Compare commits

...

2 commits

5 changed files with 198 additions and 15 deletions

21
Containerfile Normal file
View file

@ -0,0 +1,21 @@
FROM golang:1.19-alpine AS build-env
# Required for mattn/go-sqlite3
ENV CGO_ENABLED=1
RUN set -ex && \
apk upgrade --no-cache --available && \
apk add --no-cache build-base gcc musl-dev
WORKDIR /maddy-hostux-check-password
COPY go.mod go.sum ./
RUN go mod download
COPY . ./
RUN make
FROM foxcpp/maddy:0.6
COPY --from=build-env /maddy-hostux-check-password/build/maddy-hostux-check-password /bin/maddy-hostux-check-password

View file

@ -14,7 +14,7 @@ BUILD_DIR := ./build
GO := go
# Flags for go build
BUILD_FLAGS := -o $(BUILD_DIR)/$(APP_NAME)
BUILD_FLAGS := -o $(BUILD_DIR)/$(APP_NAME) -tags netgo -ldflags "-s -w -extldflags '-static'"
.PHONY: all build clean

138
README.md Normal file
View file

@ -0,0 +1,138 @@
# Password Check Utility for Maddy
Features:
* Authenticates email accounts against the SQLite database used by Hostux panel
* Updates "last accessed" on a successful authentication
Configuration through environment variables:
* `HOSTUX_EMAIL_DATABASE_SQLITE`: required, path to the database containing the email addresses
* `HOSTUX_EMAIL_CHECKPW_LOGFILE`: if set, logs are written to the path indicated
## Testing
### Maddy
Build the image:
```bash
docker build -f Containerfile -t hostux/maddy:latest .
```
For `maddy.conf`:
```conf
$(hostname) = {env:MADDY_HOSTNAME}
$(primary_domain) = {env:MADDY_DOMAIN}
$(local_domains) = $(primary_domain)
tls off
auth.external hostux_auth {
helper /bin/checkpw
perdomain yes
domains $(local_domains)
}
storage.imapsql local_mailboxes {
driver sqlite3
dsn imapsql.db
}
hostname $(hostname)
table.chain local_rewrites {
optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
optional_step static {
entry postmaster postmaster@$(primary_domain)
}
optional_step file /etc/maddy/aliases
}
msgpipeline local_routing {
destination postmaster $(local_domains) {
modify {
replace_rcpt &local_rewrites
}
deliver_to &local_mailboxes
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
smtp tcp://0.0.0.0:25 {
limits {
all rate 20 1s
all concurrency 10
}
dmarc yes
check {
require_mx_record
dkim
spf
}
source $(local_domains) {
reject 501 5.1.8 "Use Submission for outgoing SMTP"
}
default_source {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
}
imap tcp://0.0.0.0:143 {
auth &hostux_auth
storage &local_mailboxes
}
```
```bash
docker volume create maddydata
docker network create maddy-test
docker run --rm \
--name maddy \
-e MADDY_HOSTNAME=mx.maddy.test \
-e MADDY_DOMAIN=maddy.test \
-e HOSTUX_EMAIL_DATABASE_SQLITE=/email.sqlite \
-v maddydata:/data \
-v ~/maddy-hostux-check-password/email.sqlite:/email.sqlite \
-p 143:143 \
hostux/maddy:latest
docker run --rm -it -v maddydata:/data --entrypoint ash foxcpp/maddy:0.6
```
### CLI Imap Client
```bash
pip install imap-cli
export PATH="$PATH:/home/louis_guidez76/.local/bin"
```
In `~/.config/imap-cli`:
```ini
[imap]
hostname = localhost
username = louis@hostux.fr
password = ...
ssl = False
[display]
format_list =
ID: {mail_id}
Flags: {flags}
From: {from}
To: {to}
Date: {date}
Subject: {subject}
format_thread = {uid} {subject} <<< FROM {from}
format_status = {directory:>20} : {count:>5} Mails - {unseen:>5} Unseen - {recent:>5} Recent
limit = 10
```

2
go.mod
View file

@ -1,6 +1,6 @@
module main
go 1.21.6
go 1.21
require (
github.com/mattn/go-sqlite3 v1.14.22

50
main.go
View file

@ -17,26 +17,25 @@ import (
* 2: other error
*/
func main() {
// Checks usage
if len(os.Args) != 2 {
fmt.Println("Usage: hostux_check_credentials [database.sqlite]")
// Opens the SQLite database
dbFile, dbFileSet := os.LookupEnv("HOSTUX_EMAIL_DATABASE_SQLITE")
if !dbFileSet {
logMessage("Environment variable HOSTUX_EMAIL_DATABASE_SQLITE must be set.")
os.Exit(2)
}
// Opens the SQLite database
dbFile := os.Args[1]
db, err := sql.Open("sqlite3", dbFile)
if err != nil {
fmt.Println("Error opening database:", err)
logMessage("Error opening database:", err)
os.Exit(2)
}
defer db.Close()
// Reads stdin input (email address, password, each ends with \n)
var emailAddress, password string
fmt.Println("Enter email address:")
logMessage("Enter email address:")
fmt.Scanln(&emailAddress)
fmt.Println("Enter password:")
logMessage("Enter password:")
fmt.Scanln(&password)
// Finds database records
@ -44,7 +43,7 @@ func main() {
LEFT JOIN "email-addresses-passwords" AS eap ON ea.emailAddress = eap.emailAddress
WHERE ea.emailAddress = ?`, emailAddress)
if err != nil {
fmt.Println("Database error: ", err)
logMessage("Database error: ", err)
os.Exit(2)
}
defer rows.Close()
@ -56,7 +55,7 @@ func main() {
err := rows.Scan(&id, &hashedPassword)
if err != nil {
fmt.Println("Database error: ", err)
logMessage("Database error: ", err)
os.Exit(2)
}
@ -71,11 +70,11 @@ func main() {
WHERE id = ?`, time.Now().Format(time.RFC3339), id)
if err != nil {
fmt.Println("Database error: ", err)
logMessage("Database error: ", err)
os.Exit(2)
}
fmt.Println("Authentication successful")
logMessage("Authentication successful")
os.Exit(0)
}
}
@ -84,6 +83,31 @@ func main() {
// * either there were no records
// * or no record matched the provided password
fmt.Println("Authentication failed: account not found or password incorrect")
logMessage("Authentication failed: account not found or password incorrect")
os.Exit(1)
}
func logMessage(args ...interface{}) error {
// Print the message to the console
fmt.Println(args...)
// Log to file if required
logFile, logFileSet := os.LookupEnv("HOSTUX_EMAIL_CHECKPW_LOGFILE")
if logFileSet {
// Open the file in append mode, create it if it doesn't exist
file, err := os.OpenFile(logFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
if err != nil {
return err
}
defer file.Close()
// Write the message to the file
_, err = fmt.Fprintln(file, args...)
if err != nil {
return err
}
}
return nil
}