From 44dcaf89d2c7f77a769bbbf9c0fe2723d9e8d79b Mon Sep 17 00:00:00 2001
From: Christoph Haas <email@christoph-haas.de>
Date: Sun, 4 Oct 2015 14:07:33 +0200
Subject: [PATCH] Restricting access to database mapping files that contain a
 password

---
 roles/ispmail-postfix/tasks/main.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/ispmail-postfix/tasks/main.yml b/roles/ispmail-postfix/tasks/main.yml
index 7e533be..2648ff9 100644
--- a/roles/ispmail-postfix/tasks/main.yml
+++ b/roles/ispmail-postfix/tasks/main.yml
@@ -19,4 +19,10 @@
 - name: tell Postfix to use the email-to-email mapping
   shell: postconf virtual_alias_maps=mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
 
+- name: Restricting access to database mapping files that contain a password
+  file: path=/etc/postfix/mysql-{{item}}.cf mode=0640
+  with_items:
+  - virtual-mailbox-domains
+  - virtual-mailbox-maps
+  - virtual-alias-maps