From 66675ff2e9635fd6f4d13277dbad105e3d89e55a Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Thu, 2 Jun 2016 07:42:53 -0400 Subject: [PATCH] Dovecot LMTP accepted all mail regardless of whether destination was a user, broken by ae8cd4ef, fixes #852 In the earlier commit, I added a Dovecot userdb lookup. Without a userdb lookup, Dovecot would use the password db for user lookups. With a userdb lookup we can support iterating over users. But I forgot the WHERE clause in the query, resulting in every incoming message being accepted if the user database contained any users at all. Since the mailbox path template is the same for all users, mail was delivered correctly except that mail that should have been rejected was delivered too. --- CHANGELOG.md | 12 ++++++++++-- setup/mail-users.sh | 2 +- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a37bd11a..0b5a1141 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,19 @@ CHANGELOG ========= +In Development +-------------- + +* Domain aliases (and misconfigured aliases/catch-alls with non-existent local targets) would accept mail and deliver it to new mailbox folders on disk, even if the target address didn't correspond with an existing mail user. This issue was introduced in v0.18. + +v0.18b (May 16, 2016) +--------------------- + +* Fixed a Roundcube user accounts issue introduced in v0.18. + v0.18 (May 15, 2016) -------------------- -v0.18b was released immediately after fixing a Roundcube user accounts issue. - ownCloud: * Updated to ownCloud to 8.2.3 diff --git a/setup/mail-users.sh b/setup/mail-users.sh index f9cbdbe5..ef9b8118 100755 --- a/setup/mail-users.sh +++ b/setup/mail-users.sh @@ -49,7 +49,7 @@ driver = sqlite connect = $db_path default_pass_scheme = SHA512-CRYPT password_query = SELECT email as user, password FROM users WHERE email='%u'; -user_query = SELECT email AS user, "mail" as uid, "mail" as gid, "$STORAGE_ROOT/mail/mailboxes/%d/%n" as home FROM users; +user_query = SELECT email AS user, "mail" as uid, "mail" as gid, "$STORAGE_ROOT/mail/mailboxes/%d/%n" as home FROM users WHERE email='%u'; iterate_query = SELECT email AS user FROM users; EOF chmod 0600 /etc/dovecot/dovecot-sql.conf.ext # per Dovecot instructions