ${indexed}/relay_passwords
# allow plaintext authentication only over tls secured connections # allow plaintext authentication only over tls secured connections
......
global: global:
resolve_timeout: 5m resolve_timeout: 5m
smtp_smarthost: 'mail.archlinux.org:587' smtp_smarthost: 'mail.archlinux.org:465'
smtp_from: 'alertmanager@archlinux.org' smtp_from: 'alertmanager@archlinux.org'
smtp_require_tls: true smtp_require_tls: false
smtp_auth_username: alertmanager smtp_auth_username: alertmanager
smtp_auth_password: {{ vault_monitoring_alertmanager_smtp_pass }} smtp_auth_password: {{ vault_monitoring_alertmanager_smtp_pass }}
......
...@@ -76,10 +76,10 @@ resource "keycloak_realm" "archlinux" { ...@@ -76,10 +76,10 @@ resource "keycloak_realm" "archlinux" {
smtp_server { smtp_server {
host = "mail.archlinux.org" host = "mail.archlinux.org"
from = "accounts@archlinux.org" from = "accounts@archlinux.org"
port = "587" port = "465"
from_display_name = "Arch Linux Accounts" from_display_name = "Arch Linux Accounts"
ssl = false ssl = true
starttls = true starttls = false
auth { auth {
username = data.external.vault_keycloak.result.vault_keycloak_smtp_user username = data.external.vault_keycloak.result.vault_keycloak_smtp_user
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment