From 8fa45e78400d778af1263e3931b08edee32ad3bc Mon Sep 17 00:00:00 2001 From: FlorianKronos Date: Tue, 6 Jun 2023 09:37:02 +0200 Subject: [PATCH 1/5] XOAUTH2_TOKEN_ENDPOINT parameter added. --- README.md | 1 + scripts/common-run.sh | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 11ab006..b0d2444 100644 --- a/README.md +++ b/README.md @@ -170,6 +170,7 @@ To change the log format, set the (unsurprisingly named) variable `LOG_FORMAT=js * `XOAUTH2_SECRET` = OAuth2 secret used when configured as a relayhost. * `XOAUTH2_INITIAL_ACCESS_TOKEN` = Initial OAuth2 access token. * `XOAUTH2_INITIAL_REFRESH_TOKEN` = Initial OAuth2 refresh token. +* `XOAUTH2_TOKEN_ENDPOINT` = Token endpoint provided four your XOAUTH App , GMail use : https://accounts.google.com/o/oauth2/token * `SMTPD_SASL_USERS` = Users allow to send mail (ex: user1:pass1,user2:pass2,...) * `MASQUERADED_DOMAINS` = domains where you want to masquerade internal hosts * `SMTP_HEADER_CHECKS`= Set to `1` to enable header checks of to a location of the file for header checks diff --git a/scripts/common-run.sh b/scripts/common-run.sh index 505e41c..11ed63b 100755 --- a/scripts/common-run.sh +++ b/scripts/common-run.sh @@ -291,7 +291,8 @@ postfix_setup_xoauth2_pre_setup() { "client_id": "${XOAUTH2_CLIENT_ID}", "client_secret": "${XOAUTH2_SECRET}", "log_to_syslog_on_failure": "${XOAUTH2_SYSLOG_ON_FAILURE:-no}", - "log_full_trace_on_failure": "${XOAUTH2_FULL_TRACE:-no}" + "log_full_trace_on_failure": "${XOAUTH2_FULL_TRACE:-no}", + "token_endpoint": "${XOAUTH2_TOKEN_ENDPOINT:-'https://accounts.google.com/o/oauth2/token'}" } EOF From 6e35d3d4af48989060b9cf3c70d0e6d85ecddce0 Mon Sep 17 00:00:00 2001 From: FlorianKronos Date: Tue, 6 Jun 2023 09:55:57 +0200 Subject: [PATCH 2/5] Remove unnecessary quote --- scripts/common-run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/common-run.sh b/scripts/common-run.sh index 11ed63b..64fb574 100755 --- a/scripts/common-run.sh +++ b/scripts/common-run.sh @@ -292,7 +292,7 @@ postfix_setup_xoauth2_pre_setup() { "client_secret": "${XOAUTH2_SECRET}", "log_to_syslog_on_failure": "${XOAUTH2_SYSLOG_ON_FAILURE:-no}", "log_full_trace_on_failure": "${XOAUTH2_FULL_TRACE:-no}", - "token_endpoint": "${XOAUTH2_TOKEN_ENDPOINT:-'https://accounts.google.com/o/oauth2/token'}" + "token_endpoint": "${XOAUTH2_TOKEN_ENDPOINT:-https://accounts.google.com/o/oauth2/token}" } EOF From 8b336a32e8f9bd10c1677be95947a3bb8f5e9e1d Mon Sep 17 00:00:00 2001 From: FlorianKronos Date: Wed, 7 Jun 2023 09:37:42 +0200 Subject: [PATCH 3/5] XOAUTH2_SECRET could be null --- scripts/common-run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/common-run.sh b/scripts/common-run.sh index 64fb574..bf7d199 100755 --- a/scripts/common-run.sh +++ b/scripts/common-run.sh @@ -285,7 +285,7 @@ postfix_setup_relayhost() { postfix_setup_xoauth2_pre_setup() { file_env 'XOAUTH2_CLIENT_ID' file_env 'XOAUTH2_SECRET' - if [ -n "$XOAUTH2_CLIENT_ID" ] && [ -n "$XOAUTH2_SECRET" ]; then + if [ -n "$XOAUTH2_CLIENT_ID" ] || [ -n "$XOAUTH2_SECRET" ]; then cat < /etc/sasl-xoauth2.conf { "client_id": "${XOAUTH2_CLIENT_ID}", From 