use environment variables for dynamic configuration

Containerfile

@@ -0,0 +1,21 @@
+FROM golang:1.19-alpine AS build-env
+
+# Required for mattn/go-sqlite3
+ENV CGO_ENABLED=1
+
+RUN set -ex && \
+    apk upgrade --no-cache --available && \
+    apk add --no-cache build-base gcc musl-dev
+
+WORKDIR /maddy-hostux-check-password
+
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY . ./
+
+RUN make
+
+FROM foxcpp/maddy:0.6
+
+COPY --from=build-env /maddy-hostux-check-password/build/maddy-hostux-check-password /bin/maddy-hostux-check-password

Makefile

@@ -14,7 +14,7 @@ BUILD_DIR := ./build
 GO := go
 
 # Flags for go build
-BUILD_FLAGS := -o $(BUILD_DIR)/$(APP_NAME)
+BUILD_FLAGS := -o $(BUILD_DIR)/$(APP_NAME) -tags netgo  -ldflags "-s -w -extldflags '-static'"
 
 .PHONY: all build clean
 

README.md

@@ -0,0 +1,138 @@
+# Password Check Utility for Maddy
+
+Features:
+* Authenticates email accounts against the SQLite database used by Hostux panel
+* Updates "last accessed" on a successful authentication
+
+Configuration through environment variables:
+* `HOSTUX_EMAIL_DATABASE_SQLITE`: required, path to the database containing the email addresses
+* `HOSTUX_EMAIL_CHECKPW_LOGFILE`: if set, logs are written to the path indicated
+
+## Testing
+
+### Maddy
+
+Build the image:
+```bash
+docker build -f Containerfile -t hostux/maddy:latest .
+```
+
+For `maddy.conf`:
+```conf
+$(hostname) = {env:MADDY_HOSTNAME}
+$(primary_domain) = {env:MADDY_DOMAIN}
+$(local_domains) = $(primary_domain)
+
+tls off
+
+auth.external hostux_auth {
+    helper /bin/checkpw
+    perdomain yes
+    domains $(local_domains)
+}
+
+storage.imapsql local_mailboxes {
+    driver sqlite3
+    dsn imapsql.db
+}
+
+hostname $(hostname)
+
+table.chain local_rewrites {
+    optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
+    optional_step static {
+        entry postmaster postmaster@$(primary_domain)
+    }
+    optional_step file /etc/maddy/aliases
+}
+
+msgpipeline local_routing {
+    destination postmaster $(local_domains) {
+        modify {
+            replace_rcpt &local_rewrites
+        }
+
+        deliver_to &local_mailboxes
+    }
+
+    default_destination {
+        reject 550 5.1.1 "User doesn't exist"
+    }
+}
+
+smtp tcp://0.0.0.0:25 {
+    limits {
+        all rate 20 1s
+        all concurrency 10
+    }
+
+    dmarc yes
+    check {
+        require_mx_record
+        dkim
+        spf
+    }
+
+    source $(local_domains) {
+        reject 501 5.1.8 "Use Submission for outgoing SMTP"
+    }
+    default_source {
+        destination postmaster $(local_domains) {
+            deliver_to &local_routing
+        }
+        default_destination {
+            reject 550 5.1.1 "User doesn't exist"
+        }
+    }
+}
+
+imap tcp://0.0.0.0:143 {
+    auth &hostux_auth
+    storage &local_mailboxes
+}
+```
+
+```bash
+docker volume create maddydata
+docker network create maddy-test
+
+docker run --rm \
+  --name maddy \
+  -e MADDY_HOSTNAME=mx.maddy.test \
+  -e MADDY_DOMAIN=maddy.test \
+  -e HOSTUX_EMAIL_DATABASE_SQLITE=/email.sqlite \
+  -v maddydata:/data \
+  -v ~/maddy-hostux-check-password/email.sqlite:/email.sqlite \
+  -p 143:143 \
+  hostux/maddy:latest
+
+docker run --rm -it -v maddydata:/data --entrypoint ash foxcpp/maddy:0.6
+```
+
+### CLI Imap Client
+
+```bash
+pip install imap-cli
+export PATH="$PATH:/home/louis_guidez76/.local/bin"
+```
+
+In `~/.config/imap-cli`:
+```ini
+[imap]
+hostname = localhost
+username = louis@hostux.fr
+password = ...
+ssl = False
+
+[display]
+format_list =
+    ID:         {mail_id}
+    Flags:      {flags}
+    From:       {from}
+    To:         {to}
+    Date:       {date}
+    Subject:    {subject}
+format_thread = {uid} {subject} <<< FROM {from}
+format_status = {directory:>20} : {count:>5} Mails - {unseen:>5} Unseen - {recent:>5} Recent
+limit = 10
+```

go.mod

@@ -1,6 +1,6 @@
 module main
 
-go 1.21.6
+go 1.21
 
 require (
 	github.com/mattn/go-sqlite3 v1.14.22

main.go

@@ -17,26 +17,25 @@ import (
  *  2: other error
  */
 func main() {
-	// Checks usage
-	if len(os.Args) != 2 {
-		fmt.Println("Usage: hostux_check_credentials [database.sqlite]")
+	// Opens the SQLite database
+	dbFile, dbFileSet := os.LookupEnv("HOSTUX_EMAIL_DATABASE_SQLITE")
+	if !dbFileSet {
+		logMessage("Environment variable HOSTUX_EMAIL_DATABASE_SQLITE must be set.")
 		os.Exit(2)
 	}
 
-	// Opens the SQLite database
-	dbFile := os.Args[1]
 	db, err := sql.Open("sqlite3", dbFile)
 	if err != nil {
-		fmt.Println("Error opening database:", err)
+		logMessage("Error opening database:", err)
 		os.Exit(2)
 	}
 	defer db.Close()
 
 	// Reads stdin input (email address, password, each ends with \n)
 	var emailAddress, password string
-	fmt.Println("Enter email address:")
+	logMessage("Enter email address:")
 	fmt.Scanln(&emailAddress)
-	fmt.Println("Enter password:")
+	logMessage("Enter password:")
 	fmt.Scanln(&password)
 
 	// Finds database records
@@ -44,7 +43,7 @@ func main() {
 		LEFT JOIN "email-addresses-passwords" AS eap ON ea.emailAddress = eap.emailAddress
 		WHERE ea.emailAddress = ?`, emailAddress)
 	if err != nil {
-		fmt.Println("Database error: ", err)
+		logMessage("Database error: ", err)
 		os.Exit(2)
 	}
 	defer rows.Close()
@@ -56,7 +55,7 @@ func main() {
 
 		err := rows.Scan(&id, &hashedPassword)
 		if err != nil {
-			fmt.Println("Database error: ", err)
+			logMessage("Database error: ", err)
 			os.Exit(2)
 		}
 
@@ -71,11 +70,11 @@ func main() {
 								WHERE id = ?`, time.Now().Format(time.RFC3339), id)
 
 			if err != nil {
-				fmt.Println("Database error: ", err)
+				logMessage("Database error: ", err)
 				os.Exit(2)
 			}
 
-			fmt.Println("Authentication successful")
+			logMessage("Authentication successful")
 			os.Exit(0)
 		}
 	}
@@ -84,6 +83,31 @@ func main() {
 	// * either there were no records
 	// * or no record matched the provided password
 
-	fmt.Println("Authentication failed: account not found or password incorrect")
+	logMessage("Authentication failed: account not found or password incorrect")
 	os.Exit(1)
 }
+
+func logMessage(args ...interface{}) error {
+	// Print the message to the console
+	fmt.Println(args...)
+
+	// Log to file if required
+	logFile, logFileSet := os.LookupEnv("HOSTUX_EMAIL_CHECKPW_LOGFILE")
+	if logFileSet {
+		// Open the file in append mode, create it if it doesn't exist
+		file, err := os.OpenFile(logFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+		if err != nil {
+			return err
+		}
+		defer file.Close()
+
+		// Write the message to the file
+		_, err = fmt.Fprintln(file, args...)
+
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}