1
0
mirror of https://github.com/tomav/docker-mailserver.git synced 2024-06-26 00:59:32 +02:00
docker-mailserver/target/dovecot/auth-passwdfile.inc
Brennan Kinney 611a66bf98
fix: Correctly support multiple Dovecot PassDBs (#3812)
* fix: Dovecot PassDB should restrict allowed auth mechanisms

This prevents PassDBs incompatible with certain auth mechanisms from logging failures which accidentally triggers Fail2Ban.

Instead only allow the PassDB to be authenticated against when it's compatible with the auth mechanism used.

* tests: Use `curl` for OAuth2 login test-cases instead of netcat

`curl` provides this capability for both IMAP and SMTP authentication with a bearer token. It supports both `XOAUTH2` and `OAUTHBEARER` mechanisms, as these updated test-cases demonstrate.

* chore: Add entry to `CHANGELOG.md`
2024-01-23 19:11:05 +01:00

21 lines
663 B
SourcePawn

# Authentication for passwd-file users. Included from 10-auth.conf.
#
# Documentation
# PassDB: https://doc.dovecot.org/configuration_manual/authentication/password_databases_passdb/
# UserDB: https://doc.dovecot.org/configuration_manual/authentication/user_databases_userdb/
#
# !!! Attention !!!
# Do not add `scheme=SHA512-CRYPT` to the userdb args. This is not supported.
passdb {
driver = passwd-file
mechanisms = plain login
args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/userdb
}
userdb {
driver = passwd-file
args = username_format=%u /etc/dovecot/userdb
default_fields = uid=docker gid=docker home=/var/mail/%d/%u/home/
}