From bbb17d1a5d3e3f01b5e53c796d5184db4d086931 Mon Sep 17 00:00:00 2001
From: Jesse Norell <jesse@kci.net>
Date: Tue, 6 Oct 2020 16:51:16 -0600
Subject: [PATCH 1/2] set auth_verbose for pop3/imap protocol only

---
 install/tpl/debian6_dovecot2.conf.master  | 3 ++-
 install/tpl/debian_dovecot2.conf.master   | 3 ++-
 install/tpl/fedora_dovecot2.conf.master   | 3 ++-
 install/tpl/opensuse_dovecot2.conf.master | 3 ++-
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/install/tpl/debian6_dovecot2.conf.master b/install/tpl/debian6_dovecot2.conf.master
index 1080eeb559..a27728ef69 100644
--- a/install/tpl/debian6_dovecot2.conf.master
+++ b/install/tpl/debian6_dovecot2.conf.master
@@ -11,7 +11,6 @@ ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
 ssl_min_protocol = TLSv1.2
 ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 ssl_prefer_server_ciphers = no
-auth_verbose = yes
 mail_max_userip_connections = 100
 mail_plugins = quota
 passdb {
@@ -67,10 +66,12 @@ service imap-login {
 }
 protocol imap {
   mail_plugins = quota imap_quota
+  auth_verbose = yes
 }
 protocol pop3 {
   pop3_uidl_format = %08Xu%08Xv
   mail_plugins = quota
+  auth_verbose = yes
 }
 protocol lda {
   postmaster_address = webmaster@localhost
diff --git a/install/tpl/debian_dovecot2.conf.master b/install/tpl/debian_dovecot2.conf.master
index f35c40b629..524291c5d8 100644
--- a/install/tpl/debian_dovecot2.conf.master
+++ b/install/tpl/debian_dovecot2.conf.master
@@ -11,7 +11,6 @@ ssl_dh = </etc/dovecot/dh.pem
 ssl_min_protocol = TLSv1.2
 ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 ssl_prefer_server_ciphers = no
-auth_verbose = yes
 mail_max_userip_connections = 100
 mail_plugins = $mail_plugins quota
 passdb {
@@ -64,10 +63,12 @@ service imap-login {
 }
 protocol imap {
   mail_plugins = quota imap_quota
+  auth_verbose = yes
 }
 protocol pop3 {
   pop3_uidl_format = %08Xu%08Xv
   mail_plugins = quota
+  auth_verbose = yes
 }
 protocol lda {
   postmaster_address = webmaster@localhost
diff --git a/install/tpl/fedora_dovecot2.conf.master b/install/tpl/fedora_dovecot2.conf.master
index 4b9bb5c6a9..e62fd7289a 100644
--- a/install/tpl/fedora_dovecot2.conf.master
+++ b/install/tpl/fedora_dovecot2.conf.master
@@ -9,7 +9,6 @@ ssl_key = </etc/postfix/smtpd.key
 ssl_min_protocol = TLSv1.2
 ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 ssl_prefer_server_ciphers = no
-auth_verbose = yes
 mail_plugins = quota
 passdb {
   args = /etc/dovecot-sql.conf
@@ -61,10 +60,12 @@ service imap-login {
 }
 protocol imap {
   mail_plugins = quota imap_quota
+  auth_verbose = yes
 }
 protocol pop3 {
   pop3_uidl_format = %08Xu%08Xv
   mail_plugins = quota
+  auth_verbose = yes
 }
 protocol lda {
   mail_plugins = sieve quota
diff --git a/install/tpl/opensuse_dovecot2.conf.master b/install/tpl/opensuse_dovecot2.conf.master
index 8573c09c52..f7a78c34f2 100644
--- a/install/tpl/opensuse_dovecot2.conf.master
+++ b/install/tpl/opensuse_dovecot2.conf.master
@@ -9,7 +9,6 @@ ssl_key = </etc/postfix/smtpd.key
 ssl_min_protocol = TLSv1.2
 ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 ssl_prefer_server_ciphers = no
-auth_verbose = yes
 mail_plugins = quota
 passdb {
   args = /etc/dovecot/dovecot-sql.conf
@@ -61,10 +60,12 @@ service imap-login {
 }
 protocol imap {
   mail_plugins = quota imap_quota
+  auth_verbose = yes
 }
 protocol pop3 {
   pop3_uidl_format = %08Xu%08Xv
   mail_plugins = quota
+  auth_verbose = yes
 }
 protocol lda {
   mail_plugins = sieve quota
-- 
GitLab


