postfix: Attempt a chain fix.

2013-03-05 17:03:29 +01:00 · 2013-03-05 17:03:29 +01:00 · b20d06b37f
commit b20d06b37f
parent 5f3e6c481c
2 changed files with 18 additions and 0 deletions
--- a/postfix/manifests/init.pp
+++ b/postfix/manifests/init.pp
@ -32,6 +32,9 @@
 #   $postfix_cert:
 #       Path to SSL certificate. Defaults to puppet client certificate.
 #
+#   $postfix_chain:
+#       Path to intermediary CA cert.
+#
 #   $postgrey:
 #       Whether to run postgrey or not.
 #
@ -81,6 +84,18 @@ class postfix {
        notify  => Service["postfix"],
    }

+    if $postfix_chain {
+        file { "${ssl::certs}/chain.crt":
+            ensure  => present,
+            source  => $postfix_chain,
+            mode    => "0644",
+            owner   => "root",
+            group   => "root",
+            require => Package["postfix"],
+            notify  => Service["postfix"],
+        }
+    }
+
    file { "${ssl::private}/postfix.key":
        ensure  => present,
        source  => $postfix_key,
--- a/postfix/templates/main.cf.erb
+++ b/postfix/templates/main.cf.erb
@ -731,6 +731,9 @@ smtpd_sasl_security_options = noanonymous
 # TLS
 #
 smtpd_use_tls=yes
+<% if has_variable?("postfix_chain") -%>
+smtpd_tls_CAfile = <%= postfix_chain %>
+<% end -%>
 smtpd_tls_cert_file=<%= scope.lookupvar('ssl::certs') %>/postfix.crt
 smtpd_tls_key_file=<%= scope.lookupvar('ssl::private') %>/postfix.key
 smtpd_tls_received_header = yes