Verified Commit 74c3d326 authored by Frederik Schwan's avatar Frederik Schwan
Browse files

remove unencrypted IMAP, POP3 and add SMTPS support

This sets the dovecot ports for imap and pop3 to 0 which disables those
services. For SMTPS we add the the SMTPS service on 465 first before
deprecating support for submission on 587.
parent a37feccb
......@@ -35,9 +35,7 @@
- name: open firewall holes
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- pop3
- pop3s
- imap
- imaps
when: configure_firewall
tags:
......
......@@ -59,10 +59,21 @@ service auth {
user = root
}
service imap-login {
# don't listen for plain imap
inet_listener imap {
port = 0
}
process_limit = 400
process_min_avail = 5
}
service pop3-login {
# don't listen for plain pop3
inet_listener pop3 {
port = 0
}
}
service managesieve-login {
inet_listener sieve {
# use default port
......
......@@ -108,6 +108,7 @@
with_items:
- smtp
- smtp-submission
- smtps
when: postfix_smtpd_public and configure_firewall
tags:
- firewall
......@@ -30,6 +30,14 @@ submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=$submission_recipient_restrictions
-o smtpd_client_connection_count_limit=10
465 inet n - n - - smtpd
-o cleanup_service_name=msa_cleanup
-o smtpd_tls_wrappermode=yes
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=$submission_recipient_restrictions
-o smtpd_client_connection_count_limit=10
{% endif %}
#smtp inet n - n - 1 postscreen
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment