Merge #1610
1610: add option to enforce inbound starttls r=mergify[bot] a=lub ## What type of PR? Feature ## What does this PR do? It implements a check in the auth_http handler to check for Auth-SSL == on and otherwise returns a 530 starttls error. If INBOUND_TLS_ENFORCE is not set the behaviour is still the same as before, so existing installations should be unaffected. Although there is a small difference to e.g. smtpd_tls_security_level of Postfix. Postfix already throws a 530 after mail from, but this solution only throws it after rcpt to. auth_http is only the request after rcpt to, so it's not possible to do it earlier. ### Related issue(s) #1328 is kinda related, although this PR doesn't solve the issue that the headers will still display ESMTP instead of ESMTPS ## Prerequistes Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [x] In case of feature or enhancement: documentation updated accordingly - [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file. Co-authored-by: lub <git@lubiland.de>master
commit
327884e07c
@ -0,0 +1 @@
|
|||||||
|
Add possibility to enforce inbound STARTTLS via INBOUND_TLS_LEVEL=true
|
Loading…
Reference in New Issue