Compare commits
2 commits
0a2077c04c
...
c953cc5df7
Author | SHA1 | Date | |
---|---|---|---|
c953cc5df7 | |||
7471c24a22 |
5 changed files with 198 additions and 15 deletions
21
Containerfile
Normal file
21
Containerfile
Normal file
|
@ -0,0 +1,21 @@
|
|||
FROM golang:1.19-alpine AS build-env
|
||||
|
||||
# Required for mattn/go-sqlite3
|
||||
ENV CGO_ENABLED=1
|
||||
|
||||
RUN set -ex && \
|
||||
apk upgrade --no-cache --available && \
|
||||
apk add --no-cache build-base gcc musl-dev
|
||||
|
||||
WORKDIR /maddy-hostux-check-password
|
||||
|
||||
COPY go.mod go.sum ./
|
||||
RUN go mod download
|
||||
|
||||
COPY . ./
|
||||
|
||||
RUN make
|
||||
|
||||
FROM foxcpp/maddy:0.6
|
||||
|
||||
COPY --from=build-env /maddy-hostux-check-password/build/maddy-hostux-check-password /bin/maddy-hostux-check-password
|
2
Makefile
2
Makefile
|
@ -14,7 +14,7 @@ BUILD_DIR := ./build
|
|||
GO := go
|
||||
|
||||
# Flags for go build
|
||||
BUILD_FLAGS := -o $(BUILD_DIR)/$(APP_NAME)
|
||||
BUILD_FLAGS := -o $(BUILD_DIR)/$(APP_NAME) -tags netgo -ldflags "-s -w -extldflags '-static'"
|
||||
|
||||
.PHONY: all build clean
|
||||
|
||||
|
|
138
README.md
Normal file
138
README.md
Normal file
|
@ -0,0 +1,138 @@
|
|||
# Password Check Utility for Maddy
|
||||
|
||||
Features:
|
||||
* Authenticates email accounts against the SQLite database used by Hostux panel
|
||||
* Updates "last accessed" on a successful authentication
|
||||
|
||||
Configuration through environment variables:
|
||||
* `HOSTUX_EMAIL_DATABASE_SQLITE`: required, path to the database containing the email addresses
|
||||
* `HOSTUX_EMAIL_CHECKPW_LOGFILE`: if set, logs are written to the path indicated
|
||||
|
||||
## Testing
|
||||
|
||||
### Maddy
|
||||
|
||||
Build the image:
|
||||
```bash
|
||||
docker build -f Containerfile -t hostux/maddy:latest .
|
||||
```
|
||||
|
||||
For `maddy.conf`:
|
||||
```conf
|
||||
$(hostname) = {env:MADDY_HOSTNAME}
|
||||
$(primary_domain) = {env:MADDY_DOMAIN}
|
||||
$(local_domains) = $(primary_domain)
|
||||
|
||||
tls off
|
||||
|
||||
auth.external hostux_auth {
|
||||
helper /bin/checkpw
|
||||
perdomain yes
|
||||
domains $(local_domains)
|
||||
}
|
||||
|
||||
storage.imapsql local_mailboxes {
|
||||
driver sqlite3
|
||||
dsn imapsql.db
|
||||
}
|
||||
|
||||
hostname $(hostname)
|
||||
|
||||
table.chain local_rewrites {
|
||||
optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
|
||||
optional_step static {
|
||||
entry postmaster postmaster@$(primary_domain)
|
||||
}
|
||||
optional_step file /etc/maddy/aliases
|
||||
}
|
||||
|
||||
msgpipeline local_routing {
|
||||
destination postmaster $(local_domains) {
|
||||
modify {
|
||||
replace_rcpt &local_rewrites
|
||||
}
|
||||
|
||||
deliver_to &local_mailboxes
|
||||
}
|
||||
|
||||
default_destination {
|
||||
reject 550 5.1.1 "User doesn't exist"
|
||||
}
|
||||
}
|
||||
|
||||
smtp tcp://0.0.0.0:25 {
|
||||
limits {
|
||||
all rate 20 1s
|
||||
all concurrency 10
|
||||
}
|
||||
|
||||
dmarc yes
|
||||
check {
|
||||
require_mx_record
|
||||
dkim
|
||||
spf
|
||||
}
|
||||
|
||||
source $(local_domains) {
|
||||
reject 501 5.1.8 "Use Submission for outgoing SMTP"
|
||||
}
|
||||
default_source {
|
||||
destination postmaster $(local_domains) {
|
||||
deliver_to &local_routing
|
||||
}
|
||||
default_destination {
|
||||
reject 550 5.1.1 "User doesn't exist"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
imap tcp://0.0.0.0:143 {
|
||||
auth &hostux_auth
|
||||
storage &local_mailboxes
|
||||
}
|
||||
```
|
||||
|
||||
```bash
|
||||
docker volume create maddydata
|
||||
docker network create maddy-test
|
||||
|
||||
docker run --rm \
|
||||
--name maddy \
|
||||
-e MADDY_HOSTNAME=mx.maddy.test \
|
||||
-e MADDY_DOMAIN=maddy.test \
|
||||
-e HOSTUX_EMAIL_DATABASE_SQLITE=/email.sqlite \
|
||||
-v maddydata:/data \
|
||||
-v ~/maddy-hostux-check-password/email.sqlite:/email.sqlite \
|
||||
-p 143:143 \
|
||||
hostux/maddy:latest
|
||||
|
||||
docker run --rm -it -v maddydata:/data --entrypoint ash foxcpp/maddy:0.6
|
||||
```
|
||||
|
||||
### CLI Imap Client
|
||||
|
||||
```bash
|
||||
pip install imap-cli
|
||||
export PATH="$PATH:/home/louis_guidez76/.local/bin"
|
||||
```
|
||||
|
||||
In `~/.config/imap-cli`:
|
||||
```ini
|
||||
[imap]
|
||||
hostname = localhost
|
||||
username = louis@hostux.fr
|
||||
password = ...
