From 24088dfe9b87e27e0c2023a0755cf5927e02c76e Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 21 Jul 2022 16:42:22 -0700
Subject: [PATCH] postfix: put CA file back, needed to verify other certs

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/base/files/postfix/main.cf/main.cf.gateway | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/base/files/postfix/main.cf/main.cf.gateway b/roles/base/files/postfix/main.cf/main.cf.gateway
index be4aaa547a..d5a30bb840 100644
--- a/roles/base/files/postfix/main.cf/main.cf.gateway
+++ b/roles/base/files/postfix/main.cf/main.cf.gateway
@@ -722,6 +722,7 @@ smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtpd_tls_mandatory_ciphers = high
 smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5, RC4
 smtpd_tls_loglevel = 1
+smtpd_tls_CAfile  =   /etc/pki/tls/certs/ca-bundle.crt
 smtpd_tls_chain_files = /etc/pki/tls/private/gateway-chain.pem
 smtpd_tls_session_cache_timeout = 3600s
 smtpd_tls_session_cache_database        = btree:${queue_directory}/smtpd_scache
@@ -739,6 +740,7 @@ smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
 smtp_tls_mandatory_ciphers = high
 smtp_tls_mandatory_exclude_ciphers= aNULL, MD5, RC4
 smtp_tls_loglevel = 1
+smtp_tls_CAfile  =   /etc/pki/tls/certs/ca-bundle.crt
 smtp_tls_chain_files = /etc/pki/tls/private/gateway-chain.pem
 smtp_tls_security_level = may
 smtp_tls_connection_reuse = no