Fix for #192: Automatically add domains to provided usernames for SASL

So, according to the documentation, usernames must always include a domain for SASL. In other words. User cannot be `johhny` but `johhny@example.org`. Further info can be found on this ticket: #192 This commit will automatically append domain if one is not provided in `SMTPD_SASL_USERS`.
bokysan · Apr 16, 2024 · b358d71 · b358d71
1 parent bda13b3
commit b358d71
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -209,12 +209,14 @@ To change the log format, set the (unsurprisingly named) variable `LOG_FORMAT=js
 - `XOAUTH2_INITIAL_ACCESS_TOKEN` = Initial OAuth2 access token.
 - `XOAUTH2_INITIAL_REFRESH_TOKEN` = Initial OAuth2 refresh token.
 - `XOAUTH2_TOKEN_ENDPOINT` = Token endpoint provided four your XOAUTH App , GMail use : https://accounts.google.com/o/oauth2/token
-- `SMTPD_SASL_USERS` = Users allow to send mail (ex: user1:pass1,user2:pass2,...)
+- `SMTPD_SASL_USERS` = Users allow to send mail (ex: user1:pass1,user2:pass2,...). *Warning:* Users need to be specified with a domain, as explained
+  on ticket [[#192](https://github.com/bokysan/docker-postfix/issues/192)]. This image will automatically add a domain if one is not provided and will
+  issue a notice when that happens.
 - `MASQUERADED_DOMAINS` = domains where you want to masquerade internal hosts
 - `SMTP_HEADER_CHECKS`= Set to `1` to enable header checks of to a location of the file for header checks
 - `POSTFIX_myhostname` = Set the name of this postfix server
 - `POSTFIX_mynetworks` = Allow sending mails only from specific networks ( default `127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16` )
-- `POSTFIX_message_size_limit` = The maximum size of the messsage, in bytes, by default it's unlimited
+- `POSTFIX_message_size_limit` = The maximum size of the message, in bytes, by default it's unlimited
 - `POSTFIX_<any_postfix_setting>` = provide any additional postfix setting
 
 #### `RELAYHOST`, `RELAYHOST_USERNAME` and `RELAYHOST_PASSWORD`

diff --git a/scripts/common-run.sh b/scripts/common-run.sh
@@ -424,6 +424,8 @@ postfix_setup_xoauth2_post_setup() {
 }
 
 postfix_setup_smtpd_sasl_auth() {
+	local first_bad_user bad_users mydomain message
+	local _user _pwd
 	if [ ! -z "$SMTPD_SASL_USERS" ]; then
 		info "Enable smtpd sasl auth."
 		do_postconf -e "smtpd_sasl_auth_enable=yes"
@@ -435,19 +437,41 @@ pwcheck_method: auxprop
 auxprop_plugin: sasldb
 mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
 EOF
-		[ ! -d /etc/sasl2 ] && mkdir /etc/sasl2
-		ln -s /etc/postfix/sasl/smtpd.conf /etc/sasl2/
+		[[ ! -d /etc/sasl2 ]] && mkdir /etc/sasl2
+		ln -s -f /etc/postfix/sasl/smtpd.conf /etc/sasl2/
 
+		bad_users=""
+		mydomain="$(postconf -h mydomain)"
 		# sasldb2
 		echo $SMTPD_SASL_USERS | tr , \\n > /tmp/passwd
 		while IFS=':' read -r _user _pwd; do
-			echo $_pwd | saslpasswd2 -p -c $_user
+			# Fix for issue https://github.com/bokysan/docker-postfix/issues/192
+			if [[ "$_user" = *@* ]]; then
+				echo $_pwd | saslpasswd2 -p -c $_user
+			else
+				if [[ -z "$bad_users" ]]; then
+					bad_users="${emphasis}${_user}${reset}"
+					first_bad_user="${_user}"
+				else
+					bad_users="${bad_users},${emphasis}${_user}${reset}"
+				fi
+				echo $_pwd | saslpasswd2 -p -c -u $mydomain $_user
+			fi
 		done < /tmp/passwd
 
 		rm -f /tmp/passwd
 
-		[ -f /etc/sasldb2 ] && chown postfix:postfix /etc/sasldb2
-		[ -f /etc/sasl2/sasldb2 ] && chown postfix:postfix /etc/sasl2/sasldb2
+		[[ -f /etc/sasldb2 ]] && chown postfix:postfix /etc/sasldb2
+		[[ -f /etc/sasl2/sasldb2 ]] && chown postfix:postfix /etc/sasl2/sasldb2
+
+		if [[ -n "$bad_users" ]]; then
+			notice "$(printf '%s' \
+				"Some SASL users (${bad_users}) were specified without the domain. Container domain (${emphasis}${mydomain}${reset}) was automatically applied. " \
+				"If this was an intended behavour, you can safely ignore this message. To prevent the message in the future, specify your usernames with domain " \
+				"name, e.g. ${emphasis}${first_bad_user}@${mydomain}:<pass>${reset}. For more info, see https://github.com/bokysan/docker-postfix/issues/192"			
+			)"
+		fi
+
   		debug 'Sasldb configured'
 	fi
 }

diff --git a/unit-tests/000_test-multi-comment.bats b/unit-tests/000_test-multi-comment.bats
@@ -3,7 +3,7 @@
 load /code/scripts/common.sh
 load /code/scripts/common-run.sh
 
-# 
+
 postconf daemon_directory=/usr/libexec/postfix
 
 if [[ ! -f /etc/postfix/main.test-multi-comment ]]; then

diff --git a/unit-tests/026_postfix_setup_smtpd_sasl_auth.bats b/unit-tests/026_postfix_setup_smtpd_sasl_auth.bats
@@ -0,0 +1,22 @@
+#!/usr/bin/env bats
+
+load /code/scripts/common.sh
+load /code/scripts/common-run.sh
+
+@test "check if SMTPD_SASL_USERS works with and without domain" {
+	local db_file
+	local SMTPD_SASL_USERS="hello:world,foo@example.com:bar"
+	do_postconf -e 'mydomain=example.org'
+	postfix_setup_smtpd_sasl_auth
+
+	postfix check
+
+	[[ -f /etc/postfix/sasl/smtpd.conf ]]
+	[[ -f /etc/sasl2/smtpd.conf ]]
+	[[ -f /etc/sasldb2 ]] || [[ -f /etc/sasl2/sasldb2 ]]
+
+	sasldblistusers2 | grep -qE "^hello@example.org:"
+	sasldblistusers2 | grep -qE "^foo@example.com:"
+
+}
+