Add SMTP client TLS options https://github.com/webmin/webmin/issues/913

postfix/lang/en

@@ -830,6 +830,7 @@ opts_smtpd_tls_cert_file=TLS certificate file
 opts_smtpd_tls_key_file=TLS private key file
 opts_smtpd_tls_CAfile=TLS certificate authority file
 opts_smtpd_use_tls=Enable TLS encryption?
+opts_smtp_enforce_tls=Require TLS encryption?
 sasl_err=Failed to save SMTP authentication and encryption
 sasl_ecert=Missing or invalid TLS certificate file
 sasl_ekey=Missing or invalid TLS key file
@@ -837,6 +838,11 @@ sasl_eca=Missing or invalid TLS certificate authority file
 sasl_level_none=Never
 sasl_level_may=If requested by client
 sasl_level_encrypt=Always
+sasl_level_dane=Opportunistic DANE TLS
+sasl_level_dane_only=Mandatory DANE TLS
+sasl_level_fingerprint=Certificate fingerprint verification
+sasl_level_verify=Mandatory TLS verification
+sasl_level_secure=Secure-channel TLS
 sasl_login=SMTP login to outgoing mail host
 sasl_nologin=None needed
 sasl_userpass=Login as $1 with password $2

postfix/smtp.cgi

@@ -52,6 +52,26 @@ if (&compare_version_numbers($postfix_version, 2) <= 0) {
 &option_yesno("smtp_use_tls");
 &option_freefield("smtp_sasl_security_options", 60);
 
+# TLS enforcement options
+if (&compare_version_numbers($postfix_version, 2.3) >= 0) {
+	$level = &get_current_value("smtp_tls_security_level");
+	print &ui_table_row($text{'opts_smtp_use_tls'},
+		&ui_select("smtp_tls_security_level", $level, 
+			   [ [ "", $text{'default'} ],
+			     [ "none", $text{'sasl_level_none'} ],
+			     [ "may", $text{'sasl_level_may'} ],
+			     [ "encrypt", $text{'sasl_level_encrypt'} ],
+			     [ "dane", $text{'sasl_level_dane'} ],
+			     [ "dane-only", $text{'sasl_level_dane_only'} ],
+			     [ "fingerprint", $text{'sasl_level_fingerprint'} ],
+			     [ "verify", $text{'sasl_level_verify'} ],
+			     [ "secure", $text{'sasl_level_secure'} ],
+			   ]));
+	}
+else {
+	&option_yesno("smtp_enforce_tls");
+	}
+
 print &ui_table_end();
 print &ui_form_end([ [ undef, $text{'opts_save'} ] ]);