Store and set alias receivers and senders separately for maximum control

setup/mail-users.sh

@@ -21,7 +21,7 @@ db_path=$STORAGE_ROOT/mail/users.sqlite
 if [ ! -f $db_path ]; then
 	echo Creating new user database: $db_path;
 	echo "CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT NOT NULL UNIQUE, password TEXT NOT NULL, extra, privileges TEXT NOT NULL DEFAULT '');" | sqlite3 $db_path;
-	echo "CREATE TABLE aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, applies_inbound INTEGER NOT NULL DEFAULT 1, applies_outbound INTEGER NOT NULL DEFAULT 1);" | sqlite3 $db_path;
+	echo "CREATE TABLE aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, address TEXT NOT NULL UNIQUE, receivers TEXT NOT NULL, senders TEXT NOT NULL);" | sqlite3 $db_path;
 fi
 
 # ### User Authentication
@@ -82,7 +82,7 @@ tools/editconf.py /etc/postfix/main.cf \
 # Matches from the users table take priority over (direct) aliases.
 cat > /etc/postfix/sender-login-maps.cf << EOF;
 dbpath=$db_path
-query = SELECT destination from (SELECT destination, 0 as priority FROM aliases WHERE source='%s' AND applies_outbound=1 UNION SELECT email as destination, 1 as priority FROM users WHERE email='%s') ORDER BY priority LIMIT 1;
+query = SELECT senders from (SELECT senders, 0 as priority FROM aliases WHERE address='%s' UNION SELECT email as senders, 1 as priority FROM users WHERE email='%s') ORDER BY priority LIMIT 1;
 EOF
 
 # ### Destination Validation
@@ -98,7 +98,7 @@ tools/editconf.py /etc/postfix/main.cf \
 # SQL statement to check if we handle mail for a domain, either for users or aliases.
 cat > /etc/postfix/virtual-mailbox-domains.cf << EOF;
 dbpath=$db_path
-query = SELECT 1 FROM users WHERE email LIKE '%%@%s' UNION SELECT 1 FROM aliases WHERE source LIKE '%%@%s' AND applies_inbound=1
+query = SELECT 1 FROM users WHERE email LIKE '%%@%s' UNION SELECT 1 FROM aliases WHERE address LIKE '%%@%s'
 EOF
 
 # SQL statement to check if we handle mail for a user.
@@ -129,7 +129,7 @@ EOF
 # postfix's preference for aliases for whole email addresses.
 cat > /etc/postfix/virtual-alias-maps.cf << EOF;
 dbpath=$db_path
-query = SELECT destination from (SELECT destination, 0 as priority FROM aliases WHERE source='%s' AND applies_inbound=1 UNION SELECT email as destination, 1 as priority FROM users WHERE email='%s') ORDER BY priority LIMIT 1;
+query = SELECT receivers from (SELECT receivers, 0 as priority FROM aliases WHERE address='%s' UNION SELECT email as receivers, 1 as priority FROM users WHERE email='%s') ORDER BY priority LIMIT 1;
 EOF
 
 # Restart Services

setup/migrate.py

@@ -102,9 +102,56 @@ def migration_8(env):
 	os.unlink(os.path.join(env['STORAGE_ROOT'], 'mail/dkim/mail.private'))
 
 def migration_9(env):
+	# Switch from storing alias ownership in one column (used for both
+	# directions) to two columns (one for determining inbound forward-tos and
+	# one for determining outbound permitted-senders). This was motivated by the
+	# addition of #427 ("Reject outgoing mail if FROM does not match Login") -
+	# which introduced the notion of outbound permitted-senders.
 	db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
-	shell("check_call", ["sqlite3", db, "ALTER TABLE aliases ADD COLUMN applies_inbound INTEGER NOT NULL DEFAULT 1"])
-	shell("check_call", ["sqlite3", db, "ALTER TABLE aliases ADD COLUMN applies_outbound INTEGER NOT NULL DEFAULT 1"])
+	# Move the old aliases table to one side.
+	shell("check_call", ["sqlite3", db, "ALTER TABLE aliases RENAME TO aliases_8"])
+	# Create the new aliases table, initially empty.
+	shell("check_call", ["sqlite3", db, "CREATE TABLE aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, address TEXT NOT NULL UNIQUE, receivers TEXT NOT NULL, senders TEXT NOT NULL)"])
+
+	import sqlite3
+	conn = sqlite3.connect(os.path.join(env["STORAGE_ROOT"], "mail/users.sqlite"))
+
+	c = conn.cursor()
+	c.execute('SELECT email FROM users')
+	valid_logins = [ row[0] for row in c.fetchall() ]
+
+	c = conn.cursor()
+	c.execute('SELECT source, destination FROM aliases_8')
+	aliases = { row[0]: row[1] for row in c.fetchall() }
+
+	# Populate the new aliases table. Forward-to addresses (receivers) is taken
+	# directly from the old destination column. Permitted-sender logins
+	# (senders) is made up of only those addresses in the old destination column
+	# that are valid logins, as other values are not relevant. Their presence
+	# would not do any harm, except that it would make the aliases UI confusing
+	# on upgraded boxes.
+	for source in aliases:
+
+		address = source
+		receivers = aliases[source]
+
+		validated_senders = []
+		for login in aliases[source].split(","):
+			login = login.strip()
+			if login == "": continue
+			if login in valid_logins:
+				validated_senders.append(login)
+
+		senders = ",".join(validated_senders)
+
+		c = conn.cursor()
+		c.execute("INSERT INTO aliases (address, receivers, senders) VALUES (?, ?, ?)", (address, receivers, senders))
+
+	# Save.
+	conn.commit()
+
+	# Delete the old aliases table.
+	shell("check_call", ["sqlite3", db, "DROP TABLE aliases_8"])
 
 def get_current_migration():
 	ver = 0