Hostux/maddy-hostux-check-password
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Hostux:c953cc5df75ac3f2a4a7eed4d797f4bfb9ec4519
Branches Tags
Hostux:main
..
compare: Hostux:0a2077c04c6094a2ce997a1905077bc17b807715
Branches Tags
Hostux:main

No commits in common. "c953cc5df75ac3f2a4a7eed4d797f4bfb9ec4519" and "0a2077c04c6094a2ce997a1905077bc17b807715" have entirely different histories.
c953cc5df7 ... 0a2077c04c

5 changed files with 15 additions and 198 deletions
Show stats Expand all files Collapse all files

21
Containerfile
View file

@ -1,21 +0,0 @@
FROM golang:1.19-alpine AS build-env
# Required for mattn/go-sqlite3
ENV CGO_ENABLED=1
RUN set -ex && \
apk upgrade --no-cache --available && \
apk add --no-cache build-base gcc musl-dev
WORKDIR /maddy-hostux-check-password
COPY go.mod go.sum ./
RUN go mod download
COPY . ./
RUN make
FROM foxcpp/maddy:0.6
COPY --from=build-env /maddy-hostux-check-password/build/maddy-hostux-check-password /bin/maddy-hostux-check-password

2
Makefile
View file

@ -14,7 +14,7 @@ BUILD_DIR := ./build
GO := go GO := go
# Flags for go build # Flags for go build
BUILD_FLAGS := -o $(BUILD_DIR)/$(APP_NAME) -tags netgo -ldflags "-s -w -extldflags '-static'" BUILD_FLAGS := -o $(BUILD_DIR)/$(APP_NAME)
.PHONY: all build clean .PHONY: all build clean

138
README.md
View file

@ -1,138 +0,0 @@
# Password Check Utility for Maddy
Features:
* Authenticates email accounts against the SQLite database used by Hostux panel
* Updates "last accessed" on a successful authentication
Configuration through environment variables:
* `HOSTUX_EMAIL_DATABASE_SQLITE`: required, path to the database containing the email addresses
* `HOSTUX_EMAIL_CHECKPW_LOGFILE`: if set, logs are written to the path indicated
## Testing
### Maddy
Build the image:
```bash
docker build -f Containerfile -t hostux/maddy:latest .
```
For `maddy.conf`:
```conf
$(hostname) = {env:MADDY_HOSTNAME}
$(primary_domain) = {env:MADDY_DOMAIN}
$(local_domains) = $(primary_domain)
tls off
auth.external hostux_auth {
helper /bin/checkpw
perdomain yes
domains $(local_domains)
}
storage.imapsql local_mailboxes {
driver sqlite3
dsn imapsql.db
}
hostname $(hostname)
table.chain local_rewrites {
optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
optional_step static {
entry postmaster postmaster@$(primary_domain)
}
optional_step file /etc/maddy/aliases
}
msgpipeline local_routing {
destination postmaster $(local_domains) {
modify {
replace_rcpt &local_rewrites
}
deliver_to &local_mailboxes
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
smtp tcp://0.0.0.0:25 {
limits {
all rate 20 1s
all concurrency 10
}
dmarc yes
check {
require_mx_record
dkim
spf
}
source $(local_domains) {
reject 501 5.1.8 "Use Submission for outgoing SMTP"
}
default_source {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
}
imap tcp://0.0.0.0:143 {
auth &hostux_auth
storage &local_mailboxes
}
```
```bash
docker volume create maddydata
docker network create maddy-test
docker run --rm \
--name maddy \
-e MADDY_HOSTNAME=mx.maddy.test \
-e MADDY_DOMAIN=maddy.test \
-e HOSTUX_EMAIL_DATABASE_SQLITE=/email.sqlite \
-v maddydata:/data \
-v ~/maddy-hostux-check-password/email.sqlite:/email.sqlite \
-p 143:143 \
hostux/maddy:latest
docker run --rm -it -v maddydata:/data --entrypoint ash foxcpp/maddy:0.6
```
### CLI Imap Client
```bash
pip install imap-cli
export PATH="$PATH:/home/louis_guidez76/.local/bin"
```
In `~/.config/imap-cli`:
```ini
[imap]
hostname = localhost
username = louis@hostux.fr
password = ...
ssl = False
[display]
format_list =
ID: {mail_id}
Flags: {flags}
From: {from}
To: {to}
Date: {date}
Subject: {subject}
format_thread = {uid} {subject} <<< FROM {from}
format_status = {directory:>20} : {count:>5} Mails - {unseen:>5} Unseen - {recent:>5} Recent
limit = 10
```

