2014-07-10 07:18:01 +00:00
#!/bin/bash
#
# User Authentication and Destination Validation
2014-09-21 17:43:21 +00:00
# ----------------------------------------------
2014-07-10 07:18:01 +00:00
#
# This script configures user authentication for Dovecot
# and Postfix (which relies on Dovecot) and destination
2024-07-21 11:01:25 +00:00
# validation by querying an Sqlite3 database of mail users.
2014-07-10 07:18:01 +00:00
source setup/functions.sh # load our functions
source /etc/mailinabox.conf # load global vars
2014-09-21 17:43:21 +00:00
# ### User and Alias Database
2014-07-10 07:18:01 +00:00
# The database of mail users (i.e. authenticated users, who have mailboxes)
# and aliases (forwarders).
db_path = $STORAGE_ROOT /mail/users.sqlite
# Create an empty database if it doesn't yet exist.
2023-12-21 14:58:34 +00:00
if [ ! -f " $db_path " ] ; then
echo " Creating new user database: $db_path " ;
echo "CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT NOT NULL UNIQUE, password TEXT NOT NULL, extra, privileges TEXT NOT NULL DEFAULT '');" | sqlite3 " $db_path " ;
echo "CREATE TABLE aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);" | sqlite3 " $db_path " ;
echo "CREATE TABLE mfa (id INTEGER PRIMARY KEY AUTOINCREMENT, user_id INTEGER NOT NULL, type TEXT NOT NULL, secret TEXT NOT NULL, mru_token TEXT, label TEXT, FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE);" | sqlite3 " $db_path " ;
echo "CREATE TABLE auto_aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);" | sqlite3 " $db_path " ;
2014-07-10 07:18:01 +00:00
fi
2014-09-21 17:43:21 +00:00
# ### User Authentication
2014-07-10 07:18:01 +00:00
# Have Dovecot query our database, and not system users, for authentication.
sed -i "s/#*\(\!include auth-system.conf.ext\)/#\1/" /etc/dovecot/conf.d/10-auth.conf
sed -i "s/#\(\!include auth-sql.conf.ext\)/\1/" /etc/dovecot/conf.d/10-auth.conf
# Specify how the database is to be queried for user authentication (passdb)
# and where user mailboxes are stored (userdb).
cat > /etc/dovecot/conf.d/auth-sql.conf.ext << EOF;
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
2016-04-24 22:46:37 +00:00
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
2014-07-10 07:18:01 +00:00
}
EOF
2016-04-24 22:46:37 +00:00
# Configure the SQL to query for a user's metadata and password.
2014-07-10 07:18:01 +00:00
cat > /etc/dovecot/dovecot-sql.conf.ext << EOF;
driver = sqlite
connect = $db_path
default_pass_scheme = SHA512-CRYPT
password_query = SELECT email as user, password FROM users WHERE email = '%u' ;
2016-06-02 11:42:53 +00:00
user_query = SELECT email AS user, "mail" as uid, "mail" as gid, " $STORAGE_ROOT /mail/mailboxes/%d/%n " as home FROM users WHERE email = '%u' ;
2016-04-24 22:46:37 +00:00
iterate_query = SELECT email AS user FROM users;
2014-07-10 07:18:01 +00:00
EOF
chmod 0600 /etc/dovecot/dovecot-sql.conf.ext # per Dovecot instructions
# Have Dovecot provide an authorization service that Postfix can access & use.
cat > /etc/dovecot/conf.d/99-local-auth.conf << EOF;
