add support for multiple directives, including TLS
also SMTP TLS client auth does not require all the sasl options
diff --git a/manifests/server.pp b/manifests/server.pp
index 981229d..de069cb 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -60,6 +60,7 @@
$ssl = false,
$smtpd_tls_key_file = undef,
$smtpd_tls_cert_file = undef,
+ $smtpd_tls_CAfile = undef,
$smtpd_sasl_auth = false,
$smtpd_sasl_type = 'dovecot',
$smtpd_sasl_path = 'private/auth',
@@ -69,7 +70,13 @@
$smtp_tls_CAfile = undef,
$smtp_tls_CApath = undef,
$smtp_tls_security_level = undef,
+ $smtp_tls_secure_cert_match = undef,
+ $smtp_tls_note_starttls_offer = false,
+ $smtp_tls_mandatory_ciphers = undef,
+ $smtpd_tls_ask_ccert = false,
+ $tls_append_default_CA = false,
$smtp_sasl_tls = false,
+ $smtp_use_tls = false,
$canonical_maps = false,
$sender_canonical_maps = false,
$relocated_maps = false,
diff --git a/templates/main.cf-el5.erb b/templates/main.cf-el5.erb
index 7ce89ed..a70e6f5 100644
--- a/templates/main.cf-el5.erb
+++ b/templates/main.cf-el5.erb
@@ -731,10 +731,13 @@
smtpd_tls_key_file = /etc/pki/tls/private/<%= @ssl %>.key
<% end -%>
<% if @smtpd_tls_cert_file -%>
-smtpd_tls_cert_file = <%= @smtpd_tls_cert_file -%>
+smtpd_tls_cert_file = <%= @smtpd_tls_cert_file %>
<% else -%>
smtpd_tls_cert_file = /etc/pki/tls/certs/<%= @ssl %>.crt
<% end -%>
+<% if @smtpd_tls_CAfile -%>
+smtpd_tls_CAfile = <%= @smtpd_tls_CAfile %>
+<% end -%>
<% end -%>
<% if @smtpd_sasl_auth -%>
@@ -747,8 +750,14 @@
<% if @smtp_sasl_auth -%>
# Client auth against SMTP gateway
smtp_sasl_auth_enable = yes
+<% if @smtp_sasl_password_maps -%>
smtp_sasl_password_maps = <%= @smtp_sasl_password_maps %>
+<% end -%>
+<% if @smtp_sasl_security_options -%>
smtp_sasl_security_options = <%= @smtp_sasl_security_options %>
+<% end -%>
+
+<% end -%>
<% if @smtp_tls_CAfile -%>
smtp_tls_CAfile = <%= @smtp_tls_CAfile %>
<% end -%>
@@ -758,11 +767,20 @@
<% if @smtp_tls_security_level -%>
smtp_tls_security_level = <%= @smtp_tls_security_level %>
<% end -%>
-<% if @smtp_sasl_tls -%>
+
+<% if @smtp_sasl_tls or @smtp_use_tls -%>
smtp_use_tls = yes
<% end -%>
-
+<% if @smtp_tls_secure_cert_match -%>
+smtp_tls_secure_cert_match = <%= @smtp_tls_secure_cert_match %>
<% end -%>
+<% if @smtp_tls_note_starttls_offer -%>
+smtp_tls_note_starttls_offer = yes
+<% end -%>
+<% if @smtp_tls_mandatory_ciphers -%>
+smtp_tls_mandatory_ciphers = <%= @smtp_tls_mandatory_ciphers %>
+<% end -%>
+
<% if @mail_name -%>
# Change the mail daemon name
mail_name = <%= @mail_name %>
@@ -852,11 +870,21 @@
<% end -%>
<% end -%>
+<% if @smtpd_delay_reject -%>
+smtpd_delay_reject = <%= @smtpd_delay_reject %>
+<% end -%>
+<% if !@smtpd_client_restrictions.empty? or @postgrey -%>
+smtpd_client_restrictions =
+<% @smtpd_client_restrictions.each do |line| -%>
+ <%= line %>,
+<% end -%>
+<% end -%>
<% if !@smtpd_recipient_restrictions.empty? or @postgrey -%>
smtpd_recipient_restrictions =
<% @smtpd_recipient_restrictions.each do |line| -%>
<%= line %>,
<% end -%>
+<% end -%>
