1. Zhang Huangbin
  2. iredmail

Commits

Zhang Huangbin  committed 069e92e

Improved Dovecot SQL/LDAP query, so that we can disable IMAP service for certiain users, but still able to allow them to use webmail.

  • Participants
  • Parent commits 82bd4ab
  • Branches default

Comments (0)

Files changed (8)

File iRedMail/ChangeLog

View file
       deliver agent in Postfix, you need to use one of below:
         - LMTP socket: lmtp:unix:private/dovecot-lmtp
         - LMTP inet listener: lmtp:inet:127.0.0.1:24
+
     * New columns for MySQL and PostgreSQL backends:
+        + mailbox.enablewebmail: used in Dovecot, so that we can disable
+          IMAP service for certain users, but still allow them to use webmail.
         + mailbox.enablelmtp: used by Dovecot LMTP server.
         + mailbox.settings: used to store per-user settings, used in
           iRedAdmin-Pro.
         + admin.settings: used to store per-user settings, used in
           iRedAdmin-Pro.
         + alias.islist: used to mark a sql record is a mail list account.
+
+    * New LDAP attribute/value pairs for mail users:
+        + enabledService=lmtp: used by Dovecot LMTP server.
+        + enabledService=webmail-127.0.0.1-imapsecured: used in Dovecot, so
+          that we can disable IMAP service for certain users, but still allow
+          them to use webmail hosted on localhost (127.0.0.1). If you have
+          multiple servers which runs webmail application, add more values
+          like 'enabledService=webmail-xx.xx.xx.xx-imapsecured'.
+
     * Disable 'smtp_tls_security_level=may', doesn't work very well with
       self-signed SSL certificate, especially sending email from Gmail.
-    * New column for SQL backends (mailbox.enablelmtp) and new attribute/value
-      pair for LDAP mail user: enabledService=lmtp. Used for LMTP service.
 
     * Fixed issues:
         + Postfix cannot resolve IP address under chroot on RHEL/CentOS.

File iRedMail/functions/ldap_server.sh

View file
 ${LDAP_ENABLED_SERVICE}: ${LDAP_SERVICE_SHADOW_ADDRESS}
 ${LDAP_ENABLED_SERVICE}: ${LDAP_SERVICE_LIB_STORAGE}
 ${LDAP_ENABLED_SERVICE}: ${LDAP_SERVICE_DOMAIN_ADMIN}
+${LDAP_ENABLED_SERVICE}: ${LDAP_SERVICE_WEBMAIL}-127.0.0.1-imapsecured
 ${LDAP_ATTR_DOMAIN_GLOBALADMIN}: yes
 EOF
 }

File iRedMail/samples/dovecot/dovecot-ldap.conf

View file
 #iterate_attrs   = mail=user
 #iterate_filter  = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail))
 
-user_filter     = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
+user_filter     = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(|(enabledService=%Ls%Lc)(enabledService=webmail-%r-%Ls%Lc))(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
 user_attrs      = mail=user,homeDirectory=home,=mail=maildir:~/Maildir/,mailQuota=quota_rule=*:bytes=%$
-pass_filter     = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
+pass_filter     = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(|(enabledService=%Ls%Lc)(enabledService=webmail-%r-%Ls%Lc))(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
 pass_attrs      = mail=user,userPassword=password
 default_pass_scheme = CRYPT

File iRedMail/samples/dovecot/dovecot-sql.conf

View file
 FROM mailbox,domain \
 WHERE mailbox.username='%u' \
     AND mailbox.domain='%d' \
-    AND mailbox.enable%Ls%Lc=1 \
+    AND (mailbox.enable%Ls%Lc=1 OR (mailbox.enablewebmail=1 AND '%Ls%Lc'='imapsecured' AND '%r'='127.0.0.1')) \
     AND mailbox.domain=domain.domain \
     AND domain.backupmx=0 \
     AND domain.active=1 \

File iRedMail/samples/iredmail.mysql

View file
     enablepop3secured TINYINT(1) NOT NULL DEFAULT 1,
     enableimap TINYINT(1) NOT NULL DEFAULT 1,
     enableimapsecured TINYINT(1) NOT NULL DEFAULT 1,
+    enablewebmail TINYINT(1) NOT NULL DEFAULT 1,
     enabledeliver TINYINT(1) NOT NULL DEFAULT 1,
     enablelda TINYINT(1) NOT NULL DEFAULT 1,
     enablemanagesieve TINYINT(1) NOT NULL DEFAULT 1,
     INDEX (enablepop3secured),
     INDEX (enableimap),
     INDEX (enableimapsecured),
+    INDEX (enablewebmail),
     INDEX (enabledeliver),
     INDEX (enablelda),
     INDEX (enablemanagesieve),

File iRedMail/samples/iredmail.pgsql

View file
     enablepop3secured INT2 NOT NULL DEFAULT 1,
     enableimap INT2 NOT NULL DEFAULT 1,
     enableimapsecured INT2 NOT NULL DEFAULT 1,
+    enablewebmail INT2 NOT NULL DEFAULT 1,
     enabledeliver INT2 NOT NULL DEFAULT 1,
     enablelda INT2 NOT NULL DEFAULT 1,
     enablemanagesieve INT2 NOT NULL DEFAULT 1,
 CREATE INDEX idx_mailbox_enablepop3secured ON mailbox (enablepop3secured);
 CREATE INDEX idx_mailbox_enableimap ON mailbox (enableimap);
 CREATE INDEX idx_mailbox_enableimapsecured ON mailbox (enableimapsecured);
+CREATE INDEX idx_mailbox_webmail ON mailbox (enablewebmail);
 CREATE INDEX idx_mailbox_enabledeliver ON mailbox (enabledeliver);
 CREATE INDEX idx_mailbox_enablelda ON mailbox (enablelda);
 CREATE INDEX idx_mailbox_enablemanagesieve ON mailbox (enablemanagesieve);

File iRedMail/tools/create_mail_user_OpenLDAP.py

View file
         ('mtaTransport',        ['dovecot']),
         ('enabledService',      ['internal', 'doveadm', 'lib-storage',
                                  'mail', 'smtp', 'smtpsecured',
-                                 'pop3', 'pop3secured', 'imap', 'imapsecured',
-                                'deliver', 'lda', 'forward', 'senderbcc', 'recipientbcc',
+                                 'pop3', 'pop3secured',
+                                 'imap', 'imapsecured',
+                                 'webmail-127.0.0.1-imapsecured',   # Webmail on localhost
+                                 'deliver', 'lda', 'forward', 'senderbcc', 'recipientbcc',
                                  'managesieve', 'managesievesecured',
                                  'sieve', 'sievesecured', 'lmtp',
                                  'shadowaddress',

File iRedMail/tools/create_mail_user_OpenLDAP.sh

View file
 enabledService: pop3secured
 enabledService: imap
 enabledService: imapsecured
+enabledService: webmail-127.0.0.1-imapsecured
 enabledService: managesieve
 enabledService: managesievesecured
 enabledService: sieve