|
||||
ssl = False
|
||||
|
||||
[display]
|
||||
format_list =
|
||||
ID: {mail_id}
|
||||
Flags: {flags}
|
||||
From: {from}
|
||||
To: {to}
|
||||
Date: {date}
|
||||
Subject: {subject}
|
||||
format_thread = {uid} {subject} <<< FROM {from}
|
||||
format_status = {directory:>20} : {count:>5} Mails - {unseen:>5} Unseen - {recent:>5} Recent
|
||||
limit = 10
|
||||
```
|
2
go.mod
2
go.mod
|
@ -1,6 +1,6 @@
|
|||
module main
|
||||
|
||||
go 1.21.6
|
||||
go 1.21
|
||||
|
||||
require (
|
||||
github.com/mattn/go-sqlite3 v1.14.22
|
||||
|
|
50
main.go
50
main.go
|
@ -17,26 +17,25 @@ import (
|
|||
* 2: other error
|
||||
*/
|
||||
func main() {
|
||||
// Checks usage
|
||||
if len(os.Args) != 2 {
|
||||
fmt.Println("Usage: hostux_check_credentials [database.sqlite]")
|
||||
// Opens the SQLite database
|
||||
dbFile, dbFileSet := os.LookupEnv("HOSTUX_EMAIL_DATABASE_SQLITE")
|
||||
if !dbFileSet {
|
||||
logMessage("Environment variable HOSTUX_EMAIL_DATABASE_SQLITE must be set.")
|
||||
os.Exit(2)
|
||||
}
|
||||
|
||||
// Opens the SQLite database
|
||||
dbFile := os.Args[1]
|
||||
db, err := sql.Open("sqlite3", dbFile)
|
||||
if err != nil {
|
||||
fmt.Println("Error opening database:", err)
|
||||
logMessage("Error opening database:", err)
|
||||
os.Exit(2)
|
||||
}
|
||||
defer db.Close()
|
||||
|
||||
// Reads stdin input (email address, password, each ends with \n)
|
||||
var emailAddress, password string
|
||||
fmt.Println("Enter email address:")
|
||||
logMessage("Enter email address:")
|
||||
fmt.Scanln(&emailAddress)
|
||||
fmt.Println("Enter password:")
|
||||
logMessage("Enter password:")
|
||||
fmt.Scanln(&password)
|
||||
|
||||
// Finds database records
|
||||
|
@ -44,7 +43,7 @@ func main() {
|
|||
LEFT JOIN "email-addresses-passwords" AS eap ON ea.emailAddress = eap.emailAddress
|
||||
WHERE ea.emailAddress = ?`, emailAddress)
|
||||
if err != nil {
|
||||
fmt.Println("Database error: ", err)
|
||||
logMessage("Database error: ", err)
|
||||
os.Exit(2)
|
||||
}
|
||||
defer rows.Close()
|
||||
|
@ -56,7 +55,7 @@ func main() {
|
|||
|
||||
err := rows.Scan(&id, &hashedPassword)
|
||||
if err != nil {
|
||||
fmt.Println("Database error: ", err)
|
||||
logMessage("Database error: ", err)
|
||||
os.Exit(2)
|
||||
}
|
||||
|
||||
|
@ -71,11 +70,11 @@ func main() {
|
|||
WHERE id = ?`, time.Now().Format(time.RFC3339), id)
|
||||
|
||||
if err != nil {
|
||||
fmt.Println("Database error: ", err)
|
||||
logMessage("Database error: ", err)
|
||||
os.Exit(2)
|
||||
}
|
||||
|
||||
fmt.Println("Authentication successful")
|
||||
logMessage("Authentication successful")
|
||||
os.Exit(0)
|
||||
}
|
||||
}
|
||||
|
@ -84,6 +83,31 @@ func main() {
|
|||
// * either there were no records
|
||||
// * or no record matched the provided password
|
||||
|
||||
fmt.Println("Authentication failed: account not found or password incorrect")
|
||||
logMessage("Authentication failed: account not found or password incorrect")
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
func logMessage(args ...interface{}) error {
|
||||
// Print the message to the console
|
||||
fmt.Println(args...)
|
||||
|
||||
// Log to file if required
|
||||
logFile, logFileSet := os.LookupEnv("HOSTUX_EMAIL_CHECKPW_LOGFILE")
|
||||
if logFileSet {
|
||||
// Open the file in append mode, create it if it doesn't exist
|
||||
file, err := os.OpenFile(logFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
// Write the message to the file
|
||||
_, err = fmt.Fprintln(file, args...)
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
Reference in a new issue