Support for new Postfix SASL option

postfix/CHANGELOG

@@ -64,3 +64,5 @@ Autoreply messages containing non-ASCII characters are now properly quoted-print
 Added a module config option to control if the user is prompted for confirmation before deleting queued messages.
 ---- Changes since 1.450 ----
 Changed the mail queue date format to yyyy/mm/dd, for easier sorting.
+---- Changes since 1.490 ----
+Added support for the Postfix 2.3 smtpd_tls_security_level option.

postfix/lang/en

@@ -796,6 +796,9 @@ sasl_err=Failed to save SMTP authentication and encryption
 sasl_ecert=Missing or invalid TLS certificate file
 sasl_ekey=Missing or invalid TLS key file
 sasl_eca=Missing or invalid TLS certificate authority file
+sasl_level_none=Never
+sasl_level_may=If requested by client
+sasl_level_encrypt=Always
 
 client_title=SMTP Client Restrictions
 client_ecannot=You are not allowed to edit SMTP client restrictions

postfix/sasl.cgi

@@ -43,7 +43,18 @@ print &ui_table_row($text{'sasl_recip'}, join("<br>\n", @cbs), 3);
 print &ui_table_hr();
 
 # SMTP TLS options
-&option_yesno("smtpd_use_tls");
+if ($postfix_version >= 2.3) {
+	$level = &get_current_value("smtpd_tls_security_level");
+	print &ui_table_row($text{'opts_smtpd_use_tls'},
+		&ui_select("smtpd_tls_security_level", $level, 
+			   [ [ "", $text{'default'} ],
+			     [ "none", $text{'sasl_level_none'} ],
+			     [ "may", $text{'sasl_level_may'} ],
+			     [ "encrypt", $text{'sasl_level_encrypt'} ] ]));
+	}
+else {
+	&option_yesno("smtpd_use_tls");
+	}
 
 &option_radios_freefield("smtpd_tls_cert_file", 60, $none);
 

postfix/save_sasl.cgi

@@ -40,6 +40,12 @@ foreach $o (&list_smtpd_restrictions()) {
 	}
 &set_current_value("smtpd_recipient_restrictions", join(" ", &unique(@recip)));
 
+# Save SSL options
+if ($postfix_version >= 2.3) {
+	&set_current_value("smtpd_tls_security_level",
+			   $in{'smtpd_tls_security_level'});
+	}
+
 &unlock_postfix_files();
 
 &reload_postfix();