Added SMTP Authentication page

postfix/CHANGELOG

@@ -39,3 +39,5 @@ Postfix configuration parameters are read from main.cf directly, instead of call
 ---- Changes since 1.340 ----
 Added Module Config options for stop, start and reload commands.
 Allow map files are now checked when listing and editing virtusers and other map types.
+---- Changes since 1.350 ----
+Added the new SMTP Authentication page for setting SASL-related options.

postfix/acl_security.pl

@@ -2,7 +2,7 @@
 require 'postfix-lib.pl';
 @acl_pages = ("resource", "address_rewriting", "aliases", "general",
 	      "canonical", "virtual", "transport", "relocated", "header","body",
-	      "local_delivery", "smtpd", "smtp", "rate", "debug", "ldap",
+	      "local_delivery", "smtpd", "sasl","smtp", "rate", "debug", "ldap",
 	      "master", "startstop", "mailq", "postfinger", "manual");
 
 # Print the form for security options of postfix module

postfix/defaultacl

@@ -27,3 +27,4 @@ body=1
 master=1
 manual=1
 dir=/
+sasl=1

postfix/index.cgi

@@ -96,7 +96,7 @@ if ($config{'index_check'} && ($err = &check_postfix())) {
 
 @onames =  ( "general", "address_rewriting", "aliases", "canonical", "virtual", "transport", "relocated", "header", "body",
 	     "local_delivery", "resource",
-	     "smtpd", "smtp",
+	     "smtpd", "smtp", "sasl",
 	     "rate", "debug", $postfix_version > 2 ? ( ) : ( "ldap" ),
 	     "master", "mailq", "postfinger", "boxes", "manual" );
 

postfix/lang/en

@@ -418,6 +418,7 @@ acl_relocated=Can edit relocated?
 acl_header=Can edit header checks?
 acl_local_delivery=Can edit local delivery?
 acl_smtpd=Can edit smtpd?
+acl_sasl=Can edit SMTP authentication?
 acl_smtp=Can edit smtp?
 acl_rate=Can edit rate?
 acl_debug=Can edit debug?
@@ -752,3 +753,17 @@ log_stop=Stopped Postfix server
 log_start=Started Postfix server
 log_delqs=Deleted $1 messages from mail queue
 log_flushq=Flushed mail queue
+
+sasl_title=SMTP Authentication
+opts_smtpd_sasl_auth_enable=Enable SASL SMTP authentication?
+opts_broken_sasl_auth_clients=Handle non-compliant SMTP clients?
+sasl_opts=SMTP security options
+sasl_noanonymous=Reject anonymous logins
+sasl_noplaintext=Reject plain-text logins
+opts_smtpd_delay_reject=Delay clients with failed logins?
+sasl_recip=SMTP relaying restrictions
+sasl_permit_mynetworks=Allow connections from same network
+sasl_permit_sasl_authenticated=Allow authenticated clients
+sasl_reject_unauth_destination=Reject email to other domains
+sasl_permit_inet_interfaces=Allow connections from this system
+sasl_reject_unknown_reverse_client_hostname=Reject clients with no reverse hostname

postfix/sasl.cgi

@@ -0,0 +1,61 @@
+#!/usr/local/bin/perl
+# Show SMTP authentication related paramters
+
+require './postfix-lib.pl';
+
+$access{'sasl'} || &error($text{'sasl_ecannot'});
+&ui_print_header(undef, $text{'sasl_title'}, "");
+
+$default = $text{'opts_default'};
+$none = $text{'opts_none'};
+$no_ = $text{'opts_no'};
+
+print "<form action=save_sasl.cgi>\n";
+print "<table border width=100%>\n";
+print "<tr $tb> <td><b>$text{'sasl_title'}</b></td></tr>\n";
+print "<tr $cb> <td><table width=100%>\n";
+
+# Enabled, accept broken clients
+print "<tr>\n";
+&option_yesno("smtpd_sasl_auth_enable");
+&option_yesno("broken_sasl_auth_clients");
+print "</tr>\n";
+
+# Anonymous and plain-text options
+print "<tr>\n";
+%opts = map { $_, 1 }
+	    split(/[\s,]+/, &get_current_value("smtpd_sasl_security_options"));
+print "<td valign=top>","<b>$text{'sasl_opts'}</b>",
+      "</td> <td colspan=3 nowrap>\n";
+foreach $o ("noanonymous", "noplaintext") {
+	print &ui_checkbox("sasl_opts", $o, $text{'sasl_'.$o}, $opts{$o}),
+	      "<br>\n";
+	}
+print "</td> </tr>\n";
+
+# SASL-related relay restrictions
+%recip = map { $_, 1 }
+	    split(/[\s,]+/, &get_current_value("smtpd_recipient_restrictions"));
+print "<td valign=top>","<b>$text{'sasl_recip'}</b>",
+      "</td> <td colspan=3 nowrap>\n";
+foreach $o ("permit_mynetworks",
+	    "permit_inet_interfaces",
+	    "reject_unknown_reverse_client_hostname",
+	    "permit_sasl_authenticated",
+	    "reject_unauth_destination") {
+	print &ui_checkbox("sasl_recip", $o, $text{'sasl_'.$o}, $recip{$o}),
+	      "<br>\n";
+	}
+print "</td> </tr>\n";
+
+# Delay bad logins
+print "<tr>\n";
+&option_yesno("smtpd_delay_reject");
+print "</tr>\n";
+
+#smtpd_recipient_restrictions
+
+print "</table></td></tr></table><p>\n";
+print "<input type=submit value=\"$text{'opts_save'}\"></form>\n";
+
+&ui_print_footer("", $text{'index_return'});

postfix/save_sasl.cgi

@@ -0,0 +1,44 @@
+#!/usr/local/bin/perl
+# Save SMTP authentication options
+
+require './postfix-lib.pl';
+
+&ReadParse();
+
+$access{'sasl'} || &error($text{'opts_ecannot'});
+
+&error_setup($text{'sasl_err'});
+
+&lock_postfix_files();
+&save_options(\%in);
+
+# Save security options
+@opts = split(/\0/, $in{'sasl_opts'});
+&set_current_value("smtpd_sasl_security_options", join(" ", @opts));
+
+# Save relay options that we care about
+@recip = split(/[\s,]+/, &get_current_value("smtpd_recipient_restrictions"));
+%newrecip = map { $_, 1 } split(/\0/, $in{'sasl_recip'});
+foreach $o ("permit_mynetworks",
+	    "permit_inet_interfaces",
+	    "reject_unknown_reverse_client_hostname",
+	    "permit_sasl_authenticated",
+	    "reject_unauth_destination") {
+	if ($newrecip{$o}) {
+		push(@recip, $o);
+		}
+	else {
+		@recip = grep { $_ ne $o } @recip;
+		}
+	}
+&set_current_value("smtpd_recipient_restrictions", join(" ", &unique(@recip)));
+
+&unlock_postfix_files();
+
+&reload_postfix();
+
+&webmin_log("sasl");
+&redirect("");
+
+
+