From ce67fd77348cbe9af213160ee08ac94fca7a8261 Mon Sep 17 00:00:00 2001
From: Sebastian Hugentobler <sebastian@vanwa.ch>
Date: Tue, 28 Sep 2021 09:54:55 +0200
Subject: [PATCH] disallow anonymous sals auth

---
 rootfs/etc/confd/templates/main.cf.tmpl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl
index fbced32..38324dd 100644
--- a/rootfs/etc/confd/templates/main.cf.tmpl
+++ b/rootfs/etc/confd/templates/main.cf.tmpl
@@ -53,7 +53,8 @@ smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = inet:{{getenv "DOVECOT_HOST"}}:{{getenv "DOVECOT_AUTH_PORT"}}
 smtpd_sasl_auth_enable = yes
-smtpd_sasl_security_options = noanonymous
+smtpd_sasl_security_options = noanonymous, noplaintext
+smtpd_sasl_tls_security_options = noanonymous
 
 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination, reject_unverified_recipient