From 55a364bda1d1f293a0691198cd6a4d1784cb2f87 Mon Sep 17 00:00:00 2001
From: Malfurious <m@lfurio.us>
Date: Sat, 8 Jun 2024 05:07:09 -0400
Subject: postfix: Enable secure submission of outgoing email

The encrypted "submissions" port (465) is opened in postfix and is
configured for delivery of outgoing mail of authenticated users only.
The authentication is provided by dovecot via unix socket and account
data is sourced from the userconfig directory.

Signed-off-by: Malfurious <m@lfurio.us>
---
 dovecot/dovecot.conf | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'dovecot/dovecot.conf')

diff --git a/dovecot/dovecot.conf b/dovecot/dovecot.conf
index 19f5ebd..b1e3f9b 100644
--- a/dovecot/dovecot.conf
+++ b/dovecot/dovecot.conf
@@ -30,6 +30,14 @@ userdb {
     args = /etc/userconfig/passwd
 }
 
+# Provide user authentication service to postfix submission sessions
+service auth {
+    unix_listener /var/spool/postfix/private/auth {
+        user = postfix
+        group = postfix
+        mode = 0660
+    }
+}
 
 # Location for users mailboxes
 #  %u - username
-- 
cgit v1.2.3