Commit 66675ff2 authored by Joshua Tauberer's avatar Joshua Tauberer

Dovecot LMTP accepted all mail regardless of whether destination was a user,...

Dovecot LMTP accepted all mail regardless of whether destination was a user, broken by ae8cd4ef, fixes #852

In the earlier commit, I added a Dovecot userdb lookup. Without a userdb lookup, Dovecot would use the password db for user lookups. With a userdb lookup we can support iterating over users.

But I forgot the WHERE clause in the query, resulting in every incoming message being accepted if the user database contained any users at all. Since the mailbox path template is the same for all users, mail was delivered correctly except that mail that should have been rejected was delivered too.
parent 9ee2d946
CHANGELOG CHANGELOG
========= =========
In Development
--------------
* Domain aliases (and misconfigured aliases/catch-alls with non-existent local targets) would accept mail and deliver it to new mailbox folders on disk, even if the target address didn't correspond with an existing mail user. This issue was introduced in v0.18.
v0.18b (May 16, 2016)
---------------------
* Fixed a Roundcube user accounts issue introduced in v0.18.
v0.18 (May 15, 2016) v0.18 (May 15, 2016)
-------------------- --------------------
v0.18b was released immediately after fixing a Roundcube user accounts issue.
ownCloud: ownCloud:
* Updated to ownCloud to 8.2.3 * Updated to ownCloud to 8.2.3
......
...@@ -49,7 +49,7 @@ driver = sqlite ...@@ -49,7 +49,7 @@ driver = sqlite
connect = $db_path connect = $db_path
default_pass_scheme = SHA512-CRYPT default_pass_scheme = SHA512-CRYPT
password_query = SELECT email as user, password FROM users WHERE email='%u'; password_query = SELECT email as user, password FROM users WHERE email='%u';
user_query = SELECT email AS user, "mail" as uid, "mail" as gid, "$STORAGE_ROOT/mail/mailboxes/%d/%n" as home FROM users; user_query = SELECT email AS user, "mail" as uid, "mail" as gid, "$STORAGE_ROOT/mail/mailboxes/%d/%n" as home FROM users WHERE email='%u';
iterate_query = SELECT email AS user FROM users; iterate_query = SELECT email AS user FROM users;
EOF EOF
chmod 0600 /etc/dovecot/dovecot-sql.conf.ext # per Dovecot instructions chmod 0600 /etc/dovecot/dovecot-sql.conf.ext # per Dovecot instructions
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment