Add tls options for lmtp to main.cf template

With the addition of supporting lmtp as downstream server, we should also
set the relevant configuration options if TLS support is enabled.
(postfix does not use the smtp settings for lmtp)

Tested by sending a few mails to a downstream lmtp-server (dovecot)
and comparing the traffic with tcpdump/wireshark

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-By: Dominik Csapak <d.csapak@proxmox.com>

diff --git a/src/templates/main.cf.in b/src/templates/main.cf.in
index 1526709293b73d18a9f17eaa286de03e090df7a2..190c91363f75b27f5aff089593e14d2ff14feaf7 100644 (file)
--- a/src/templates/main.cf.in
+++ b/src/templates/main.cf.in
@@ -109,9 +109,14 @@ smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
 smtpd_tls_security_level = may
 smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem
 smtpd_tls_key_file = $smtpd_tls_cert_file
+
+lmtp_tls_security_level = $smtp_tls_security_level
+lmtp_tls_policy_maps = $smtp_tls_policy_maps
+lmtp_tls_CAfile = $smtp_tls_CAfile
 [% IF pmg.mail.tlslog %]
 smtpd_tls_loglevel = 1
 smtp_tls_loglevel = 1
+lmtp_tls_loglevel = $smtp_tls_loglevel
 [% END %]
 [% IF pmg.mail.tlsheader %]
 smtpd_tls_received_header = yes
@@ -120,6 +125,7 @@ smtpd_tls_received_header = yes
 
 smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
 smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
+lmtp_tls_session_cache_database = btree:/var/lib/postfix/lmtp_tls_session_cache
 
 [% IF pmg.mail.hide_received %]
 unverified_recipient_reject_reason = Recipient address lookup failed