From c8eaf655cafc5cf20fd08de09ed5adb759357969 Mon Sep 17 00:00:00 2001
From: angus <foobar.angus@gmail.com>
Date: Sat, 16 Apr 2016 16:56:26 +0200
Subject: [PATCH] Allow to provide pre-configured user databases, with
 encrypted passwords already setup. For security reason accounts.cf file must
 not be provided anymore to the container or it will stop with an error
 message! User configuration is only allowed via pre-configured user
 databases. See README.md for instructions. This changes also the way we setup
 users for CI tests: the right databases have been added and Makefile has been
 modified accordingly.

---
 Makefile                                      |   4 +-
 README.md                                     |  10 +++-
 postfix/accounts-db/sasldb2                   | Bin 0 -> 12288 bytes
 postfix/accounts-db/userdb                    |   2 +
 postfix/accounts.cf                           |   1 -
 test/accounts.cf => postfix/disab.accounts.cf |   0
 start-mailserver.sh                           |  43 ++++++------------
 test/accounts-db/sasldb2                      | Bin 0 -> 12288 bytes
 test/accounts-db/userdb                       |   2 +
 test/disab.accounts.cf                        |   2 +
 10 files changed, 32 insertions(+), 32 deletions(-)
 create mode 100644 postfix/accounts-db/sasldb2
 create mode 100644 postfix/accounts-db/userdb
 delete mode 100644 postfix/accounts.cf
 rename test/accounts.cf => postfix/disab.accounts.cf (100%)
 create mode 100644 test/accounts-db/sasldb2
 create mode 100644 test/accounts-db/userdb
 create mode 100644 test/disab.accounts.cf

diff --git a/Makefile b/Makefile
index 9311428d..32684463 100644
--- a/Makefile
+++ b/Makefile
@@ -8,7 +8,7 @@ build:
 
 run:
 	# Copy test files
-	cp test/accounts.cf postfix/
+	cp -a test/accounts-db/ postfix/
 	cp test/main.cf postfix/
 	cp test/virtual postfix/
 	# Run containers
@@ -62,6 +62,6 @@ tests:
 
 clean:
 	# Get default files back
-	git checkout postfix/accounts.cf postfix/main.cf postfix/virtual
+	git checkout postfix/accounts-db postfix/main.cf postfix/virtual
 	# Remove running test containers
 	docker rm -f mail mail_pop3 mail_smtponly mail_fail2ban
diff --git a/README.md b/README.md
index acb30ea7..9ddd7680 100644
--- a/README.md
+++ b/README.md
@@ -52,7 +52,7 @@ Before you open an issue, please have a look this `README`, the [FAQ](https://gi
 
 ### Users
 
-Users are managed in `postfix/accounts.cf`.  
+Users are managed in `postfix/accounts.cf` with the helper script `generate-user-databases`. 
 Just add the full email address and its password separated by a pipe.  
 
 Example:
@@ -60,6 +60,14 @@ Example:
     user1@domain.tld|mypassword
     user2@otherdomain.tld|myotherpassword
 
+Then the user databases for courier and cyrus sasl with encrypted passwords must be generated with the following:
+
+    docker run -ti --rm -v "$(pwd)"/postfix:/tmp/postfix -h mail.domain.com -t tvial/docker-mailserver generate-user-databases
+
+The needed DBs will then be found inside `postfix/accounts-db/` folder.
+
+For **security reason** clear text passwords are no longer allowed on running instances of the image. For that reason the file `postfix/accounts.cf` MUST be removed before starting up the container (it will not start up if that file is still there).
+
 ### Aliases
 
 Please first read [Postfix documentation on virtual aliases](http://www.postfix.org/VIRTUAL_README.html#virtual_alias).
diff --git a/postfix/accounts-db/sasldb2 b/postfix/accounts-db/sasldb2
new file mode 100644
index 0000000000000000000000000000000000000000..e664c9dbbca3b93bab3b6386f28877b1bc1a0b89
GIT binary patch
literal 12288
zcmeI%I|{-;5P;!H3eiGhqrDdh=q>E*?37>v5fWFDh<E}kZ)T&7m1of%W5A@c5V80d
z_QA|%VZUy&A|j6M+Jb&dI=blD-qwYPTTZp{J`kDM$Z)eb%)BzCXH@5CM87*9<9Rc#
zIT`{8Ab<b@2q1s}0tg_000Id7UZ7c{yK?fRd-d!{LjVB;5I_I{1Q0*~0R#|00D(Uf
zaMJxI$n%}aLT8&t*+>$z43gO7h5uZICJk0=(cJX4QLmu&|NA??D;Hb;-#k0k;?;FO
wdH>hFy#H5X%m^TW00IagfB*srAb<b@2z*<h`4?a;rii1gto{8W32XKL1Eb+K82|tP

literal 0
HcmV?d00001

diff --git a/postfix/accounts-db/userdb b/postfix/accounts-db/userdb
new file mode 100644
index 00000000..a52a38c7
--- /dev/null
+++ b/postfix/accounts-db/userdb
@@ -0,0 +1,2 @@
+user1@localhost.localdomain	mail=/var/mail/localhost.localdomain/user1|home=/var/mail/localhost.localdomain/user1|gid=5000|systempw=$1$iq3AGWp2$sCcf9iFXH.cfpbkxhjnxv1|uid=5000
+user2@otherdomain.tld	home=/var/mail/otherdomain.tld/user2|systempw=$1$NEKWjXTp$H1KY2dUwE5EZ8Nitiotdu0|gid=5000|uid=5000|mail=/var/mail/otherdomain.tld/user2
diff --git a/postfix/accounts.cf b/postfix/accounts.cf
deleted file mode 100644
index ecb0f063..00000000
--- a/postfix/accounts.cf
+++ /dev/null
@@ -1 +0,0 @@
-user@domain.tld|mypassword
diff --git a/test/accounts.cf b/postfix/disab.accounts.cf
similarity index 100%
rename from test/accounts.cf
rename to postfix/disab.accounts.cf
diff --git a/start-mailserver.sh b/start-mailserver.sh
index e0d6f0d4..787c8c72 100644
--- a/start-mailserver.sh
+++ b/start-mailserver.sh
@@ -21,6 +21,19 @@ mkpaths () {
   echo ${domain} >> /tmp/vhost.tmp
 }
 
