Add more choices for smtpd_sasl_security_options

2026-02-03 14:13:29 +00:00 · 2024-05-22 14:30:19 -07:00
parent 40c1c30ae2
commit 61f631c1f7
2 changed files with 5 additions and 1 deletions
--- a/postfix/lang/en
+++ b/postfix/lang/en
@@ -833,6 +833,10 @@ opts_broken_sasl_auth_clients=Handle non-compliant SMTP clients?
 sasl_opts=SMTP security options
 sasl_noanonymous=Reject anonymous logins
 sasl_noplaintext=Reject plain-text logins
+sasl_noactive=Reject Disallow subject to active (non-dictionary) attack
+sasl_nodictionary=Reject methods subject to passive (dictionary) attack
+sasl_forward_secrecy=Only allow methods that support forward secrecy
+sasl_mutual_auth=Only allow methods that provide mutual authentication
 opts_smtpd_delay_reject=Delay clients with failed logins?
 sasl_recip=SMTP recipient restrictions
 sasl_relay=SMTP relay restrictions
--- a/postfix/sasl.cgi
+++ b/postfix/sasl.cgi
@@ -23,7 +23,7 @@ print &ui_table_start($text{'sasl_title'}, "width=100%", 2);
 %opts = map { $_, 1 }
 	    split(/[\s,]+/, &get_current_value("smtpd_sasl_security_options"));
@cbs = ( );
-foreach $o ("noanonymous", "noplaintext") {
+foreach $o ("noanonymous", "noplaintext", "noactive", "nodictionary", "forward_secrecy") {
 	push(@cbs, &ui_checkbox("sasl_opts", $o, $text{'sasl_'.$o}, $opts{$o}));
 	}
 print &ui_table_row($text{'sasl_opts'}, join("<br>\n", @cbs), 3);