diff --git a/postfix/lang/en b/postfix/lang/en index 5ced54b63..80b9983f4 100644 --- a/postfix/lang/en +++ b/postfix/lang/en @@ -830,6 +830,7 @@ opts_smtpd_tls_cert_file=TLS certificate file opts_smtpd_tls_key_file=TLS private key file opts_smtpd_tls_CAfile=TLS certificate authority file opts_smtpd_use_tls=Enable TLS encryption? +opts_smtp_enforce_tls=Require TLS encryption? sasl_err=Failed to save SMTP authentication and encryption sasl_ecert=Missing or invalid TLS certificate file sasl_ekey=Missing or invalid TLS key file @@ -837,6 +838,11 @@ sasl_eca=Missing or invalid TLS certificate authority file sasl_level_none=Never sasl_level_may=If requested by client sasl_level_encrypt=Always +sasl_level_dane=Opportunistic DANE TLS +sasl_level_dane_only=Mandatory DANE TLS +sasl_level_fingerprint=Certificate fingerprint verification +sasl_level_verify=Mandatory TLS verification +sasl_level_secure=Secure-channel TLS sasl_login=SMTP login to outgoing mail host sasl_nologin=None needed sasl_userpass=Login as $1 with password $2 diff --git a/postfix/smtp.cgi b/postfix/smtp.cgi index 5e37f7d7d..b44b816a3 100755 --- a/postfix/smtp.cgi +++ b/postfix/smtp.cgi @@ -52,6 +52,26 @@ if (&compare_version_numbers($postfix_version, 2) <= 0) { &option_yesno("smtp_use_tls"); &option_freefield("smtp_sasl_security_options", 60); +# TLS enforcement options +if (&compare_version_numbers($postfix_version, 2.3) >= 0) { + $level = &get_current_value("smtp_tls_security_level"); + print &ui_table_row($text{'opts_smtp_use_tls'}, + &ui_select("smtp_tls_security_level", $level, + [ [ "", $text{'default'} ], + [ "none", $text{'sasl_level_none'} ], + [ "may", $text{'sasl_level_may'} ], + [ "encrypt", $text{'sasl_level_encrypt'} ], + [ "dane", $text{'sasl_level_dane'} ], + [ "dane-only", $text{'sasl_level_dane_only'} ], + [ "fingerprint", $text{'sasl_level_fingerprint'} ], + [ "verify", $text{'sasl_level_verify'} ], + [ "secure", $text{'sasl_level_secure'} ], + ])); + } +else { + &option_yesno("smtp_enforce_tls"); + } + print &ui_table_end(); print &ui_form_end([ [ undef, $text{'opts_save'} ] ]);