+# must exit with explicit message!
+if [ -f /tmp/postfix/accounts.cf ]; then
+  echo "======================================================================================="
+  echo "SECURITY WARNING ==> ABORTED startup !"
+  echo "The image no longer support running with clear text passwords in accounts.cf!"
+  echo "Accounts must be setup with their utility (generate-user-databases) before starting up"
+  echo "that image AND accounts.cf must be removed when user DBs are setup."
+  echo "If your DBs are already setup please remove the file accounts.cf and restart."
+  echo "For more infos please read the README.md"
+  echo "======================================================================================="
+  exit 1
+fi
+
 if [ -f /tmp/postfix/accounts-db/userdb -a -f /tmp/postfix/accounts-db/sasldb2 ]; then
   CDB="/etc/courier/userdb"
   SASLDB="/etc/sasldb2"
@@ -42,34 +55,8 @@ if [ -f /tmp/postfix/accounts-db/userdb -a -f /tmp/postfix/accounts-db/sasldb2 ]
     done
   makeuserdb
 else 
-  # should exit with explicit message!
-  if [ -f /tmp/postfix/accounts.cf ]; then
-    echo "Regenerating postfix 'vmailbox' and 'virtual' for given users"
-    echo "# WARNING: this file is auto-generated. Modify accounts.cf in postfix directory on host" > /etc/postfix/vmailbox
-  
-    # Checking that /tmp/postfix/accounts.cf ends with a newline
-    sed -i -e '$a\' /tmp/postfix/accounts.cf
-  
-    # Creating users
-    while IFS=$'|' read login pass
-    do
-      # Setting variables for better readability
-      user=$(echo ${login} | cut -d @ -f1)
-      domain=$(echo ${login} | cut -d @ -f2)
-      # Let's go!
-      echo "user '${user}' for domain '${domain}' with password '********'"
-      echo "${login} ${domain}/${user}/" >> /etc/postfix/vmailbox
-      /usr/sbin/userdb ${login} set uid=5000 gid=5000 home=/var/mail/${domain}/${user} mail=/var/mail/${domain}/${user}
-      echo "${pass}" | userdbpw -md5 | userdb ${login} set systempw
-      echo "${pass}" | saslpasswd2 -p -c -u ${domain} ${login}
-      # Create the expected maildir paths
-      mkpaths ${domain} ${user}
-    done < /tmp/postfix/accounts.cf
-    makeuserdb
-  else
-      echo "==> Accounts: '/tmp/postfix/userdb' and '/tmp/postfix/sasldb2' OR '/tmp/postfix/accounts.cf' "
-      echo "==>  Warning: None of those files are provided. No mail account created."
-  fi
+  echo "==> Accounts: '/tmp/postfix/userdb' and '/tmp/postfix/sasldb2' missing.' "
+  echo "==>  Warning: User databases have not been provided. No mail account created."
 fi
 
 if [ -f /tmp/postfix/virtual ]; then
diff --git a/test/accounts-db/sasldb2 b/test/accounts-db/sasldb2
new file mode 100644
index 0000000000000000000000000000000000000000..e664c9dbbca3b93bab3b6386f28877b1bc1a0b89
GIT binary patch
literal 12288
zcmeI%I|{-;5P;!H3eiGhqrDdh=q>E*?37>v5fWFDh<E}kZ)T&7m1of%W5A@c5V80d
z_QA|%VZUy&A|j6M+Jb&dI=blD-qwYPTTZp{J`kDM$Z)eb%)BzCXH@5CM87*9<9Rc#
zIT`{8Ab<b@2q1s}0tg_000Id7UZ7c{yK?fRd-d!{LjVB;5I_I{1Q0*~0R#|00D(Uf
zaMJxI$n%}aLT8&t*+>$z43gO7h5uZICJk0=(cJX4QLmu&|NA??D;Hb;-#k0k;?;FO
wdH>hFy#H5X%m^TW00IagfB*srAb<b@2z*<h`4?a;rii1gto{8W32XKL1Eb+K82|tP

literal 0
HcmV?d00001

diff --git a/test/accounts-db/userdb b/test/accounts-db/userdb
new file mode 100644
index 00000000..a52a38c7
--- /dev/null
+++ b/test/accounts-db/userdb
@@ -0,0 +1,2 @@
+user1@localhost.localdomain	mail=/var/mail/localhost.localdomain/user1|home=/var/mail/localhost.localdomain/user1|gid=5000|systempw=$1$iq3AGWp2$sCcf9iFXH.cfpbkxhjnxv1|uid=5000
+user2@otherdomain.tld	home=/var/mail/otherdomain.tld/user2|systempw=$1$NEKWjXTp$H1KY2dUwE5EZ8Nitiotdu0|gid=5000|uid=5000|mail=/var/mail/otherdomain.tld/user2
diff --git a/test/disab.accounts.cf b/test/disab.accounts.cf
new file mode 100644
index 00000000..8f209cc6
--- /dev/null
+++ b/test/disab.accounts.cf
@@ -0,0 +1,2 @@
+user1@localhost.localdomain|mypassword
+user2@otherdomain.tld|mypassword