Commit 7cfbad9d authored by MrMan's avatar MrMan

Minimize sasl config

parent e80af369
Pipeline #47877545 failed with stage
in 2 minutes and 46 seconds
......@@ -279,8 +279,9 @@ impl SupportsVMailboxLookup for SQLiteDB {
}
#[derive(Template)]
#[template(path = "config/cyrus_sasl/sqlite_smtpd.conf.jinja")]
#[template(path = "config/cyrus_sasl/smtpd.conf.jinja")]
pub struct CyrusSMTPDCfgTemplate {
db_type: DBType,
filename: String,
generation_time: String,
abs_db_path: String
......@@ -301,6 +302,7 @@ impl SupportsCyrusAuth for SQLiteDB {
let filename = self.cyrus_config_file_name()?;
let template = CyrusSMTPDCfgTemplate {
db_type: DBType::SQLite,
filename: filename.to_string(),
generation_time: Local::now().to_string(),
abs_db_path: self.make_absolute_db_path()?
......
......@@ -3,18 +3,16 @@
# Generated at: {{ generation_time }}
# This file configures Cyrus SASL based on current postmgr configuration
{% match db.backend %}
{% match db_type %}
{% when DBType::SQLite %}
## SQLite settings
{% match db.sqlite %}
{% when Some with (cfg) %}
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
sql_engine: sqlite
sql_database: {{ abs_db_path }}
sql_select: SELECT password FROM mailbox_users WHERE username = '%u'
{% when None %}
{% endmatch %}
{% when DBType::PostgreSQL %}
{% endmatch %}
### WARNING: this file was auto-generated by postmgr, avoid editing it by hand ###
# Filename: {{ filename }}
# Generated at: {{ generation_time }}
# This file configures Cyrus SASL
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
sql_engine: sqlite
sql_database: {{ abs_db_path }}
sql_select: SELECT password FROM mailbox_users WHERE username = '%u'
......@@ -745,8 +745,7 @@ smtpd_sasl_path = {{ sasl_cfg_file_path }}
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
# TODO: turn on the restrictions below, (make sure postmaster stuff is done)
# smtpd_sender_restrictions = reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unlisted_sender
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unlisted_sender
smtpd_recipient_restrictions =
permit_sasl_authenticated,
......@@ -755,9 +754,7 @@ smtpd_recipient_restrictions =
# While allowing plaintext auth (by omitting 'noplaintext') is insecure
# the assumption is that the server itself is protected with (START)TLS
#smtp_sasl_security_options = noanonymous
# TODO: remove no-anonymous connection, add/allow setting credentials for postmaster
#smtpd_sasl_security_options = noanonymous # <--- ISSUE IS HERE, noanonymous stops connection, probably good though
smtp_sasl_security_options = noanonymous
## Miscellaneous settings
# Banner
......
......@@ -2,7 +2,7 @@ use common::postmgr::models::user::MailboxUser;
pub fn test_user() -> MailboxUser {
MailboxUser {
email: String::from("test"),
username: String::from("test"),
password: String::from("test"),
quota_gb: 5
}
......
......@@ -75,7 +75,7 @@ pub struct DockerizedPostmgr {
submission_port: u16,
http_port: u16,
// email-related information
// username-related information
pub domain_name: String,
}
......@@ -220,7 +220,7 @@ pub fn send_ehlo(
(stream, reader)
}
/// Perform login with a given username (email address) and password
/// Perform login with a given username and password
pub fn login_with_username_password(
username: &str,
password: &str,
......@@ -244,14 +244,14 @@ pub fn login_with_username_password(
);
line.clear();
// Send username (which is the email address)
// Send username
let cmd = format!("{}\n", base64::encode(&username));
stream.write(cmd.as_bytes()).unwrap();
reader.read_line(&mut line).unwrap();
println!("response to username: [{}]", line.trim());
assert!(
line.contains(SMTP_AUTH_LOGIN_CODE) && line.contains(SMTP_B64_PASSWORD_PROMPT),
"username (email address) sent successfully"
"username (username address) sent successfully"
);
line.clear();
......
......@@ -153,7 +153,7 @@ pub fn test_user_creation() {
// Login with username/pw
let user = fixtures::test_user();
login_with_username_password(
&user.email,
&user.username,
&user.password,
stream,
reader,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment