mail/postfix: allow tls wrapper mode (#1069)

mail/postfix/Makefile

@@ -1,5 +1,5 @@
 PLUGIN_NAME=		postfix
-PLUGIN_VERSION=		1.7
+PLUGIN_VERSION=		1.8
 PLUGIN_COMMENT=		SMTP mail relay
 PLUGIN_DEPENDS=		postfix-sasl
 PLUGIN_MAINTAINER=	m.muenz@gmail.com

mail/postfix/pkg-descr

@@ -6,11 +6,45 @@ is completely different.
 Plugin Changelog
 ================
 
+1.8
+
+* Add TLS Wrapper to support SMTPS
+
 1.7
 
 * Add Address Rewriting, allows to rewrite e.g. @example.com to @example.net.
 * Add Sender BCC and Recipient BCC.
 * Allow Domain Masquerading when using internal domain names.
 
+1.6
+
+* Fixed typos
+* Adds Listen Port field
+
+1.5
+
+* Allow empty destination in transport
+
+1.4
+
+* Allow enforced receipient check
+
+1.3
+
+* Allow more options in Senders and Recipients setting
+
+1.2
+
+* Updated relay_host validation
+
+1.1
+
+* Add smart host field
+* Add SMTP authentication
+
+1.0 
+
+* Initial release
+
 
 WWW: http://www.postfix.org/

mail/postfix/src/opnsense/mvc/app/controllers/OPNsense/Postfix/forms/general.xml

@@ -89,6 +89,12 @@
         <type>checkbox</type>
         <help>This will disable known weak ciphers like DES, RC4 or MD5.</help>
     </field>
+    <field>
+        <id>general.tlswrappermode</id>
+        <label>TLS Wrapper Mode</label>
+        <type>checkbox</type>
+        <help>If enabled it allows you to use SMTPS.</help>
+    </field>
     <field>
         <id>general.certificate</id>
         <label>Server Certificate</label>

mail/postfix/src/opnsense/mvc/app/models/OPNsense/Postfix/General.xml

@@ -1,7 +1,7 @@
 <model>
     <mount>//OPNsense/postfix/general</mount>
     <description>Postfix configuration</description>
-    <version>1.2.2</version>
+    <version>1.2.3</version>
     <items>
         <enabled type="BooleanField">
             <default>0</default>
@@ -60,6 +60,10 @@
             <default>1</default>
             <Required>Y</Required>
         </disable_weak_ciphers>
+        <tlswrappermode type="BooleanField">
+            <default>0</default>
+            <Required>Y</Required>
+        </tlswrappermode>
         <certificate type="CertificateField">
             <Type>cert</Type>
             <Required>N</Required>

mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/main.cf

@@ -89,6 +89,9 @@ smtp_tls_protocols=!SSLv2,!SSLv3
 {% if helpers.exists('OPNsense.postfix.general.disable_weak_ciphers') and OPNsense.postfix.general.disable_weak_ciphers == '1' %}
 smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
 {% endif %}
+{% if helpers.exists('OPNsense.postfix.general.tlswrappermode') and OPNsense.postfix.general.tlswrappermode == '1' %}
+smtpd_tls_wrappermode = yes
+{% endif %}
 {% if helpers.exists('OPNsense.postfix.general.smtpclient_security') and OPNsense.postfix.general.smtpclient_security != '' %}
 smtp_tls_security_level = {{ OPNsense.postfix.general.smtpclient_security }}
 {% endif %}