From b358d714542af280115fa22845f505ea34a93e88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bojan=20=C4=8Cekrli=C4=87?= Date: Tue, 16 Apr 2024 22:07:58 +0200 Subject: [PATCH] Fix for #192: Automatically add domains to provided usernames for SASL So, according to the documentation, usernames must always include a domain for SASL. In other words. User cannot be `johhny` but `johhny@example.org`. Further info can be found on this ticket: https://github.com/bokysan/docker-postfix/issues/192 This commit will automatically append domain if one is not provided in `SMTPD_SASL_USERS`. --- README.md | 6 ++-- scripts/common-run.sh | 34 ++++++++++++++++--- unit-tests/000_test-multi-comment.bats | 2 +- .../026_postfix_setup_smtpd_sasl_auth.bats | 22 ++++++++++++ 4 files changed, 56 insertions(+), 8 deletions(-) create mode 100644 unit-tests/026_postfix_setup_smtpd_sasl_auth.bats diff --git a/README.md b/README.md index 61e9604..95a99dc 100644 --- a/README.md +++ b/README.md @@ -209,12 +209,14 @@ To change the log format, set the (unsurprisingly named) variable `LOG_FORMAT=js - `XOAUTH2_INITIAL_ACCESS_TOKEN` = Initial OAuth2 access token. - `XOAUTH2_INITIAL_REFRESH_TOKEN` = Initial OAuth2 refresh token. - `XOAUTH2_TOKEN_ENDPOINT` = Token endpoint provided four your XOAUTH App , GMail use : https://accounts.google.com/o/oauth2/token -- `SMTPD_SASL_USERS` = Users allow to send mail (ex: user1:pass1,user2:pass2,...) +- `SMTPD_SASL_USERS` = Users allow to send mail (ex: user1:pass1,user2:pass2,...). *Warning:* Users need to be specified with a domain, as explained + on ticket [[#192](https://github.com/bokysan/docker-postfix/issues/192)]. This image will automatically add a domain if one is not provided and will + issue a notice when that happens. - `MASQUERADED_DOMAINS` = domains where you want to masquerade internal hosts - `SMTP_HEADER_CHECKS`= Set to `1` to enable header checks of to a location of the file for header checks - `POSTFIX_myhostname` = Set the name of this postfix server - `POSTFIX_mynetworks` = Allow sending mails only from specific networks ( default `127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16` ) -- `POSTFIX_message_size_limit` = The maximum size of the messsage, in bytes, by default it's unlimited +- `POSTFIX_message_size_limit` = The maximum size of the message, in bytes, by default it's unlimited - `POSTFIX_` = provide any additional postfix setting #### `RELAYHOST`, `RELAYHOST_USERNAME` and `RELAYHOST_PASSWORD` diff --git a/scripts/common-run.sh b/scripts/common-run.sh index 048b431..5bf17c8 100755 --- a/scripts/common-run.sh +++ b/scripts/common-run.sh @@ -424,6 +424,8 @@ postfix_setup_xoauth2_post_setup() { } postfix_setup_smtpd_sasl_auth() { + local first_bad_user bad_users mydomain message + local _user _pwd if [ ! -z "$SMTPD_SASL_USERS" ]; then info "Enable smtpd sasl auth." do_postconf -e "smtpd_sasl_auth_enable=yes" @@ -435,19 +437,41 @@ pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM EOF - [ ! -d /etc/sasl2 ] && mkdir /etc/sasl2 - ln -s /etc/postfix/sasl/smtpd.conf /etc/sasl2/ + [[ ! -d /etc/sasl2 ]] && mkdir /etc/sasl2 + ln -s -f /etc/postfix/sasl/smtpd.conf /etc/sasl2/ + bad_users="" + mydomain="$(postconf -h mydomain)" # sasldb2 echo $SMTPD_SASL_USERS | tr , \\n > /tmp/passwd while IFS=':' read -r _user _pwd; do - echo $_pwd | saslpasswd2 -p -c $_user + # Fix for issue https://github.com/bokysan/docker-postfix/issues/192 + if [[ "$_user" = *@* ]]; then + echo $_pwd | saslpasswd2 -p -c $_user + else + if [[ -z "$bad_users" ]]; then + bad_users="${emphasis}${_user}${reset}" + first_bad_user="${_user}" + else + bad_users="${bad_users},${emphasis}${_user}${reset}" + fi + echo $_pwd | saslpasswd2 -p -c -u $mydomain $_user + fi done < /tmp/passwd rm -f /tmp/passwd - [ -f /etc/sasldb2 ] && chown postfix:postfix /etc/sasldb2 - [ -f /etc/sasl2/sasldb2 ] && chown postfix:postfix /etc/sasl2/sasldb2 + [[ -f /etc/sasldb2 ]] && chown postfix:postfix /etc/sasldb2 + [[ -f /etc/sasl2/sasldb2 ]] && chown postfix:postfix /etc/sasl2/sasldb2 + + if [[ -n "$bad_users" ]]; then + notice "$(printf '%s' \ + "Some SASL users (${bad_users}) were specified without the domain. Container domain (${emphasis}${mydomain}${reset}) was automatically applied. " \ + "If this was an intended behavour, you can safely ignore this message. To prevent the message in the future, specify your usernames with domain " \ + "name, e.g. ${emphasis}${first_bad_user}@${mydomain}:${reset}. For more info, see https://github.com/bokysan/docker-postfix/issues/192" + )" + fi + debug 'Sasldb configured' fi } diff --git a/unit-tests/000_test-multi-comment.bats b/unit-tests/000_test-multi-comment.bats index a4af074..2bf20b3 100644 --- a/unit-tests/000_test-multi-comment.bats +++ b/unit-tests/000_test-multi-comment.bats @@ -3,7 +3,7 @@ load /code/scripts/common.sh load /code/scripts/common-run.sh -# + postconf daemon_directory=/usr/libexec/postfix if [[ ! -f /etc/postfix/main.test-multi-comment ]]; then diff --git a/unit-tests/026_postfix_setup_smtpd_sasl_auth.bats b/unit-tests/026_postfix_setup_smtpd_sasl_auth.bats new file mode 100644 index 0000000..ab25eef --- /dev/null +++ b/unit-tests/026_postfix_setup_smtpd_sasl_auth.bats @@ -0,0 +1,22 @@ +#!/usr/bin/env bats + +load /code/scripts/common.sh +load /code/scripts/common-run.sh + +@test "check if SMTPD_SASL_USERS works with and without domain" { + local db_file + local SMTPD_SASL_USERS="hello:world,foo@example.com:bar" + do_postconf -e 'mydomain=example.org' + postfix_setup_smtpd_sasl_auth + + postfix check + + [[ -f /etc/postfix/sasl/smtpd.conf ]] + [[ -f /etc/sasl2/smtpd.conf ]] + [[ -f /etc/sasldb2 ]] || [[ -f /etc/sasl2/sasldb2 ]] + + sasldblistusers2 | grep -qE "^hello@example.org:" + sasldblistusers2 | grep -qE "^foo@example.com:" + +} +