dovecot: also generate DANE reocrds for non-encrypted protocols

arodier · arodier · commit 01c8176460a1 · 2024-03-24T09:48:56.000Z
- Generate imap and pop3 DANE records, on ports 143 and 110 resp.

To update your server, run the following playbook:

---
ROLE=dovecot apb -i ../config/hosts.yml -v -t facts,scripts install.yml
---
diff --git a/roles/dovecot/files/scripts/renew-cert-imap.sh b/roles/dovecot/files/scripts/renew-cert-imap.sh
@@ -49,6 +49,7 @@ if [ $server_until_epoch -lt $file_until_epoch ]; then
         echo "Not live"
     elif [ "$action" = "activate" ]; then
         /usr/local/sbin/dane-set-record imap 993
+        /usr/local/sbin/dane-set-record imap 143
         systemctl restart dovecot
     fi
 elif [ "$action" = "status" ]; then
diff --git a/roles/dovecot/files/scripts/renew-cert-pop3.sh b/roles/dovecot/files/scripts/renew-cert-pop3.sh
@@ -48,6 +48,7 @@ if [ $server_until_epoch -lt $file_until_epoch ]; then
     if [ "$action" = "status" ]; then
         echo "Not live"
     elif [ "$action" = "activate" ]; then
+        /usr/local/sbin/dane-set-record pop3 110
         /usr/local/sbin/dane-set-record pop3 995
         systemctl restart dovecot
     fi
