diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2020-10-09 17:17:13 +0200 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2020-10-09 19:37:10 +0200 |
| commit | dd1695e997f9daffce4d850fa4d94f68cda7f0c3 (patch) | |
| tree | c989d9e533087dc3b6e102bc8b3e981a0197c8d7 | |
| parent | 7ecea20a695e0d4cd88ec2c778fe1afeed74c69e (diff) | |
handle inbound SASL as part of submission
| -rwxr-xr-x | postfix/postfix.sh | 44 |
1 files changed, 26 insertions, 18 deletions
diff --git a/postfix/postfix.sh b/postfix/postfix.sh index 1c8c726..d67ccef 100755 --- a/postfix/postfix.sh +++ b/postfix/postfix.sh @@ -66,11 +66,12 @@ else fi # TODO: enable only on systems with user accounts submission=1 -sasl= -if [ -n "$tls_cert" ] && [ -n "$dovecot" ]; then - sasl=1 +# TODO: check that dovecot SASL is configured +sasl_inbound= +if [ -n "$tls_cert" ] && [ -n "$dovecot" ] && [ -n "$submission" ]; then + sasl_inbound=1 else - warn "No SASL authentication - requires TLS encryption and Dovecot." + warn "No inbound SASL authentication - requires TLS encryption and Dovecot." fi amavis= default_amavis_maxproc=2 @@ -275,17 +276,6 @@ if [ -n "$tls_cert" ]; then _postconf -e 'smtpd_tls_loglevel = 1' _postconf -e 'smtpd_tls_auth_only = yes' _postconf -e 'smtpd_tls_received_header = yes' - if [ -n "$sasl" ]; then - _postconf -e smtpd_sasl_local_domain='$mydomain' - _postconf -e smtpd_sasl_type=dovecot - _postconf -e smtpd_sasl_path=private/auth - _postconf -e broken_sasl_auth_clients=yes - else - _postconf -X smtpd_sasl_local_domain - _postconf -X smtpd_sasl_type - _postconf -X smtpd_sasl_path - _postconf -X broken_sasl_auth_clients - fi else _postconf -e smtpd_tls_security_level=none _postconf -X smtpd_tls_cert_file @@ -305,8 +295,6 @@ _postconf -X smtp_tls_CApath _postconf -X lmtp_tls_CApath _postconf -X smtp_tls_CAfile _postconf -X lmtp_tls_CAfile -_postconf -X smtpd_sasl_auth_enable -_postconf -X smtpd_sasl_security_options _postconf -X smtpd_tls_ask_ccert _postconf -X smtp_tls_note_starttls_offer _postconf -X smtpd_tls_session_cache_database @@ -317,16 +305,36 @@ _postconf -X tls_random_source # submission # <http://www.postfix.org/SASL_README.html> +# <https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/#using-sasl-with-postfix-submission-port> if [ -n "$submission" ]; then _postconf -Me submission/inet=' submission inet n - y - - smtpd -o syslog_name=postfix/$service_name -o smtpd_tls_security_level=encrypt - -o smtpd_sasl_auth_enable=yes ' + if [ -n "$sasl_inbound" ]; then + _postconf -Me submission/inet/smtpd_sasl_auth_enable=yes + else + _postconf -MX submission/inet/smtpd_sasl_auth_enable + fi else _postconf -MX submission/inet fi +if [ -n "$sasl_inbound" ]; then + _postconf -e smtpd_sasl_local_domain='$mydomain' + _postconf -e smtpd_sasl_type=dovecot + _postconf -e smtpd_sasl_path=private/auth + _postconf -e broken_sasl_auth_clients=yes +else + _postconf -X smtpd_sasl_local_domain + _postconf -X smtpd_sasl_type + _postconf -X smtpd_sasl_path + _postconf -X broken_sasl_auth_clients +fi + +# obsolete SASL-related settings +_postconf -X smtpd_sasl_auth_enable +_postconf -X smtpd_sasl_security_options if [ -n "$amavis" ]; then _postconf -e 'max_use = 10' # Avoid too much reuse |