Majic Projects ~ [OPEN] MAR-225 - Ability to enforce TLS for mail deliveries for remote servers/domains

Majic Projects

Majic Ansible Roles

Projects
Wiki
- Quick links
- Wiki
- Project wikis
- Conntrackt
- Django Pydenticon
- Gimmecert
- Majic Ansible Roles
- Pydenticon
- Scripts
- Global content

Majic Ansible Roles / Open Feature request MAR-225 Ability to enforce TLS for mail deliveries for remote servers/domains

Votes

- No additional actions available

Issue basics

Type of issue

Feature request Unknown issue type
Issue label

No label set
Category

Security Not determined
Targetted for

Not determined
Status

New

Status not determined
Progress
Priority

Not determined

Affected by this issue (0)

There are no items

People involved

Posted by
branko (@branko)

Branko Majic
@branko

Last seen online at Apr 24, 2024 - 20:11

Show user details
Owned by

Not owned by anyone
Assigned to

Not assigned to anyone
Subscribers

0 subscriber(s)

Click here to show the list of subscribers

Times and dates

Posted at

Mar 06, 2024
Last updated

Mar 06, 2024
Estimated time

5 hours Not estimated
Time spent

No time spent

Click here to see time logged against this issue

Issue details

Resolution

Not determined
Reproducability

Not determined
Severity

Not determined

Attachments (0)

There is nothing attached to this issue

Child issues (0)

This issue does not have any child issues

Duplicate issues (0)

This issue does not have any duplicates

Show / hide more details »

Description

When using the mail_forwarder role, it is possible to allow mail deliveries from the configured relay server back towards the originating server. This is helpful in order to get eventual bounces and delivery failure notifications delivered to originating account on the server.

The mail_server role (which would normally be used on server used as SMTP relay as well) currently does not support ability to enforce TLS connections towards the originating server. Primary reason for this is that the SMTP server is configured to be opportunistic by default in order to increase compatibility with 3rd-party mail servers.

However, it would be useful if a list of specific domains (servers) could be passed in where the delivery mechanism would still enforce use of TLS. The assumption is that administrator should be able to properly issue certificates for this purpose.

The following should be done:

Update the mail_server role.
- Introduce additional parameter which allows specifying list of domains/servers towards which the TLS should be enforced for SMTP mail deliveries.
Update the mail_forwarder role.
- Introduce additional parameter(s) for deploying the X.509 private key and server certificate that will be used for incoming SMTP connections. Parameters would be mandatory if incoming connections from SMTP relay are allowed.
Update role reference documentation.
Update usage instructions.
Update release notes.

Todos (0 / 0)

Options

There are no comments

Welcome to The Bug Genie

Log in with your username and password