Majic Projects
Majic Ansible Roles
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Majic Ansible Roles / Open Feature request MAR-225 Ability to enforce TLS for mail deliveries for remote servers/domains
action_vote_minus_faded.png
0
Votes
action_vote_plus_faded.png
Go to the next issue (open or closed)
Go to the next open issue
Issue basics
  • Type of issue
    Feature request
  • Category
    Security
  • Targetted for
    Not determined
  • Status
    New
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    5 hours
  • Time spent
    No time spent
    Click here to see time logged against this issue
Issue details
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description

When using the mail_forwarder role, it is possible to allow mail deliveries from the configured relay server back towards the originating server. This is helpful in order to get eventual bounces and delivery failure notifications delivered to originating account on the server.

The mail_server role (which would normally be used on server used as SMTP relay as well) currently does not support ability to enforce TLS connections towards the originating server. Primary reason for this is that the SMTP server is configured to be opportunistic by default in order to increase compatibility with 3rd-party mail servers.

However, it would be useful if a list of specific domains (servers) could be passed in where the delivery mechanism would still enforce use of TLS. The assumption is that administrator should be able to properly issue certificates for this purpose.

The following should be done:

  • Update the mail_server role.
    • Introduce additional parameter which allows specifying list of domains/servers towards which the TLS should be enforced for SMTP mail deliveries.
  • Update the mail_forwarder role.
    • Introduce additional parameter(s) for deploying the X.509 private key and server certificate that will be used for incoming SMTP connections. Parameters would be mandatory if incoming connections from SMTP relay are allowed.
  • Update role reference documentation.
  • Update usage instructions.
  • Update release notes.
Todos (0 / 0)
There are no comments