Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox

Upstream is adding handling for utf8 domains by creating a domain alias @utf8 -> @idna. I'm deviating from this approach by setting multiple email address (idna and utf8) per user and alias where a domain contains non-ascii characters. The maildrop (mailbox) remains the same - all mail goes to the user's mailbox regardless of which email address was used. This is more in line with how other systems (eg. active directory), handle multiple email addresses for a single user. # Conflicts: # README.md # management/mailconfig.py # management/templates/index.html # setup/dns.sh # setup/mail-users.sh
2026-03-04 15:54:48 +01:00 · 2021-10-01 17:43:48 -04:00
parent 4403e65053 113b7bd827
commit 66ac35871e
30 changed files with 1326 additions and 458 deletions
--- a/conf/schema/mfa-totp.schema
+++ b/conf/schema/mfa-totp.schema
@@ -0,0 +1,60 @@
+#
+# MiaB-LDAP's directory schema for time-based one time passwords (TOTP)
+#
+
+objectIdentifier MiabLDAPmfa MiabLDAProot:1
+objectIdentifier MiabLDAPmfaAttributeType MiabLDAPmfa:2
+objectIdentifier MiabLDAPmfaObjectClass MiabLDAPmfa:3
+
+# secret consists of base32 characters (see RFC 4648)
+
+attributetype ( MiabLDAPmfaAttributeType:1
+	DESC 'TOTP secret'
+	NAME 'totpSecret'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	X-ORDERED 'VALUES'
+	EQUALITY caseExactIA5Match )
+
+
+# tokens are a base-10 string of N digits, but set the syntax to
+# IA5String anyway
+
+attributetype ( MiabLDAPmfaAttributeType:2
+	DESC 'TOTP last token used'
+	NAME 'totpMruToken'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	X-ORDERED 'VALUES'
+	EQUALITY caseExactIA5Match )
+
+# the time in nanoseconds since the epoch when the mru token was last
+# used. the time will also be set when a new entry is created even if
+# the corresponding mru token is blank
+
+attributetype ( MiabLDAPmfaAttributeType:3
+	DESC 'TOTP last token used time'
+	NAME 'totpMruTokenTime'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	X-ORDERED 'VALUES'
+	EQUALITY caseExactIA5Match )
+
+# The label is currently any text supplied by the user, which is used
+# as a reminder of where the secret is stored when logging in (where
+# the authenticator app is, that holds the secret). eg "my samsung
+# phone"
+
+attributetype ( MiabLDAPmfaAttributeType:4
+	DESC 'TOTP device label'
+	NAME 'totpLabel'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	X-ORDERED 'VALUES'
+	EQUALITY caseIgnoreIA5Match )
+
+
+# The TOTP objectClass
+
+objectClass ( MiabLDAPmfaObjectClass:1
+	NAME 'totpUser'
+	DESC 'MiaB-LDAP TOTP settings for a user'
+	SUP top
+	AUXILIARY
+	MUST ( totpSecret $ totpMruToken $ totpMruTokenTime $ totpLabel ) )
--- a/conf/schema/namedProperties.schema
+++ b/conf/schema/namedProperties.schema
@@ -0,0 +1,23 @@
+#
+# Auxiliary objectclass to add named properties to an entry
+#
+
+objectIdentifier MiabLDAPadmin MiabLDAProot:3
+objectIdentifier MiabLDAPadminAttributeType MiabLDAPadmin:1
+objectIdentifier MiabLDAPadminObjectClass MiabLDAPadmin:2
+
+attributetype ( MiabLDAPadminAttributeType:1
+	DESC 'Named property'
+	NAME 'namedProperty'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+
+objectClass ( MiabLDAPadminObjectClass:1
+	NAME 'namedProperties'
+	DESC 'Entry contains named properties'
+	SUP top
+	AUXILIARY
+	MAY ( namedProperty )
+	)
--- a/conf/schema/postfix.schema
+++ b/conf/schema/postfix.schema
@@ -0,0 +1,77 @@
+# LDAP Admin Extensions for Postfix MTA support
+#
+# MiaB LDAP UUID(v4): 7392cdda-5ec8-431f-9936-0000273c0167
+#                 or: 1939000794.24264.17183.39222.658243943
+#
+
+objectIdentifier MiabLDAProot 2.25.1939000794.24264.17183.39222.658243943
+objectIdentifier MiabLDAPmail MiabLDAProot:2
+objectIdentifier MiabLDAPmailAttributeType MiabLDAPmail:1
+objectIdentifier MiabLDAPmailObjectClass MiabLDAPmail:2
+
+attributetype ( 1.3.6.1.4.1.15347.2.102 
+	NAME 'transport' 
+	SUP name)
+
+attributetype ( 1.3.6.1.4.1.15347.2.101 
+	NAME 'mailRoutingAddress' 
+	SUP mail )
+
+attributetype ( 1.3.6.1.4.1.15347.2.110 NAME 'maildest'
+	DESC 'Restricted to send only to local network'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+attributetype ( 1.3.6.1.4.1.15347.2.111 NAME 'mailaccess'
+	DESC 'Can be mailed to restricted groups'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+attributetype ( 1.3.6.1.4.1.15347.2.100
+	NAME ( 'maildrop' )
+	DESC 'RFC1274: RFC822 Mailbox'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.1 NAME 'mailbox'
+	DESC 'The absolute path to the mailbox for a mail account in a non-default location'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+# create a mailMember for utf8 email addresses in mailGroups
+attributetype ( MiabLDAPmailAttributeType:1 NAME 'mailMember' DESC 'RFC6532 utf8 email address of group member(s)' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# create a utf8 version of core 'domainComponent'
+attributetype ( MiabLDAPmailAttributeType:2 NAME 'dcIntl' DESC 'UTF8 domain component' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.15347.2.1
+	NAME 'mailUser'
+	DESC 'E-Mail User'
+	SUP top
+	AUXILIARY
+	MUST ( uid $ mail $ maildrop )
+	MAY ( cn $ mailbox $ maildest $ mailaccess )
+	)
+
+objectclass ( 1.3.6.1.4.1.15347.2.2
+	NAME 'mailGroup'
+	DESC 'E-Mail Group'
+	SUP top
+	STRUCTURAL
+	MUST ( cn $ mail )
+	MAY ( mailRoutingAddress $ member $ mailMember $ description )
+	)
+
+objectclass ( 1.3.6.1.4.1.15347.2.3
+	NAME 'transportTable'
+	DESC 'MTA Transport Table'
+	SUP top
+	STRUCTURAL
+	MUST ( cn $ transport )
+	)
+
+# create an auxiliary class to attach to 'domain' objects
+objectClass ( MiabLDAPmailObjectClass:1 NAME 'mailDomain' DESC 'Domain we handle mail for' SUP top AUXILIARY MUST ( dcIntl ) )