commit b52f42d821b47b5a2ecd0a9c6585d3f56af73138
from: gonzalo <gonzalo@gonzalo>
date: Sat May 22 21:57:22 2021 UTC

sync to 6.9, added example SNI and warning about sendscore

commit - 4cf4a4ec9cd22b6ec04bef6b448b1ea481da88b8
commit + b52f42d821b47b5a2ecd0a9c6585d3f56af73138
blob - d356ab86ddb5077ca56563ddd62e87a77692ffb7
blob + 1f3b07432dc3ba4a237e543b4b2f50fb1e8c1d8e
--- README.md
+++ README.md
@@ -1,7 +1,7 @@
 Ansible role for a Mailserver
 =============================
 
-Ansible role to create a Mailserver on OpenBSD (>=6.8 & -current) with OpenSMTPD, Dovecot and Rspamd.
+Ansible role to create a Mailserver on OpenBSD (>=6.9 & -current) with OpenSMTPD, Dovecot and Rspamd.
 
 Requirements
 ------------
@@ -83,7 +83,7 @@ $ cat mailserver.yml
    domain: 'foobar.com'
    mail_dir: '/var/vmail'
    mail_user: 'gonzalo'
-   release: '6.8'
+   release: '6.9'
    arch: 'amd64'
    installurl_mirror: 'https://fastly.cdn.openbsd.org/pub/OpenBSD/'
    pkg_path: 'https://fastly.cdn.openbsd.org/pub/OpenBSD/{{ release }}/packages/{{ arch }}/'
@@ -113,10 +113,10 @@ Example Playbook
    domain: 'foobar.com'
    mail_dir: '/var/vmail'
    mail_user: 'gonzalo'
-   release: '6.8'
+   release: '6.9'
    arch: 'amd64'
    installurl_mirror: 'https://fastly.cdn.openbsd.org/pub/OpenBSD/'
-   pkg_path: 'https://fastly.cdn.openbsd.org/pub/OpenBSD/{{ release }}/packages/{{ arch }}/'
+   pkg_path: 'https://cdn.openbsd.org/pub/OpenBSD/{{ release }}/packages/{{ arch }}/'
    packages_list:
     - dovecot
     - dovecot-pigeonhole
blob - a4e77353efc0b059688fa8ceccd01f0efcae4c52
blob + 0d47812ad9ae1ebe684d0c8729aaf38c02519535
--- meta/main.yml
+++ meta/main.yml
@@ -19,14 +19,8 @@ galaxy_info:
   platforms:
   - name: OpenBSD
     versions:
+     - 6.9
      - 6.8
      - 6.7
      - 6.6
-     - 6.5
-     - 6.4
-     - 6.3
-     - 6.2
-     - 6.1
-     - 6.0
-     - 5.9
 dependencies: []
blob - dc03cb0a030e474b2438ec3e43833108a8c6ae03
blob + 674bca47a977ad6fad06d03a0827d200ac1cab38
--- templates/smtpd.conf.j2
+++ templates/smtpd.conf.j2
@@ -2,6 +2,10 @@
 pki {{ domain }} cert		"/etc/ssl/{{ domain }}_fullchain.pem"
 pki {{ domain }} key		"/etc/ssl/private/{{ domain }}_private.pem"
 
+## Since >=6.9 SNI is possible
+#pki another-domain.org cert	"/etc/ssl/another-domain.org_fullchain.pem"
+#pki another-domain.org key	"/etc/ssl/private/another-domain.org_private.pem"
+
 ## Filters
 filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } \
 	disconnect "550 no residential connections"
@@ -12,6 +16,9 @@ filter check_rdns phase connect match !rdns \
 filter check_fcrdns phase connect match !fcrdns \
 	disconnect "550 no FCrDNS"
 
+## You can use this, but I suggest to have a close eye
+## to it for a couple busy days, could give a lot of
+## false positive cases
 #filter senderscore \
 #	proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor 5000"