From 2d8a15bac2280bcf5302d91c055a1a2e94b5cdcf Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Tue, 3 Nov 2009 15:27:13 -0800
Subject: [PATCH] Support for new Postfix SASL option

---
 postfix/CHANGELOG     |  2 ++
 postfix/lang/en       |  3 +++
 postfix/sasl.cgi      | 13 ++++++++++++-
 postfix/save_sasl.cgi |  6 ++++++
 4 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/postfix/CHANGELOG b/postfix/CHANGELOG
index 0d42d9b56..8e2612cf0 100644
--- a/postfix/CHANGELOG
+++ b/postfix/CHANGELOG
@@ -64,3 +64,5 @@ Autoreply messages containing non-ASCII characters are now properly quoted-print
 Added a module config option to control if the user is prompted for confirmation before deleting queued messages.
 ---- Changes since 1.450 ----
 Changed the mail queue date format to yyyy/mm/dd, for easier sorting.
+---- Changes since 1.490 ----
+Added support for the Postfix 2.3 smtpd_tls_security_level option.
diff --git a/postfix/lang/en b/postfix/lang/en
index 222591bf3..b727b638c 100644
--- a/postfix/lang/en
+++ b/postfix/lang/en
@@ -796,6 +796,9 @@ sasl_err=Failed to save SMTP authentication and encryption
 sasl_ecert=Missing or invalid TLS certificate file
 sasl_ekey=Missing or invalid TLS key file
 sasl_eca=Missing or invalid TLS certificate authority file
+sasl_level_none=Never
+sasl_level_may=If requested by client
+sasl_level_encrypt=Always
 
 client_title=SMTP Client Restrictions
 client_ecannot=You are not allowed to edit SMTP client restrictions
diff --git a/postfix/sasl.cgi b/postfix/sasl.cgi
index ad069150b..4329f622f 100755
--- a/postfix/sasl.cgi
+++ b/postfix/sasl.cgi
@@ -43,7 +43,18 @@ print &ui_table_row($text{'sasl_recip'}, join("<br>\n", @cbs), 3);
 print &ui_table_hr();
 
 # SMTP TLS options
-&option_yesno("smtpd_use_tls");
+if ($postfix_version >= 2.3) {
+	$level = &get_current_value("smtpd_tls_security_level");
+	print &ui_table_row($text{'opts_smtpd_use_tls'},
+		&ui_select("smtpd_tls_security_level", $level, 
+			   [ [ "", $text{'default'} ],
+			     [ "none", $text{'sasl_level_none'} ],
+			     [ "may", $text{'sasl_level_may'} ],
+			     [ "encrypt", $text{'sasl_level_encrypt'} ] ]));
+	}
+else {
+	&option_yesno("smtpd_use_tls");
+	}
 
 &option_radios_freefield("smtpd_tls_cert_file", 60, $none);
 
diff --git a/postfix/save_sasl.cgi b/postfix/save_sasl.cgi
index 8353309f3..2464d3b59 100755
--- a/postfix/save_sasl.cgi
+++ b/postfix/save_sasl.cgi
@@ -40,6 +40,12 @@ foreach $o (&list_smtpd_restrictions()) {
 	}
 &set_current_value("smtpd_recipient_restrictions", join(" ", &unique(@recip)));
 
+# Save SSL options
+if ($postfix_version >= 2.3) {
+	&set_current_value("smtpd_tls_security_level",
+			   $in{'smtpd_tls_security_level'});
+	}
+
 &unlock_postfix_files();
 
 &reload_postfix();