Skip to content

Commit

Permalink
Upd: Fix OAuth token support for Microsoft 365
Browse files Browse the repository at this point in the history
This is a smaller fix to enable proper working of the image with
Microsoft 365.
  • Loading branch information
FlorianKronos authored and bokysan committed Sep 27, 2023
1 parent c7def50 commit 9235ee0
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 5 deletions.
6 changes: 4 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ Simple postfix relay host ("postfix null client") for your Docker containers. Ba
* [Postfix-specific options](#postfix-specific-options)
* [RELAYHOST, RELAYHOST_USERNAME and RELAYHOST_PASSWORD](#relayhost-relayhost_username-and-relayhost_password)
* [POSTFIX_smtp_tls_security_level](#postfix_smtp_tls_security_level)
* [XOAUTH2_CLIENT_ID, XOAUTH2_SECRET, XOAUTH2_INITIAL_ACCESS_TOKEN and XOAUTH2_INITIAL_REFRESH_TOKEN](#xoauth2_client_id-xoauth2_secret-xoauth2_initial_access_token-and-xoauth2_initial_refresh_token)
* [XOAUTH2_CLIENT_ID, XOAUTH2_SECRET, XOAUTH2_INITIAL_ACCESS_TOKEN, XOAUTH2_INITIAL_REFRESH_TOKEN and XOAUTH2_TOKEN_ENDPOINT ](#xoauth2_client_id-xoauth2_secret-xoauth2_initial_access_token-xoauth2_initial_refresh_token-and-xoauth2_token_endpoint)
* [MASQUERADED_DOMAINS](#masqueraded_domains)
* [SMTP_HEADER_CHECKS](#smtp_header_checks)
* [POSTFIX_myhostname](#postfix_myhostname)
Expand Down Expand Up @@ -170,6 +170,7 @@ To change the log format, set the (unsurprisingly named) variable `LOG_FORMAT=js
* `XOAUTH2_SECRET` = OAuth2 secret used when configured as a relayhost.
* `XOAUTH2_INITIAL_ACCESS_TOKEN` = Initial OAuth2 access token.
* `XOAUTH2_INITIAL_REFRESH_TOKEN` = Initial OAuth2 refresh token.
* `XOAUTH2_TOKEN_ENDPOINT` = Token endpoint provided four your XOAUTH App , GMail use : https://accounts.google.com/o/oauth2/token
* `SMTPD_SASL_USERS` = Users allow to send mail (ex: user1:pass1,user2:pass2,...)
* `MASQUERADED_DOMAINS` = domains where you want to masquerade internal hosts
* `SMTP_HEADER_CHECKS`= Set to `1` to enable header checks of to a location of the file for header checks
Expand Down Expand Up @@ -214,14 +215,15 @@ Define relay host TLS connection level. See [smtp_tls_security_level](http://www

This level defines how the postfix will connect to your upstream server.

#### `XOAUTH2_CLIENT_ID`, `XOAUTH2_SECRET`, `XOAUTH2_INITIAL_ACCESS_TOKEN` and `XOAUTH2_INITIAL_REFRESH_TOKEN`
#### `XOAUTH2_CLIENT_ID`, `XOAUTH2_SECRET`, `XOAUTH2_INITIAL_ACCESS_TOKEN`, `XOAUTH2_INITIAL_REFRESH_TOKEN` and `XOAUTH2_TOKEN_ENDPOINT`

> Note: These parameters are used when `RELAYHOST` and `RELAYHOST_USERNAME` are provided.
These parameters allow you to configure a relayhost that requires (or recommends) the [XOAuth2 authentication method](https://github.com/tarickb/sasl-xoauth2) (e.g. GMail).

* `XOAUTH2_CLIENT_ID` and `XOAUTH2_SECRET` are the [OAuth2 client credentials](#oauth2-client-credentials-gmail).
* `XOAUTH2_INITIAL_ACCESS_TOKEN` and `XOAUTH2_INITIAL_REFRESH_TOKEN` are the [initial access token and refresh tokens](#obtain-initial-access-token-gmail).
* `XOAUTH2_TOKEN_ENDPOINT` is mandatory for Microsoft 365 use, sasl-xoauth2 will use Gmail URL if it is not provided.
These values are only required to initialize the token file `/var/spool/postfix/xoauth2-tokens/$RELAYHOST_USERNAME`.

Example:
Expand Down
7 changes: 4 additions & 3 deletions scripts/common-run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -285,13 +285,14 @@ postfix_setup_relayhost() {
postfix_setup_xoauth2_pre_setup() {
file_env 'XOAUTH2_CLIENT_ID'
file_env 'XOAUTH2_SECRET'
if [ -n "$XOAUTH2_CLIENT_ID" ] && [ -n "$XOAUTH2_SECRET" ]; then
if [ -n "$XOAUTH2_CLIENT_ID" ] || [ -n "$XOAUTH2_SECRET" ]; then
cat <<EOF > /etc/sasl-xoauth2.conf
{
"client_id": "${XOAUTH2_CLIENT_ID}",
"client_secret": "${XOAUTH2_SECRET}",
"log_to_syslog_on_failure": "${XOAUTH2_SYSLOG_ON_FAILURE:-no}",
"log_full_trace_on_failure": "${XOAUTH2_FULL_TRACE:-no}"
"log_full_trace_on_failure": "${XOAUTH2_FULL_TRACE:-no}",
"token_endpoint": "${XOAUTH2_TOKEN_ENDPOINT:-https://accounts.google.com/o/oauth2/token}"
}
EOF

Expand Down Expand Up @@ -324,7 +325,7 @@ EOF

postfix_setup_xoauth2_post_setup() {
local other_plugins
if [ -n "$XOAUTH2_CLIENT_ID" ] && [ -n "$XOAUTH2_SECRET" ]; then
if [ -n "$XOAUTH2_CLIENT_ID" ] || [ -n "$XOAUTH2_SECRET" ]; then
do_postconf -e 'smtp_sasl_security_options='
do_postconf -e 'smtp_sasl_mechanism_filter=xoauth2'
do_postconf -e 'smtp_tls_session_cache_database=lmdb:${data_directory}/smtp_scache'
Expand Down

0 comments on commit 9235ee0

Please sign in to comment.