From ca4027cadd791efca7c8d2eb8795cbbd8da8e010 Mon Sep 17 00:00:00 2001
From: Jeff Volkenant <jeff@volkenant.net>
Date: Thu, 17 Jan 2019 12:23:53 -0800
Subject: [PATCH] fixed conflicting edits for smtpd_sasl_auth_enable

---
 setup/mail-postfix.sh |  5 -----
 setup/mail-users.sh   | 10 ++++------
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh
index 09f57a08..5b00fd1f 100755
--- a/setup/mail-postfix.sh
+++ b/setup/mail-postfix.sh
@@ -201,11 +201,6 @@ tools/editconf.py /etc/postfix/main.cf \
 	smtpd_sender_restrictions="permit_mynetworks,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org" \
 	smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,"reject_rbl_client zen.spamhaus.org",reject_unlisted_recipient,"check_policy_service inet:127.0.0.1:10023"
 
-# There was a change from Ubuntu 14.04 to 18.04 with how postfix handles SASL checks.
-# smtpd_sasl_auth_enable=yes must be set for reject_sender_login_mismatch
-
-tools/editconf.py /etc/postfix/main.cf smtpd_sasl_auth_enable=yes
-
 # Postfix connects to Postgrey on the 127.0.0.1 interface specifically. Ensure that
 # Postgrey listens on the same interface (and not IPv6, for instance).
 # A lot of legit mail servers try to resend before 300 seconds.
diff --git a/setup/mail-users.sh b/setup/mail-users.sh
index e54485bb..34d587e8 100755
--- a/setup/mail-users.sh
+++ b/setup/mail-users.sh
@@ -65,15 +65,13 @@ service auth {
 }
 EOF
 
-# And have Postfix use that service. We *disable* it here
-# so that authentication is not permitted on port 25 (which
-# does not run DKIM on relayed mail, so outbound mail isn't
-# correct, see #830), but we enable it specifically for the
-# submission port.
+# And have Postfix use that service.
+# Starting with Ubuntu Bionic, smtpd_sasl_auth_enable=yes is required
+# for certain main.cf options to function.
 tools/editconf.py /etc/postfix/main.cf \
 	smtpd_sasl_type=dovecot \
 	smtpd_sasl_path=private/auth \
-	smtpd_sasl_auth_enable=no
+	smtpd_sasl_auth_enable=yes
 
 # ### Sender Validation