summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/SiteSpecific/JoeySites.hs
diff options
context:
space:
mode:
authorJoey Hess2018-02-08 11:45:49 -0400
committerJoey Hess2018-02-08 11:45:49 -0400
commit071f914f56f776a825d32f627fca60e1a8494ec9 (patch)
tree7fd15d0572ae8c0d48b9d122052c9eb2bf8c51f8 /src/Propellor/Property/SiteSpecific/JoeySites.hs
parent40eb543d440f1165f6d716b2f477766ffc21d191 (diff)
propellor spin
Diffstat (limited to 'src/Propellor/Property/SiteSpecific/JoeySites.hs')
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 9196e81c..f3bf47f9 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -541,7 +541,7 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
, "smtpd_sasl_security_options = noanonymous"
, "smtpd_sasl_local_domain = kitenet.net"
- , "# Enable postgrey."
+ , "# Enable postgrey and sasl auth and client certs."
, "smtpd_recipient_restrictions = permit_tls_clientcerts,permit_sasl_authenticated,,permit_mynetworks,reject_unauth_destination,check_policy_service inet:127.0.0.1:10023"
, "# Enable spamass-milter, amavis-milter (opendkim is not enabled because it causes mails forwarded from eg gmail to be rejected)"
@@ -668,7 +668,6 @@ domainKey = (RelDomain "mail._domainkey", TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb
postfixSaslPasswordClient :: Property (HasInfo + DebianLike)
postfixSaslPasswordClient = combineProperties "postfix uses SASL password to authenticate with smarthost" $ props
- & Postfix.satellite
& Postfix.mappedFile "/etc/postfix/sasl_passwd"
(`File.hasPrivContent` (Context "kitenet.net"))
& Postfix.mainCfFile `File.containsLines`
@@ -680,6 +679,9 @@ postfixSaslPasswordClient = combineProperties "postfix uses SASL password to aut
, "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd"
]
`onChange` Postfix.reloaded
+ -- Comes after so it does not set relayhost but uses the setting
+ -- above.
+ & Postfix.satellite
hasPostfixCert :: Context -> Property (HasInfo + UnixLike)
hasPostfixCert ctx = combineProperties "postfix tls cert installed" $ props