From 9fd323eb5f2cb785c7e515cf54a1a50871d892c1 Mon Sep 17 00:00:00 2001
From: Michael <m.muenz@gmail.com>
Date: Tue, 13 Mar 2018 14:54:03 +0100
Subject: [PATCH] mail/postfix: add smarthost and smtp authentication (#604)

---
 mail/postfix/Makefile                         |  2 +-
 .../OPNsense/Postfix/forms/general.xml        | 24 +++++++++++++++++++
 .../app/models/OPNsense/Postfix/General.xml   | 17 ++++++++++++-
 .../scripts/OPNsense/Postfix/setup.sh         |  1 +
 .../templates/OPNsense/Postfix/+TARGETS       |  1 +
 .../templates/OPNsense/Postfix/main.cf        | 10 ++++++++
 .../templates/OPNsense/Postfix/smtp_auth      |  9 +++++++
 7 files changed, 62 insertions(+), 2 deletions(-)
 create mode 100644 mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/smtp_auth

diff --git a/mail/postfix/Makefile b/mail/postfix/Makefile
index 59f8e173c..1fdb226dc 100644
--- a/mail/postfix/Makefile
+++ b/mail/postfix/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		postfix
-PLUGIN_VERSION=		1.0
+PLUGIN_VERSION=		1.1
 PLUGIN_COMMENT=		SMTP mail relay
 PLUGIN_DEPENDS=		postfix-sasl
 PLUGIN_MAINTAINER=	m.muenz@gmail.com
diff --git a/mail/postfix/src/opnsense/mvc/app/controllers/OPNsense/Postfix/forms/general.xml b/mail/postfix/src/opnsense/mvc/app/controllers/OPNsense/Postfix/forms/general.xml
index e6eb63bb6..1ce4b9480 100644
--- a/mail/postfix/src/opnsense/mvc/app/controllers/OPNsense/Postfix/forms/general.xml
+++ b/mail/postfix/src/opnsense/mvc/app/controllers/OPNsense/Postfix/forms/general.xml
@@ -79,6 +79,30 @@
         <type>dropdown</type>
         <help>Choose "none" to disable TLS for sending mail. Set encrypt to enforce TLS security, please do not use this for Internet wide communication as not every server supports TLS yet. Default is "may" which will use TLS when offered.</help>
     </field>
+    <field>
+        <id>general.relayhost</id>
+        <label>Smart Host</label>
+        <type>text</type>
+        <help>Set the IP address where all outgoung mail are sent to.</help>
+    </field>    
+    <field>
+        <id>general.smtpauth_enabled</id>
+        <label>Enable SMTP Authentication</label>
+        <type>checkbox</type>
+        <help>Check this to enable authentication against your Smarthost.</help>
+    </field>
+    <field>
+        <id>general.smtpauth_user</id>
+        <label>Authentication Username</label>
+        <type>text</type>
+        <help>The username to use for SMTP authentication.</help>
+    </field>
+    <field>
+        <id>general.smtpauth_password</id>
+        <label>Authentication Password</label>
+        <type>password</type>
+        <help>The password to use for SMTP authentication.</help>
+    </field>
     <field>
         <id>general.reject_unauth_pipelining</id>
         <label>Reject Unauthenticated Pipelining</label>
diff --git a/mail/postfix/src/opnsense/mvc/app/models/OPNsense/Postfix/General.xml b/mail/postfix/src/opnsense/mvc/app/models/OPNsense/Postfix/General.xml
index 865f8bf8e..ef3ec6dbd 100644
--- a/mail/postfix/src/opnsense/mvc/app/models/OPNsense/Postfix/General.xml
+++ b/mail/postfix/src/opnsense/mvc/app/models/OPNsense/Postfix/General.xml
@@ -1,7 +1,7 @@
 <model>
     <mount>//OPNsense/postfix/general</mount>
     <description>Postfix configuration</description>
-    <version>1.0.0</version>
+    <version>1.1.0</version>
     <items>
         <enabled type="BooleanField">
             <default>0</default>
@@ -60,6 +60,21 @@
                 <encrypt>encrypt</encrypt>
             </OptionValues>
         </smtpclient_security>
+        <relayhost type="HostnameField">
+            <Required>N</Required>
+        </relayhost>
+        <smtpauth_enabled type="BooleanField">
+            <default>0</default>
+            <Required>Y</Required>
+        </smtpauth_enabled>
+        <smtpauth_user type="TextField">
+            <default></default>
+            <Required>N</Required>
+        </smtpauth_user>
+        <smtpauth_password type="TextField">
+            <default></default>
+            <Required>N</Required>
+        </smtpauth_password>
         <reject_unauth_pipelining type="BooleanField">
             <default>1</default>
             <Required>Y</Required>
diff --git a/mail/postfix/src/opnsense/scripts/OPNsense/Postfix/setup.sh b/mail/postfix/src/opnsense/scripts/OPNsense/Postfix/setup.sh
index 6361465ed..a907a1d71 100755
--- a/mail/postfix/src/opnsense/scripts/OPNsense/Postfix/setup.sh
+++ b/mail/postfix/src/opnsense/scripts/OPNsense/Postfix/setup.sh
@@ -30,6 +30,7 @@ chown -R root:postfix /var/spool/postfix/pid
 postmap /usr/local/etc/postfix/transport
 postmap /usr/local/etc/postfix/recipient_access
 postmap /usr/local/etc/postfix/sender_access
+postmap /usr/local/etc/postfix/smtp_auth
 
