Majic Projects ~ [OPEN] MAR-231 - Deploy proper TLS private key and certificate for SMTP service when using mail

Majic Projects

Majic Ansible Roles

Projects
Wiki
- Quick links
- Wiki
- Project wikis
- Conntrackt
- Django Pydenticon
- Gimmecert
- Majic Ansible Roles
- Pydenticon
- Scripts
- Global content

Majic Ansible Roles / Open Feature request MAR-231 Deploy proper TLS private key and certificate for SMTP service when using mail_forwarder role

Votes

- No additional actions available

Issue basics

Type of issue

Feature request Unknown issue type
Issue label

No label set
Category

Security Not determined
Targetted for

Not determined
Status

New

Status not determined
Progress
Priority

Not determined

Affected by this issue (0)

There are no items

People involved

Posted by
branko (@branko)

Branko Majic
@branko

Last seen online at Sep 29, 2024 - 18:46

Show user details
Owned by

Not owned by anyone
Assigned to

Not assigned to anyone
Subscribers

0 subscriber(s)

Click here to show the list of subscribers

Times and dates

Posted at

Mar 06, 2024
Last updated

Mar 06, 2024
Estimated time

2 hours Not estimated
Time spent

No time spent

Click here to see time logged against this issue

Issue details

Resolution

Not determined
Reproducability

Not determined
Severity

Not determined

Attachments (0)

There is nothing attached to this issue

Child issues (0)

This issue does not have any child issues

Duplicate issues (0)

This issue does not have any duplicates

Show / hide more details »

Description

The mail_forwarder role deploys Postfix SMTP server configured to use locally-generated self-signed certificate. Instead of this, it would be useful to enforce deployment of proper private key and externally-issued server certificate.

The said certificate could then be used by connecting servers to validate the SMTP server's identity.

The following should be done:

Update the mail_forwarder role.
- Add the smtp_tls_key and smtp_tls_certificate parameters for specifying the private key and corresponding certificate to be used for SMTP STARTTLS.
- Make the parameters mandatory if incoming connections from the SMTP relay are allowed.
- Make the parameters optional if possible if incoming connections from the SMTP relay are not allowed.
- Consider enforcing STARTTLS for incoming SMTP connections.
Update role reference documentation.
Update usage instructions.
Update release notes.

Todos (0 / 0)

Options

There are no comments

Welcome to The Bug Genie

Log in with your username and password