From ded4730735942796c8daacb3d222593a60e218c5 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 16 Mar 2021 08:31:15 +0000
Subject: [PATCH] sendmail: Add dhparams

---
 roles/sendmail/meta/main.yml            | 1 +
 roles/sendmail/templates/sendmail.mc.j2 | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/roles/sendmail/meta/main.yml b/roles/sendmail/meta/main.yml
index cee1612..4dc7ba0 100644
--- a/roles/sendmail/meta/main.yml
+++ b/roles/sendmail/meta/main.yml
@@ -1,4 +1,5 @@
 ---
 
 dependencies:
+  - {role: dhparams}
   - {role: saslauthd}
diff --git a/roles/sendmail/templates/sendmail.mc.j2 b/roles/sendmail/templates/sendmail.mc.j2
index 4cd4507..8172203 100644
--- a/roles/sendmail/templates/sendmail.mc.j2
+++ b/roles/sendmail/templates/sendmail.mc.j2
@@ -26,8 +26,10 @@ define(`confCACERT_PATH', `/etc/mail/certs')dnl
 define(`confCACERT', `{{ tls_certs }}/{{ mail_server }}-chain.crt')dnl
 define(`confSERVER_CERT', `{{ tls_certs }}/{{ mail_server }}.crt')dnl
 define(`confSERVER_KEY', `{{ tls_private }}/{{ mail_server }}.key')dnl
+define(`confDH_PARAMETERS', `{{ tls_certs }}/ffdhe3072.pem')dnl
 define(`confCLIENT_CERT', `{{ tls_certs }}/{{ mail_server }}.crt')dnl
 define(`confCLIENT_KEY', `{{ tls_private }}/{{ mail_server }}.key')dnl
+
 dnl #
 FEATURE(`no_default_msa', `dnl')dnl
 FEATURE(`smrsh', `/usr/sbin/smrsh')dnl