mirror of
https://github.com/bokysan/docker-postfix.git
synced 2024-09-20 06:46:10 +08:00
Fix for #192: Automatically add domains to provided usernames for SASL
So, according to the documentation, usernames must always include a domain for SASL. In other words. User cannot be `johhny` but `johhny@example.org`. Further info can be found on this ticket: https://github.com/bokysan/docker-postfix/issues/192 This commit will automatically append domain if one is not provided in `SMTPD_SASL_USERS`.
This commit is contained in:
parent
bda13b30fa
commit
b358d71454
|
@ -209,12 +209,14 @@ To change the log format, set the (unsurprisingly named) variable `LOG_FORMAT=js
|
||||||
- `XOAUTH2_INITIAL_ACCESS_TOKEN` = Initial OAuth2 access token.
|
- `XOAUTH2_INITIAL_ACCESS_TOKEN` = Initial OAuth2 access token.
|
||||||
- `XOAUTH2_INITIAL_REFRESH_TOKEN` = Initial OAuth2 refresh token.
|
- `XOAUTH2_INITIAL_REFRESH_TOKEN` = Initial OAuth2 refresh token.
|
||||||
- `XOAUTH2_TOKEN_ENDPOINT` = Token endpoint provided four your XOAUTH App , GMail use : https://accounts.google.com/o/oauth2/token
|
- `XOAUTH2_TOKEN_ENDPOINT` = Token endpoint provided four your XOAUTH App , GMail use : https://accounts.google.com/o/oauth2/token
|
||||||
- `SMTPD_SASL_USERS` = Users allow to send mail (ex: user1:pass1,user2:pass2,...)
|
- `SMTPD_SASL_USERS` = Users allow to send mail (ex: user1:pass1,user2:pass2,...). *Warning:* Users need to be specified with a domain, as explained
|
||||||
|
on ticket [[#192](https://github.com/bokysan/docker-postfix/issues/192)]. This image will automatically add a domain if one is not provided and will
|
||||||
|
issue a notice when that happens.
|
||||||
- `MASQUERADED_DOMAINS` = domains where you want to masquerade internal hosts
|
- `MASQUERADED_DOMAINS` = domains where you want to masquerade internal hosts
|
||||||
- `SMTP_HEADER_CHECKS`= Set to `1` to enable header checks of to a location of the file for header checks
|
- `SMTP_HEADER_CHECKS`= Set to `1` to enable header checks of to a location of the file for header checks
|
||||||
- `POSTFIX_myhostname` = Set the name of this postfix server
|
- `POSTFIX_myhostname` = Set the name of this postfix server
|
||||||
- `POSTFIX_mynetworks` = Allow sending mails only from specific networks ( default `127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16` )
|
- `POSTFIX_mynetworks` = Allow sending mails only from specific networks ( default `127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16` )
|
||||||
- `POSTFIX_message_size_limit` = The maximum size of the messsage, in bytes, by default it's unlimited
|
- `POSTFIX_message_size_limit` = The maximum size of the message, in bytes, by default it's unlimited
|
||||||
- `POSTFIX_<any_postfix_setting>` = provide any additional postfix setting
|
- `POSTFIX_<any_postfix_setting>` = provide any additional postfix setting
|
||||||
|
|
||||||
#### `RELAYHOST`, `RELAYHOST_USERNAME` and `RELAYHOST_PASSWORD`
|
#### `RELAYHOST`, `RELAYHOST_USERNAME` and `RELAYHOST_PASSWORD`
|
||||||
|
|
|
@ -424,6 +424,8 @@ postfix_setup_xoauth2_post_setup() {
|
||||||
}
|
}
|
||||||
|
|
||||||
postfix_setup_smtpd_sasl_auth() {
|
postfix_setup_smtpd_sasl_auth() {
|
||||||
|
local first_bad_user bad_users mydomain message
|
||||||
|
local _user _pwd
|
||||||
if [ ! -z "$SMTPD_SASL_USERS" ]; then
|
if [ ! -z "$SMTPD_SASL_USERS" ]; then
|
||||||
info "Enable smtpd sasl auth."
|
info "Enable smtpd sasl auth."