<% if @postgrey -%>
<% if @postgrey_policy_service -%>
check_policy_service <%= @postgrey_policy_service %>,
@@ -865,7 +893,6 @@
<% end -%>
<% end -%>
-<% end -%>
<% if !@smtpd_data_restrictions.empty? -%>
smtpd_data_restrictions =
<% @smtpd_data_restrictions.each do |line| -%>
diff --git a/templates/main.cf.erb b/templates/main.cf.erb
index 174c56d..a1426ff 100644
--- a/templates/main.cf.erb
+++ b/templates/main.cf.erb
@@ -740,10 +740,19 @@
smtpd_tls_key_file = /etc/pki/tls/private/<%= @ssl %>.key
<% end -%>
<% if @smtpd_tls_cert_file -%>
-smtpd_tls_cert_file = <%= @smtpd_tls_cert_file -%>
+smtpd_tls_cert_file = <%= @smtpd_tls_cert_file %>
<% else -%>
smtpd_tls_cert_file = /etc/pki/tls/certs/<%= @ssl %>.crt
<% end -%>
+<% if @smtpd_tls_CAfile -%>
+smtpd_tls_CAfile = <%= @smtpd_tls_CAfile %>
+<% end -%>
+<% if @smtpd_tls_ask_ccert -%>
+smtpd_tls_ask_ccert = yes
+<% end -%>
+<% if @tls_append_default_CA -%>
+tls_append_default_CA = yes
+<% end -%>
<% end -%>
<% if @smtpd_sasl_auth -%>
@@ -756,8 +765,14 @@
<% if @smtp_sasl_auth -%>
# Client auth against SMTP gateway
smtp_sasl_auth_enable = yes
+<% if @smtp_sasl_password_maps -%>
smtp_sasl_password_maps = <%= @smtp_sasl_password_maps %>
+<% end -%>
+<% if @smtp_sasl_security_options -%>
smtp_sasl_security_options = <%= @smtp_sasl_security_options %>
+<% end -%>
+
+<% end -%>
<% if @smtp_tls_CAfile -%>
smtp_tls_CAfile = <%= @smtp_tls_CAfile %>
<% end -%>
@@ -767,11 +782,19 @@
<% if @smtp_tls_security_level -%>
smtp_tls_security_level = <%= @smtp_tls_security_level %>
<% end -%>
-<% if @smtp_sasl_tls -%>
+<% if @smtp_sasl_tls or @smtp_use_tls -%>
smtp_use_tls = yes
<% end -%>
-
+<% if @smtp_tls_secure_cert_match -%>
+smtp_tls_secure_cert_match = <%= @smtp_tls_secure_cert_match %>
<% end -%>
+<% if @smtp_tls_note_starttls_offer -%>
+smtp_tls_note_starttls_offer = yes
+<% end -%>
+<% if @smtp_tls_mandatory_ciphers -%>
+smtp_tls_mandatory_ciphers = <%= @smtp_tls_mandatory_ciphers %>
+<% end -%>
+
<% if @mail_name -%>
# Change the mail daemon name
mail_name = <%= @mail_name %>
@@ -861,11 +884,22 @@
<% end -%>
<% end -%>
+
+<% if @smtpd_delay_reject -%>
+smtpd_delay_reject = <%= @smtpd_delay_reject %>
+<% end -%>
+<% if !@smtpd_client_restrictions.empty? or @postgrey -%>
+smtpd_client_restrictions =
+<% @smtpd_client_restrictions.each do |line| -%>
+ <%= line %>,
+<% end -%>
+<% end -%>
<% if !@smtpd_recipient_restrictions.empty? or @postgrey -%>
smtpd_recipient_restrictions =
<% @smtpd_recipient_restrictions.each do |line| -%>
<%= line %>,
<% end -%>
+<% end -%>
<% if @postgrey -%>
<% if @postgrey_policy_service -%>
check_policy_service <%= @postgrey_policy_service %>,
@@ -874,7 +908,6 @@
<% end -%>
<% end -%>
-<% end -%>
<% if !@smtpd_data_restrictions.empty? -%>
smtpd_data_restrictions =
<% @smtpd_data_restrictions.each do |line| -%>
@@ -887,8 +920,8 @@
<% @smtpd_end_of_data_restrictions.each do |line| -%>
<%= line %>,
<% end -%>
-
<% end -%>
+
body_checks = regexp:<%= @config_directory %>/body_checks
<% if @canonical_maps -%>