From bb4eac6a2ab620767c8829016b3b7ef1af1a6fef Mon Sep 17 00:00:00 2001
From: Jesse Norell <jesse@kci.net>
Date: Tue, 6 Oct 2020 17:45:57 -0600
Subject: [PATCH 2/2] Revert "remove reject_unlisted_recipient"

This reverts commit 67452af5eb9c395f5d403396983d9226a6ef020e.
---
 install/tpl/debian_postfix.conf.master   | 2 +-
 install/tpl/fedora_postfix.conf.master   | 2 +-
 install/tpl/gentoo_postfix.conf.master   | 2 +-
 install/tpl/opensuse_postfix.conf.master | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master
index 42f2c45322..87ce6fc662 100644
--- a/install/tpl/debian_postfix.conf.master
+++ b/install/tpl/debian_postfix.conf.master
@@ -15,7 +15,7 @@ broken_sasl_auth_clients = yes
 smtpd_sasl_authenticated_header = yes
 smtpd_restriction_classes = greylisting
 greylisting = check_policy_service inet:127.0.0.1:10023
-smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, reject_unlisted_recipient, check_policy_service unix:private/quota-status
+smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status
 smtpd_use_tls = yes
 smtpd_tls_security_level = may
 smtpd_tls_cert_file = {config_dir}/smtpd.cert
diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master
index dd54a820cc..a87c7daed9 100644
--- a/install/tpl/fedora_postfix.conf.master
+++ b/install/tpl/fedora_postfix.conf.master
@@ -11,7 +11,7 @@ broken_sasl_auth_clients = yes
 smtpd_sasl_authenticated_header = yes
 smtpd_restriction_classes = greylisting
 greylisting = check_policy_service inet:127.0.0.1:10023
-smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, reject_unlisted_recipient, check_policy_service unix:private/quota-status
+smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status
 smtpd_use_tls = yes
 smtpd_tls_security_level = may
 smtpd_tls_cert_file = {config_dir}/smtpd.cert
diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master
index ca79f526dd..605344bd74 100644
--- a/install/tpl/gentoo_postfix.conf.master
+++ b/install/tpl/gentoo_postfix.conf.master
@@ -10,7 +10,7 @@ broken_sasl_auth_clients = yes
 smtpd_sasl_authenticated_header = yes
 smtpd_restriction_classes = greylisting
 greylisting = check_policy_service inet:127.0.0.1:10023
-smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, reject_unlisted_recipient, check_policy_service unix:private/quota-status
+smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status
 smtpd_use_tls = yes
 smtpd_tls_security_level = may
 smtpd_tls_cert_file = {config_dir}/smtpd.cert
diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master
index f971a9e485..4cb46786a3 100644
--- a/install/tpl/opensuse_postfix.conf.master
+++ b/install/tpl/opensuse_postfix.conf.master
@@ -13,7 +13,7 @@ broken_sasl_auth_clients = yes
 smtpd_sasl_authenticated_header = yes
 smtpd_restriction_classes = greylisting
 greylisting = check_policy_service inet:127.0.0.1:10023
-smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, reject_unlisted_recipient, check_policy_service unix:private/quota-status
+smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status
 smtpd_use_tls = yes
 smtpd_tls_security_level = may
 smtpd_tls_cert_file = {config_dir}/smtpd.cert
-- 
GitLab