372655c5f0cf23b135301ffa8cdf1a173aea3887 Mon Sep 17 00:00:00 2001 From: FlorianKronos Date: Wed, 7 Jun 2023 10:02:26 +0200 Subject: [PATCH 4/5] For Microsoft 365 use , the Secret can't be mandatory. --- scripts/common-run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/common-run.sh b/scripts/common-run.sh index bf7d199..b2d69ac 100755 --- a/scripts/common-run.sh +++ b/scripts/common-run.sh @@ -325,7 +325,7 @@ EOF postfix_setup_xoauth2_post_setup() { local other_plugins - if [ -n "$XOAUTH2_CLIENT_ID" ] && [ -n "$XOAUTH2_SECRET" ]; then + if [ -n "$XOAUTH2_CLIENT_ID" ] || [ -n "$XOAUTH2_SECRET" ]; then do_postconf -e 'smtp_sasl_security_options=' do_postconf -e 'smtp_sasl_mechanism_filter=xoauth2' do_postconf -e 'smtp_tls_session_cache_database=lmdb:${data_directory}/smtp_scache' From a2f888373e6fe5fe2fcc65dc4e280e539a11f8af Mon Sep 17 00:00:00 2001 From: FlorianKronos Date: Wed, 30 Aug 2023 10:58:56 +0200 Subject: [PATCH 5/5] Documentation Update --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b0d2444..15cf6c0 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ Simple postfix relay host ("postfix null client") for your Docker containers. Ba * [Postfix-specific options](#postfix-specific-options) * [RELAYHOST, RELAYHOST_USERNAME and RELAYHOST_PASSWORD](#relayhost-relayhost_username-and-relayhost_password) * [POSTFIX_smtp_tls_security_level](#postfix_smtp_tls_security_level) - * [XOAUTH2_CLIENT_ID, XOAUTH2_SECRET, XOAUTH2_INITIAL_ACCESS_TOKEN and XOAUTH2_INITIAL_REFRESH_TOKEN](#xoauth2_client_id-xoauth2_secret-xoauth2_initial_access_token-and-xoauth2_initial_refresh_token) + * [XOAUTH2_CLIENT_ID, XOAUTH2_SECRET, XOAUTH2_INITIAL_ACCESS_TOKEN, XOAUTH2_INITIAL_REFRESH_TOKEN and XOAUTH2_TOKEN_ENDPOINT ](#xoauth2_client_id-xoauth2_secret-xoauth2_initial_access_token-xoauth2_initial_refresh_token-and-xoauth2_token_endpoint) * [MASQUERADED_DOMAINS](#masqueraded_domains) * [SMTP_HEADER_CHECKS](#smtp_header_checks) * [POSTFIX_myhostname](#postfix_myhostname) @@ -215,7 +215,7 @@ Define relay host TLS connection level. See [smtp_tls_security_level](http://www This level defines how the postfix will connect to your upstream server. -#### `XOAUTH2_CLIENT_ID`, `XOAUTH2_SECRET`, `XOAUTH2_INITIAL_ACCESS_TOKEN` and `XOAUTH2_INITIAL_REFRESH_TOKEN` +#### `XOAUTH2_CLIENT_ID`, `XOAUTH2_SECRET`, `XOAUTH2_INITIAL_ACCESS_TOKEN`, `XOAUTH2_INITIAL_REFRESH_TOKEN` and `XOAUTH2_TOKEN_ENDPOINT` > Note: These parameters are used when `RELAYHOST` and `RELAYHOST_USERNAME` are provided. @@ -223,6 +223,7 @@ These parameters allow you to configure a relayhost that requires (or recommends * `XOAUTH2_CLIENT_ID` and `XOAUTH2_SECRET` are the [OAuth2 client credentials](#oauth2-client-credentials-gmail). * `XOAUTH2_INITIAL_ACCESS_TOKEN` and `XOAUTH2_INITIAL_REFRESH_TOKEN` are the [initial access token and refresh tokens](#obtain-initial-access-token-gmail). +* `XOAUTH2_TOKEN_ENDPOINT` is mandatory for Microsoft 365 use, sasl-xoauth2 will use Gmail URL if it is not provided. These values are only required to initialize the token file `/var/spool/postfix/xoauth2-tokens/$RELAYHOST_USERNAME`. Example: