paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Dovecot] Remove user queries from passdb + add a second passdb for additional algorithms + create userdb without password queries

master
André 2018-07-12 00:23:12 +02:00
parent a4e96a3fe3
commit 2aef18d130
2 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
data/Dockerfiles/dovecot/docker-entrypoint.sh
View File

@ -83,14 +83,28 @@ map {
EOF
# Create user and pass dict for Dovecot
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-passdb.conf
# Create userdb dict for Dovecot
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-userdb.conf
driver = mysql
connect = "host=mysql dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
user_query = SELECT CONCAT('maildir:/var/vmail/',maildir) AS mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
iterate_query = SELECT username FROM mailbox WHERE active='1';
EOF
# Create default pass dict for Dovecot
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-ssha256-passdb.conf
driver = mysql
connect = "host=mysql dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
default_pass_scheme = SSHA256
password_query = SELECT password FROM mailbox WHERE username = '%u' AND domain IN (SELECT domain FROM domain WHERE domain='%d' AND active='1') AND JSON_EXTRACT(attributes, '$.force_pw_update') NOT LIKE '%%1%%'
user_query = SELECT CONCAT('maildir:/var/vmail/',maildir) AS mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
iterate_query = SELECT username FROM mailbox WHERE active='1';
EOF
# Create additional passdb dict for Dovecot
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-additional-passdb.conf
driver = mysql
connect = "host=mysql dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
default_pass_scheme = ${ADDITIONAL_HASH_SCHEME}
password_query = SELECT password FROM mailbox WHERE username = '%u' AND domain IN (SELECT domain FROM domain WHERE domain='%d' AND active='1') AND JSON_EXTRACT(attributes, '$.force_pw_update') NOT LIKE '%%1%%'
EOF
# Create global sieve_after script

8
data/conf/dovecot/dovecot.conf
View File

@ -43,7 +43,11 @@ passdb {
pass = yes
}
passdb {
args = /usr/local/etc/dovecot/sql/dovecot-dict-sql-passdb.conf
args = /usr/local/etc/dovecot/sql/dovecot-dict-sql-ssha256-passdb.conf
driver = sql
}
passdb {
args = /usr/local/etc/dovecot/sql/dovecot-dict-sql-additional-passdb.conf
driver = sql
}
# Set doveadm_password=your-secret-password in data/conf/dovecot/extra.conf (create if missing)
@ -238,7 +242,7 @@ listen = *,[::]
ssl_cert = </etc/ssl/mail/cert.pem
ssl_key = </etc/ssl/mail/key.pem
userdb {
args = /usr/local/etc/dovecot/sql/dovecot-dict-sql-passdb.conf
args = /usr/local/etc/dovecot/sql/dovecot-dict-sql-userdb.conf
driver = sql
}
protocol imap {