2
go.mod
View file

@ -1,6 +1,6 @@
module main module main
go 1.21 go 1.21.6
require ( require (
github.com/mattn/go-sqlite3 v1.14.22 github.com/mattn/go-sqlite3 v1.14.22

50
main.go
View file

@ -17,25 +17,26 @@ import (
* 2: other error * 2: other error
*/ */
func main() { func main() {
// Opens the SQLite database // Checks usage
dbFile, dbFileSet := os.LookupEnv("HOSTUX_EMAIL_DATABASE_SQLITE") if len(os.Args) != 2 {
if !dbFileSet { fmt.Println("Usage: hostux_check_credentials [database.sqlite]")
logMessage("Environment variable HOSTUX_EMAIL_DATABASE_SQLITE must be set.")
os.Exit(2) os.Exit(2)
} }
// Opens the SQLite database
dbFile := os.Args[1]
db, err := sql.Open("sqlite3", dbFile) db, err := sql.Open("sqlite3", dbFile)
if err != nil { if err != nil {
logMessage("Error opening database:", err) fmt.Println("Error opening database:", err)
os.Exit(2) os.Exit(2)
} }
defer db.Close() defer db.Close()
// Reads stdin input (email address, password, each ends with \n) // Reads stdin input (email address, password, each ends with \n)
var emailAddress, password string var emailAddress, password string
logMessage("Enter email address:") fmt.Println("Enter email address:")
fmt.Scanln(&emailAddress) fmt.Scanln(&emailAddress)
logMessage("Enter password:") fmt.Println("Enter password:")
fmt.Scanln(&password) fmt.Scanln(&password)
// Finds database records // Finds database records
@ -43,7 +44,7 @@ func main() {
LEFT JOIN "email-addresses-passwords" AS eap ON ea.emailAddress = eap.emailAddress LEFT JOIN "email-addresses-passwords" AS eap ON ea.emailAddress = eap.emailAddress
WHERE ea.emailAddress = ?`, emailAddress) WHERE ea.emailAddress = ?`, emailAddress)
if err != nil { if err != nil {
logMessage("Database error: ", err) fmt.Println("Database error: ", err)
os.Exit(2) os.Exit(2)
} }
defer rows.Close() defer rows.Close()
@ -55,7 +56,7 @@ func main() {
err := rows.Scan(&id, &hashedPassword) err := rows.Scan(&id, &hashedPassword)
if err != nil { if err != nil {
logMessage("Database error: ", err) fmt.Println("Database error: ", err)
os.Exit(2) os.Exit(2)
} }
@ -70,11 +71,11 @@ func main() {
WHERE id = ?`, time.Now().Format(time.RFC3339), id) WHERE id = ?`, time.Now().Format(time.RFC3339), id)
if err != nil { if err != nil {
logMessage("Database error: ", err) fmt.Println("Database error: ", err)
os.Exit(2) os.Exit(2)
} }
logMessage("Authentication successful") fmt.Println("Authentication successful")
os.Exit(0) os.Exit(0)
} }
} }
@ -83,31 +84,6 @@ func main() {
// * either there were no records // * either there were no records
// * or no record matched the provided password // * or no record matched the provided password
logMessage("Authentication failed: account not found or password incorrect") fmt.Println("Authentication failed: account not found or password incorrect")
os.Exit(1) os.Exit(1)
} }
func logMessage(args ...interface{}) error {
// Print the message to the console
fmt.Println(args...)
// Log to file if required
logFile, logFileSet := os.LookupEnv("HOSTUX_EMAIL_CHECKPW_LOGFILE")
if logFileSet {
// Open the file in append mode, create it if it doesn't exist
file, err := os.OpenFile(logFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
if err != nil {
return err
}
defer file.Close()
// Write the message to the file
_, err = fmt.Fprintln(file, args...)
if err != nil {
return err
}
}
return nil
}