SASL Auth: force ssl/tls connections.
This commit is contained in:
@ -833,15 +833,31 @@ if $IS_RELAY_HOST ; then
|
||||
cat <<EOF >> /etc/postfix/main.cf
|
||||
|
||||
#======= SASL Authentification ============
|
||||
|
||||
# Enable SASL authentication
|
||||
smtpd_sasl_auth_enable = $SASL_AUTH_ENABLED
|
||||
|
||||
# Only offer SMTP AUTH when talking over an encrypted connection
|
||||
smtpd_tls_auth_only = yes
|
||||
|
||||
smtpd_sasl_type = cyrus
|
||||
smtpd_sasl_path = smtpd
|
||||
|
||||
# Disallow methods that allow anonymous authentication.
|
||||
smtpd_sasl_security_options = noanonymous
|
||||
smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options
|
||||
smtpd_sasl_authenticated_header = yes
|
||||
broken_sasl_auth_clients = yes
|
||||
|
||||
# Report the SASL authenticated user name in the smtpd(8) Received message header.
|
||||
smtpd_sasl_authenticated_header = yes
|
||||
|
||||
# Enable interoperability with remote SMTP clients that implement an obsolete version
|
||||
# of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook
|
||||
# Express version 4 and MicroSoft Exchange version 5.0.
|
||||
#
|
||||
# Specify "broken_sasl_auth_clients = yes" to have Postfix advertise AUTH support
|
||||
# in a non-standard way.
|
||||
#
|
||||
broken_sasl_auth_clients = yes
|
||||
|
||||
## - Optional lookup table with the SASL login names that own
|
||||
## - sender (MAIL FROM) addresses.
|
||||
@ -868,6 +884,10 @@ else
|
||||
## -
|
||||
smtpd_sasl_auth_enable = no
|
||||
|
||||
## - Only offer SMTP AUTH when talking over an encrypted connection
|
||||
## -
|
||||
smtpd_tls_auth_only = yes
|
||||
|
||||
## - The SASL plug-in type that the Postfix SMTP server should use for authentication.
|
||||
## - The available types are listed with the "postconf -a" command.
|
||||
## -
|
||||
@ -882,8 +902,20 @@ smtpd_sasl_type = dovecot
|
||||
## -
|
||||
smtpd_sasl_path = private/dovecot-auth
|
||||
|
||||
# Disallow methods that allow anonymous authentication.
|
||||
smtpd_sasl_security_options = noanonymous
|
||||
smtpd_sasl_authenticated_header = yes
|
||||
smtpd_sasl_tls_security_options = \$smtpd_sasl_security_options
|
||||
|
||||
# Report the SASL authenticated user name in the smtpd(8) Received message header.
|
||||
smtpd_sasl_authenticated_header = no
|
||||
|
||||
# Enable interoperability with remote SMTP clients that implement an obsolete version
|
||||
# of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook
|
||||
# Express version 4 and MicroSoft Exchange version 5.0.
|
||||
#
|
||||
# Specify "broken_sasl_auth_clients = yes" to have Postfix advertise AUTH support
|
||||
# in a non-standard way.
|
||||
#
|
||||
broken_sasl_auth_clients = yes
|
||||
|
||||
|
||||
|
Reference in New Issue
Block a user