 # Check for aliases
 if [ -f /usr/local/etc/postfix/aliases ]; then
diff --git a/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/+TARGETS b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/+TARGETS
index 3cbe5f21d..dc01e21fd 100644
--- a/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/+TARGETS
+++ b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/+TARGETS
@@ -4,3 +4,4 @@ postfix:/etc/rc.conf.d/postfix
 transport:/usr/local/etc/postfix/transport
 recipient_access:/usr/local/etc/postfix/recipient_access
 sender_access:/usr/local/etc/postfix/sender_access
+smtp_auth:/usr/local/etc/postfix/smtp_auth
diff --git a/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/main.cf b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/main.cf
index 58721a9b2..b3abc3363 100644
--- a/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/main.cf
+++ b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/main.cf
@@ -88,6 +88,16 @@ smtpd_tls_cert_file = /usr/local/etc/postfix/cert_opn.pem
 smtpd_tls_CAfile = /usr/local/etc/postfix/ca_opn.pem
 {% endif %}
 
+{% if helpers.exists('OPNsense.postfix.general.relayhost') and OPNsense.postfix.general.relayhost != '' %}
+relayhost = {{ OPNsense.postfix.general.relayhost }}
+{% endif %}
+
+{% if helpers.exists('OPNsense.postfix.general.smtpauth_enabled') and OPNsense.postfix.general.smtpauth_enabled != '' %}
+smtp_sasl_auth_enable = yes  
+smtp_sasl_password_maps = hash:/usr/local/etc/postfix/smtp_auth  
+smtp_sasl_security_options = 
+{% endif %}
+
 {% if helpers.exists('OPNsense.postfix.antispam.enable_rspamd') and OPNsense.postfix.antispam.enable_rspamd == '1' %}
 smtpd_milters = inet:localhost:11332
 non_smtpd_milters = inet:localhost:11332
diff --git a/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/smtp_auth b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/smtp_auth
new file mode 100644
index 000000000..9bca91917
--- /dev/null
+++ b/mail/postfix/src/opnsense/service/templates/OPNsense/Postfix/smtp_auth
@@ -0,0 +1,9 @@
+{% if helpers.exists('OPNsense.postfix.general.enabled') and OPNsense.postfix.general.enabled == '1' %}
+{%   if helpers.exists('OPNsense.postfix.general.smtpauth_enabled') and OPNsense.postfix.general.smtpauth_enabled == '1' %}
+{%     if helpers.exists('OPNsense.postfix.general.smtpauth_user') and OPNsense.postfix.general.smtpauth_user != '' %}
+{%       if helpers.exists('OPNsense.postfix.general.smtpauth_password') and OPNsense.postfix.general.smtpauth_password != '' %}
+{{ OPNsense.postfix.general.relayhost }} {{ OPNsense.postfix.general.smtpauth_user }}:{{ OPNsense.postfix.general.smtpauth_password }}
+{%       endif %}
+{%     endif %}
+{%   endif %}
+{% endif %}