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
}
EOF
2018-11-30 14:49:00 +00:00
# And have Postfix use that service. We *disable* it here
# so that authentication is not permitted on port 25 (which
# does not run DKIM on relayed mail, so outbound mail isn't
# correct, see #830), but we enable it specifically for the
# submission port.
2014-07-10 07:18:01 +00:00
tools/editconf.py /etc/postfix/main.cf \
smtpd_sasl_type = dovecot \
smtpd_sasl_path = private/auth \
2018-11-30 14:49:00 +00:00
smtpd_sasl_auth_enable = no
2014-07-10 07:18:01 +00:00
2015-06-20 10:27:18 +00:00
# ### Sender Validation
2015-08-14 23:05:08 +00:00
# We use Postfix's reject_authenticated_sender_login_mismatch filter to
# prevent intra-domain spoofing by logged in but untrusted users in outbound
# email. In all outbound mail (the sender has authenticated), the MAIL FROM
# address (aka envelope or return path address) must be "owned" by the user
# who authenticated. An SQL query will find who are the owners of any given
# address.
2015-06-20 10:27:18 +00:00
tools/editconf.py /etc/postfix/main.cf \
smtpd_sender_login_maps = sqlite:/etc/postfix/sender-login-maps.cf
2015-08-14 23:05:08 +00:00
# Postfix will query the exact address first, where the priority will be alias
# records first, then user records. If there are no matches for the exact
# address, then Postfix will query just the domain part, which we call
# catch-alls and domain aliases. A NULL permitted_senders column means to
# take the value from the destination column.
2015-06-20 10:27:18 +00:00
cat > /etc/postfix/sender-login-maps.cf << EOF;
dbpath = $db_path
2015-08-14 23:05:08 +00:00
query = SELECT permitted_senders FROM ( SELECT permitted_senders, 0 AS priority FROM aliases WHERE source = '%s' AND permitted_senders IS NOT NULL UNION SELECT destination AS permitted_senders, 1 AS priority FROM aliases WHERE source = '%s' AND permitted_senders IS NULL UNION SELECT email as permitted_senders, 2 AS priority FROM users WHERE email = '%s' ) ORDER BY priority LIMIT 1;
2015-06-20 10:27:18 +00:00
EOF
2014-09-21 17:43:21 +00:00
# ### Destination Validation
2014-07-10 07:18:01 +00:00
# Use a Sqlite3 database to check whether a destination email address exists,
2021-09-18 23:54:48 +00:00
# and to perform any email alias rewrites in Postfix. Additionally, we disable
# SMTPUTF8 because Dovecot's LMTP server that delivers mail to inboxes does
# not support it, and if a message is received with the SMTPUTF8 flag it will
# bounce.
2014-07-10 07:18:01 +00:00
tools/editconf.py /etc/postfix/main.cf \
2021-09-18 23:54:48 +00:00
smtputf8_enable = no \
2014-07-10 07:18:01 +00:00
virtual_mailbox_domains = sqlite:/etc/postfix/virtual-mailbox-domains.cf \
virtual_mailbox_maps = sqlite:/etc/postfix/virtual-mailbox-maps.cf \
virtual_alias_maps = sqlite:/etc/postfix/virtual-alias-maps.cf \
local_recipient_maps = \$ virtual_mailbox_maps
2015-08-14 23:05:08 +00:00
# SQL statement to check if we handle incoming mail for a domain, either for users or aliases.
2014-07-10 07:18:01 +00:00
cat > /etc/postfix/virtual-mailbox-domains.cf << EOF;
dbpath = $db_path
2021-09-18 23:26:31 +00:00
query = SELECT 1 FROM users WHERE email LIKE '%%@%s' UNION SELECT 1 FROM aliases WHERE source LIKE '%%@%s' UNION SELECT 1 FROM auto_aliases WHERE source LIKE '%%@%s'
2014-07-10 07:18:01 +00:00
EOF
2015-08-14 23:05:08 +00:00
# SQL statement to check if we handle incoming mail for a user.
2014-07-10 07:18:01 +00:00
cat > /etc/postfix/virtual-mailbox-maps.cf << EOF;
dbpath = $db_path
query = SELECT 1 FROM users WHERE email = '%s'
EOF
# SQL statement to rewrite an email address if an alias is present.
2015-06-21 12:22:11 +00:00
#
# Postfix makes multiple queries for each incoming mail. It first
# queries the whole email address, then just the user part in certain
# locally-directed cases (but we don't use this), then just `@`+the
# domain part. The first query that returns something wins. See
# http://www.postfix.org/virtual.5.html.
#
# virtual-alias-maps has precedence over virtual-mailbox-maps, but
# we don't want catch-alls and domain aliases to catch mail for users
# that have been defined on those domains. To fix this, we not only
# query the aliases table but also the users table when resolving
# aliases, i.e. we turn users into aliases from themselves to
# themselves. That means users will match in postfix's first query
# before postfix gets to the third query for catch-alls/domain alises.
#
2014-09-27 11:39:50 +00:00
# If there is both an alias and a user for the same address either
# might be returned by the UNION, so the whole query is wrapped in
2015-06-21 12:22:11 +00:00
# another select that prioritizes the alias definition to preserve
# postfix's preference for aliases for whole email addresses.
2015-08-14 23:05:08 +00:00
#
# Since we might have alias records with an empty destination because
# it might have just permitted_senders, skip any records with an
# empty destination here so that other lower priority rules might match.
2014-07-10 07:18:01 +00:00
cat > /etc/postfix/virtual-alias-maps.cf << EOF;
dbpath = $db_path
2021-09-18 23:23:31 +00:00
query = SELECT destination from ( SELECT destination, 0 as priority FROM aliases WHERE source = '%s' AND destination<>'' UNION SELECT email as destination, 1 as priority FROM users WHERE email = '%s' UNION SELECT destination, 2 as priority FROM auto_aliases WHERE source = '%s' AND destination<>'' ) ORDER BY priority LIMIT 1;
2014-07-10 07:18:01 +00:00
EOF
# Restart Services
##################
2014-07-16 13:06:45 +00:00
restart_service postfix
restart_service dovecot
2014-07-10 07:18:01 +00:00