|
||||||
do_postconf -e "smtpd_sasl_auth_enable=yes"
|
do_postconf -e "smtpd_sasl_auth_enable=yes"
|
||||||
|
@ -435,19 +437,41 @@ pwcheck_method: auxprop
|
||||||
auxprop_plugin: sasldb
|
auxprop_plugin: sasldb
|
||||||
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
|
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
|
||||||
EOF
|
EOF
|
||||||
[ ! -d /etc/sasl2 ] && mkdir /etc/sasl2
|
[[ ! -d /etc/sasl2 ]] && mkdir /etc/sasl2
|
||||||
ln -s /etc/postfix/sasl/smtpd.conf /etc/sasl2/
|
ln -s -f /etc/postfix/sasl/smtpd.conf /etc/sasl2/
|
||||||
|
|
||||||
|
bad_users=""
|
||||||
|
mydomain="$(postconf -h mydomain)"
|
||||||
# sasldb2
|
# sasldb2
|
||||||
echo $SMTPD_SASL_USERS | tr , \\n > /tmp/passwd
|
echo $SMTPD_SASL_USERS | tr , \\n > /tmp/passwd
|
||||||
while IFS=':' read -r _user _pwd; do
|
while IFS=':' read -r _user _pwd; do
|
||||||
echo $_pwd | saslpasswd2 -p -c $_user
|
# Fix for issue https://github.com/bokysan/docker-postfix/issues/192
|
||||||
|
if [[ "$_user" = *@* ]]; then
|
||||||
|
echo $_pwd | saslpasswd2 -p -c $_user
|
||||||
|
else
|
||||||
|
if [[ -z "$bad_users" ]]; then
|
||||||
|
bad_users="${emphasis}${_user}${reset}"
|
||||||
|
first_bad_user="${_user}"
|
||||||
|
else
|
||||||
|
bad_users="${bad_users},${emphasis}${_user}${reset}"
|
||||||
|
fi
|
||||||
|
echo $_pwd | saslpasswd2 -p -c -u $mydomain $_user
|
||||||
|
fi
|
||||||
done < /tmp/passwd
|
done < /tmp/passwd
|
||||||
|
|
||||||
rm -f /tmp/passwd
|
rm -f /tmp/passwd
|
||||||
|
|
||||||
[ -f /etc/sasldb2 ] && chown postfix:postfix /etc/sasldb2
|
[[ -f /etc/sasldb2 ]] && chown postfix:postfix /etc/sasldb2
|
||||||
[ -f /etc/sasl2/sasldb2 ] && chown postfix:postfix /etc/sasl2/sasldb2
|
[[ -f /etc/sasl2/sasldb2 ]] && chown postfix:postfix /etc/sasl2/sasldb2
|
||||||
|
|
||||||
|
if [[ -n "$bad_users" ]]; then
|
||||||
|
notice "$(printf '%s' \
|
||||||
|
"Some SASL users (${bad_users}) were specified without the domain. Container domain (${emphasis}${mydomain}${reset}) was automatically applied. " \
|
||||||
|
"If this was an intended behavour, you can safely ignore this message. To prevent the message in the future, specify your usernames with domain " \
|
||||||
|
"name, e.g. ${emphasis}${first_bad_user}@${mydomain}:<pass>${reset}. For more info, see https://github.com/bokysan/docker-postfix/issues/192"
|
||||||
|
)"
|
||||||
|
fi
|
||||||
|
|
||||||
debug 'Sasldb configured'
|
debug 'Sasldb configured'
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
load /code/scripts/common.sh
|
load /code/scripts/common.sh
|
||||||
load /code/scripts/common-run.sh
|
load /code/scripts/common-run.sh
|
||||||
|
|
||||||
#
|
|
||||||
postconf daemon_directory=/usr/libexec/postfix
|
postconf daemon_directory=/usr/libexec/postfix
|
||||||
|
|
||||||
if [[ ! -f /etc/postfix/main.test-multi-comment ]]; then
|
if [[ ! -f /etc/postfix/main.test-multi-comment ]]; then
|
||||||
|
|
22
unit-tests/026_postfix_setup_smtpd_sasl_auth.bats
Normal file
22
unit-tests/026_postfix_setup_smtpd_sasl_auth.bats
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
#!/usr/bin/env bats
|
||||||
|
|
||||||
|
load /code/scripts/common.sh
|
||||||
|
load /code/scripts/common-run.sh
|
||||||
|
|
||||||
|
@test "check if SMTPD_SASL_USERS works with and without domain" {
|
||||||
|
local db_file
|
||||||
|
local SMTPD_SASL_USERS="hello:world,foo@example.com:bar"
|
||||||
|
do_postconf -e 'mydomain=example.org'
|
||||||
|
postfix_setup_smtpd_sasl_auth
|
||||||
|
|
||||||
|
postfix check
|
||||||
|
|
||||||
|
[[ -f /etc/postfix/sasl/smtpd.conf ]]
|
||||||
|
[[ -f /etc/sasl2/smtpd.conf ]]
|
||||||
|
[[ -f /etc/sasldb2 ]] || [[ -f /etc/sasl2/sasldb2 ]]
|
||||||
|
|
||||||
|
sasldblistusers2 | grep -qE "^hello@example.org:"
|
||||||
|
sasldblistusers2 | grep -qE "^foo@example.com:"
|
||||||
|
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue