2023-11-08 21:18:48 +00:00
<!doctype html>
< html lang = "en" class = "no-js" >
< head >
< meta charset = "utf-8" >
< meta name = "viewport" content = "width=device-width,initial-scale=1" >
2024-01-08 02:08:06 +00:00
< meta name = "description" content = "A fullstack but simple mail-server (SMTP, IMAP, LDAP, Anti-spam, Anti-virus, etc.) using Docker." >
2023-11-08 21:18:48 +00:00
< meta name = "author" content = "docker-mailserver (Github Organization)" >
< link rel = "canonical" href = "https://docker-mailserver.github.io/docker-mailserver/edge/examples/use-cases/auth-lua/" >
< link rel = "prev" href = "../ios-mail-push-support/" >
< link rel = "next" href = "../../../faq/" >
< link rel = "icon" href = "../../../assets/logo/favicon-32x32.png" >
< meta name = "generator" content = "mkdocs-1.5.2, mkdocs-material-9.2.8" >
< title > Examples | Use Cases | Lua Authentication - Docker Mailserver< / title >
< link rel = "stylesheet" href = "../../../assets/stylesheets/main.046329b4.min.css" >
< link rel = "stylesheet" href = "../../../assets/stylesheets/palette.85d0ee34.min.css" >
< link rel = "preconnect" href = "https://fonts.gstatic.com" crossorigin >
< link rel = "stylesheet" href = "https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback" >
< style > : root { --md-text-font : "Roboto" ; --md-code-font : "Roboto Mono" } < / style >
< link rel = "stylesheet" href = "../../../assets/css/customizations.css" >
< script > _ _md _scope = new URL ( "../../.." , location ) , _ _md _hash = e => [ ... e ] . reduce ( ( e , _ ) => ( e << 5 ) - e + _ . charCodeAt ( 0 ) , 0 ) , _ _md _get = ( e , _ = localStorage , t = _ _md _scope ) => JSON . parse ( _ . getItem ( t . pathname + "." + e ) ) , _ _md _set = ( e , _ , t = localStorage , a = _ _md _scope ) => { try { t . setItem ( a . pathname + "." + e , JSON . stringify ( _ ) ) } catch ( e ) { } } < / script >
< / head >
< body dir = "ltr" data-md-color-scheme = "default" data-md-color-primary = "indigo" data-md-color-accent = "indigo" >
< script > var palette = _ _md _get ( "__palette" ) ; if ( palette && "object" == typeof palette . color ) for ( var key of Object . keys ( palette . color ) ) document . body . setAttribute ( "data-md-color-" + key , palette . color [ key ] ) < / script >
< input class = "md-toggle" data-md-toggle = "drawer" type = "checkbox" id = "__drawer" autocomplete = "off" >
< input class = "md-toggle" data-md-toggle = "search" type = "checkbox" id = "__search" autocomplete = "off" >
< label class = "md-overlay" for = "__drawer" > < / label >
< div data-md-component = "skip" >
< a href = "#introduction" class = "md-skip" >
Skip to content
< / a >
< / div >
< div data-md-component = "announce" >
< / div >
< div data-md-color-scheme = "default" data-md-component = "outdated" hidden >
< / div >
< header class = "md-header" data-md-component = "header" >
< nav class = "md-header__inner md-grid" aria-label = "Header" >
< a href = "../../.." title = "Docker Mailserver" class = "md-header__button md-logo" aria-label = "Docker Mailserver" data-md-component = "logo" >
< img src = "../../../assets/logo/dmo-logo-white.min.svg" alt = "logo" >
< / a >
< label class = "md-header__button md-icon" for = "__drawer" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z" / > < / svg >
< / label >
< div class = "md-header__title" data-md-component = "header-title" >
< div class = "md-header__ellipsis" >
< div class = "md-header__topic" >
< span class = "md-ellipsis" >
Docker Mailserver
< / span >
< / div >
< div class = "md-header__topic" data-md-component = "header-topic" >
< span class = "md-ellipsis" >
Examples | Use Cases | Lua Authentication
< / span >
< / div >
< / div >
< / div >
< form class = "md-header__option" data-md-component = "palette" >
< input class = "md-option" data-md-color-media = "(prefers-color-scheme: light)" data-md-color-scheme = "default" data-md-color-primary = "indigo" data-md-color-accent = "indigo" aria-label = "Switch to dark mode" type = "radio" name = "__palette" id = "__palette_1" >
< label class = "md-header__button md-icon" title = "Switch to dark mode" for = "__palette_2" hidden >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "m17.75 4.09-2.53 1.94.91 3.06-2.63-1.81-2.63 1.81.91-3.06-2.53-1.94L12.44 4l1.06-3 1.06 3 3.19.09m3.5 6.91-1.64 1.25.59 1.98-1.7-1.17-1.7 1.17.59-1.98L15.75 11l2.06-.05L18.5 9l.69 1.95 2.06.05m-2.28 4.95c.83-.08 1.72 1.1 1.19 1.85-.32.45-.66.87-1.08 1.27C15.17 23 8.84 23 4.94 19.07c-3.91-3.9-3.91-10.24 0-14.14.4-.4.82-.76 1.27-1.08.75-.53 1.93.36 1.85 1.19-.27 2.86.69 5.83 2.89 8.02a9.96 9.96 0 0 0 8.02 2.89m-1.64 2.02a12.08 12.08 0 0 1-7.8-3.47c-2.17-2.19-3.33-5-3.49-7.82-2.81 3.14-2.7 7.96.31 10.98 3.02 3.01 7.84 3.12 10.98.31Z" / > < / svg >
< / label >
< input class = "md-option" data-md-color-media = "(prefers-color-scheme: dark)" data-md-color-scheme = "slate" data-md-color-primary = "indigo" data-md-color-accent = "blue" aria-label = "Switch to light mode" type = "radio" name = "__palette" id = "__palette_2" >
< label class = "md-header__button md-icon" title = "Switch to light mode" for = "__palette_1" hidden >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M12 7a5 5 0 0 1 5 5 5 5 0 0 1-5 5 5 5 0 0 1-5-5 5 5 0 0 1 5-5m0 2a3 3 0 0 0-3 3 3 3 0 0 0 3 3 3 3 0 0 0 3-3 3 3 0 0 0-3-3m0-7 2.39 3.42C13.65 5.15 12.84 5 12 5c-.84 0-1.65.15-2.39.42L12 2M3.34 7l4.16-.35A7.2 7.2 0 0 0 5.94 8.5c-.44.74-.69 1.5-.83 2.29L3.34 7m.02 10 1.76-3.77a7.131 7.131 0 0 0 2.38 4.14L3.36 17M20.65 7l-1.77 3.79a7.023 7.023 0 0 0-2.38-4.15l4.15.36m-.01 10-4.14.36c.59-.51 1.12-1.14 1.54-1.86.42-.73.69-1.5.83-2.29L20.64 17M12 22l-2.41-3.44c.74.27 1.55.44 2.41.44.82 0 1.63-.17 2.37-.44L12 22Z" / > < / svg >
< / label >
< / form >
< label class = "md-header__button md-icon" for = "__search" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z" / > < / svg >
< / label >
< div class = "md-search" data-md-component = "search" role = "dialog" >
< label class = "md-search__overlay" for = "__search" > < / label >
< div class = "md-search__inner" role = "search" >
< form class = "md-search__form" name = "search" >
< input type = "text" class = "md-search__input" name = "query" aria-label = "Search" placeholder = "Search" autocapitalize = "off" autocorrect = "off" autocomplete = "off" spellcheck = "false" data-md-component = "search-query" required >
< label class = "md-search__icon md-icon" for = "__search" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z" / > < / svg >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z" / > < / svg >
< / label >
< nav class = "md-search__options" aria-label = "Search" >
< button type = "reset" class = "md-search__icon md-icon" title = "Clear" aria-label = "Clear" tabindex = "-1" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z" / > < / svg >
< / button >
< / nav >
< / form >
< div class = "md-search__output" >
< div class = "md-search__scrollwrap" data-md-scrollfix >
< div class = "md-search-result" data-md-component = "search-result" >
< div class = "md-search-result__meta" >
Initializing search
< / div >
< ol class = "md-search-result__list" role = "presentation" > < / ol >
< / div >
< / div >
< / div >
< / div >
< / div >
< div class = "md-header__source" >
< a href = "https://github.com/docker-mailserver/docker-mailserver" title = "Go to repository" class = "md-source" data-md-component = "source" >
< div class = "md-source__icon md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 496 512" > <!-- ! Font Awesome Free 6.4.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc. --> < path d = "M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z" / > < / svg >
< / div >
< div class = "md-source__repository" >
docker-mailserver
< / div >
< / a >
< / div >
< / nav >
< / header >
< div class = "md-container" data-md-component = "container" >
< nav class = "md-tabs" aria-label = "Tabs" data-md-component = "tabs" >
< div class = "md-grid" >
< ul class = "md-tabs__list" >
< li class = "md-tabs__item" >
< a href = "../../.." class = "md-tabs__link" >
Home
< / a >
< / li >
< li class = "md-tabs__item" >
< a href = "../../../introduction/" class = "md-tabs__link" >
Introduction
< / a >
< / li >
< li class = "md-tabs__item" >
< a href = "../../../usage/" class = "md-tabs__link" >
Usage
< / a >
< / li >
< li class = "md-tabs__item" >
< a href = "../../../config/environment/" class = "md-tabs__link" >
Configuration
< / a >
< / li >
< li class = "md-tabs__item md-tabs__item--active" >
< a href = "../../tutorials/basic-installation/" class = "md-tabs__link" >
Examples
< / a >
< / li >
< li class = "md-tabs__item" >
< a href = "../../../faq/" class = "md-tabs__link" >
FAQ
< / a >
< / li >
< li class = "md-tabs__item" >
< a href = "../../../contributing/general/" class = "md-tabs__link" >
Contributing
< / a >
< / li >
< li class = "md-tabs__item" >
< a href = "https://hub.docker.com/r/mailserver/docker-mailserver/" class = "md-tabs__link" >
DockerHub
< / a >
< / li >
< li class = "md-tabs__item" >
< a href = "https://github.com/docker-mailserver/docker-mailserver/pkgs/container/docker-mailserver" class = "md-tabs__link" >
GHCR
< / a >
< / li >
< / ul >
< / div >
< / nav >
< main class = "md-main" data-md-component = "main" >
< div class = "md-main__inner md-grid" >
< div class = "md-sidebar md-sidebar--primary" data-md-component = "sidebar" data-md-type = "navigation" >
< div class = "md-sidebar__scrollwrap" >
< div class = "md-sidebar__inner" >
< nav class = "md-nav md-nav--primary md-nav--lifted" aria-label = "Navigation" data-md-level = "0" >
< label class = "md-nav__title" for = "__drawer" >
< a href = "../../.." title = "Docker Mailserver" class = "md-nav__button md-logo" aria-label = "Docker Mailserver" data-md-component = "logo" >
< img src = "../../../assets/logo/dmo-logo-white.min.svg" alt = "logo" >
< / a >
Docker Mailserver
< / label >
< div class = "md-nav__source" >
< a href = "https://github.com/docker-mailserver/docker-mailserver" title = "Go to repository" class = "md-source" data-md-component = "source" >
< div class = "md-source__icon md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 496 512" > <!-- ! Font Awesome Free 6.4.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc. --> < path d = "M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z" / > < / svg >
< / div >
< div class = "md-source__repository" >
docker-mailserver
< / div >
< / a >
< / div >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../.." class = "md-nav__link" >
< span class = "md-ellipsis" >
Home
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../introduction/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Introduction
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../usage/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Usage
< / span >
< / a >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle md-toggle--indeterminate" type = "checkbox" id = "__nav_4" >
< label class = "md-nav__link" for = "__nav_4" id = "__nav_4_label" tabindex = "0" >
< span class = "md-ellipsis" >
Configuration
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" data-md-level = "1" aria-labelledby = "__nav_4_label" aria-expanded = "false" >
< label class = "md-nav__title" for = "__nav_4" >
< span class = "md-nav__icon md-icon" > < / span >
Configuration
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../../config/environment/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Environment Variables
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/user-management/" class = "md-nav__link" >
< span class = "md-ellipsis" >
User Management
< / span >
< / a >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle md-toggle--indeterminate" type = "checkbox" id = "__nav_4_3" >
< label class = "md-nav__link" for = "__nav_4_3" id = "__nav_4_3_label" tabindex = "0" >
< span class = "md-ellipsis" >
Best Practices
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" data-md-level = "2" aria-labelledby = "__nav_4_3_label" aria-expanded = "false" >
< label class = "md-nav__title" for = "__nav_4_3" >
< span class = "md-nav__icon md-icon" > < / span >
Best Practices
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
2024-01-13 08:37:46 +00:00
< li class = "md-nav__item" >
< a href = "../../../config/best-practices/autodiscover/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Auto-discovery
< / span >
< / a >
< / li >
2023-11-08 21:18:48 +00:00
< li class = "md-nav__item" >
< a href = "../../../config/best-practices/dkim_dmarc_spf/" class = "md-nav__link" >
< span class = "md-ellipsis" >
DKIM, DMARC & SPF
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
2024-01-13 08:37:46 +00:00
< a href = "../../../config/best-practices/mta-sts/" class = "md-nav__link" >
2023-11-08 21:18:48 +00:00
< span class = "md-ellipsis" >
2024-01-13 08:37:46 +00:00
MTA-STS
2023-11-08 21:18:48 +00:00
< / span >
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle md-toggle--indeterminate" type = "checkbox" id = "__nav_4_4" >
< label class = "md-nav__link" for = "__nav_4_4" id = "__nav_4_4_label" tabindex = "0" >
< span class = "md-ellipsis" >
Security
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" data-md-level = "2" aria-labelledby = "__nav_4_4_label" aria-expanded = "false" >
< label class = "md-nav__title" for = "__nav_4_4" >
< span class = "md-nav__icon md-icon" > < / span >
Security
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../../config/security/understanding-the-ports/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Understanding the Ports
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/security/ssl/" class = "md-nav__link" >
< span class = "md-ellipsis" >
SSL/TLS
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/security/fail2ban/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Fail2Ban
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/security/mail_crypt/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Mail Encryption
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/security/rspamd/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Rspamd
< / span >
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/debugging/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Debugging
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/pop3/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Mail Delivery with POP3
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/setup.sh/" class = "md-nav__link" >
< span class = "md-ellipsis" >
About setup.sh
< / span >
< / a >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle md-toggle--indeterminate" type = "checkbox" id = "__nav_4_8" >
< label class = "md-nav__link" for = "__nav_4_8" id = "__nav_4_8_label" tabindex = "0" >
< span class = "md-ellipsis" >
Advanced Configuration
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" data-md-level = "2" aria-labelledby = "__nav_4_8_label" aria-expanded = "false" >
< label class = "md-nav__title" for = "__nav_4_8" >
< span class = "md-nav__icon md-icon" > < / span >
Advanced Configuration
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../../config/advanced/optional-config/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Optional Configuration
< / span >
< / a >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle md-toggle--indeterminate" type = "checkbox" id = "__nav_4_8_2" >
< label class = "md-nav__link" for = "__nav_4_8_2" id = "__nav_4_8_2_label" tabindex = "0" >
< span class = "md-ellipsis" >
Maintenance
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" data-md-level = "3" aria-labelledby = "__nav_4_8_2_label" aria-expanded = "false" >
< label class = "md-nav__title" for = "__nav_4_8_2" >
< span class = "md-nav__icon md-icon" > < / span >
Maintenance
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../../config/advanced/maintenance/update-and-cleanup/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Update and Cleanup
< / span >
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle md-toggle--indeterminate" type = "checkbox" id = "__nav_4_8_3" >
< label class = "md-nav__link" for = "__nav_4_8_3" id = "__nav_4_8_3_label" tabindex = "0" >
< span class = "md-ellipsis" >
Override the Default Configs
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" data-md-level = "3" aria-labelledby = "__nav_4_8_3_label" aria-expanded = "false" >
< label class = "md-nav__title" for = "__nav_4_8_3" >
< span class = "md-nav__icon md-icon" > < / span >
Override the Default Configs
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../../config/advanced/override-defaults/dovecot/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Dovecot
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/advanced/override-defaults/postfix/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Postfix
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/advanced/override-defaults/user-patches/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Modifications via Script
< / span >
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/advanced/auth-ldap/" class = "md-nav__link" >
< span class = "md-ellipsis" >
LDAP Authentication
< / span >
< / a >
< / li >
2024-01-12 20:45:43 +00:00
< li class = "md-nav__item" >
< a href = "../../../config/advanced/auth-oauth2/" class = "md-nav__link" >
< span class = "md-ellipsis" >
OAuth2 Authentication
< / span >
< / a >
< / li >
2023-11-08 21:18:48 +00:00
< li class = "md-nav__item" >
< a href = "../../../config/advanced/mail-sieve/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Email Filtering with Sieve
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/advanced/mail-fetchmail/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Email Gathering with Fetchmail
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/advanced/mail-getmail/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Email Gathering with Getmail
< / span >
< / a >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
2024-01-12 20:45:43 +00:00
< input class = "md-nav__toggle md-toggle md-toggle--indeterminate" type = "checkbox" id = "__nav_4_8_9" >
2023-11-08 21:18:48 +00:00
2024-01-12 20:45:43 +00:00
< label class = "md-nav__link" for = "__nav_4_8_9" id = "__nav_4_8_9_label" tabindex = "0" >
2023-11-08 21:18:48 +00:00
< span class = "md-ellipsis" >
Email Forwarding
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
2024-01-12 20:45:43 +00:00
< nav class = "md-nav" data-md-level = "3" aria-labelledby = "__nav_4_8_9_label" aria-expanded = "false" >
< label class = "md-nav__title" for = "__nav_4_8_9" >
2023-11-08 21:18:48 +00:00
< span class = "md-nav__icon md-icon" > < / span >
Email Forwarding
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../../config/advanced/mail-forwarding/relay-hosts/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Relay Hosts
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/advanced/mail-forwarding/aws-ses/" class = "md-nav__link" >
< span class = "md-ellipsis" >
AWS SES
< / span >
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/advanced/full-text-search/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Full-Text Search
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/advanced/kubernetes/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Kubernetes
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/advanced/ipv6/" class = "md-nav__link" >
< span class = "md-ellipsis" >
IPv6
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/advanced/podman/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Podman
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../config/advanced/dovecot-master-accounts/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Dovecot Master Accounts
< / span >
< / a >
< / li >
< / ul >
< / nav >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item md-nav__item--active md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle " type = "checkbox" id = "__nav_5" checked >
< label class = "md-nav__link" for = "__nav_5" id = "__nav_5_label" tabindex = "0" >
< span class = "md-ellipsis" >
Examples
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" data-md-level = "1" aria-labelledby = "__nav_5_label" aria-expanded = "true" >
< label class = "md-nav__title" for = "__nav_5" >
< span class = "md-nav__icon md-icon" > < / span >
Examples
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle md-toggle--indeterminate" type = "checkbox" id = "__nav_5_1" >
< label class = "md-nav__link" for = "__nav_5_1" id = "__nav_5_1_label" tabindex = "0" >
< span class = "md-ellipsis" >
Tutorials
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" data-md-level = "2" aria-labelledby = "__nav_5_1_label" aria-expanded = "false" >
< label class = "md-nav__title" for = "__nav_5_1" >
< span class = "md-nav__icon md-icon" > < / span >
Tutorials
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../tutorials/basic-installation/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Basic Installation
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../tutorials/mailserver-behind-proxy/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Mailserver behind Proxy
< / span >
< / a >
< / li >
2023-11-25 10:03:09 +00:00
< li class = "md-nav__item" >
< a href = "../../tutorials/crowdsec/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Crowdsec
< / span >
< / a >
< / li >
2023-11-08 21:18:48 +00:00
< li class = "md-nav__item" >
< a href = "../../tutorials/docker-build/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Building your own Docker image
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../tutorials/blog-posts/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Blog Posts
< / span >
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item md-nav__item--active md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle " type = "checkbox" id = "__nav_5_2" checked >
< label class = "md-nav__link" for = "__nav_5_2" id = "__nav_5_2_label" tabindex = "0" >
< span class = "md-ellipsis" >
Use Cases
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" data-md-level = "2" aria-labelledby = "__nav_5_2_label" aria-expanded = "true" >
< label class = "md-nav__title" for = "__nav_5_2" >
< span class = "md-nav__icon md-icon" > < / span >
Use Cases
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../forward-only-mailserver-with-ldap-authentication/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Forward-Only Mail-Server with LDAP
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../imap-folders/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Customize IMAP Folders
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../ios-mail-push-support/" class = "md-nav__link" >
< span class = "md-ellipsis" >
iOS Mail Push Support
< / span >
< / a >
< / li >
< li class = "md-nav__item md-nav__item--active" >
< input class = "md-nav__toggle md-toggle" type = "checkbox" id = "__toc" >
< label class = "md-nav__link md-nav__link--active" for = "__toc" >
< span class = "md-ellipsis" >
Lua Authentication
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< a href = "./" class = "md-nav__link md-nav__link--active" >
< span class = "md-ellipsis" >
Lua Authentication
< / span >
< / a >
< nav class = "md-nav md-nav--secondary" aria-label = "Table of contents" >
< label class = "md-nav__title" for = "__toc" >
< span class = "md-nav__icon md-icon" > < / span >
Table of contents
< / label >
< ul class = "md-nav__list" data-md-component = "toc" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "#introduction" class = "md-nav__link" >
Introduction
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#the-example-scenario" class = "md-nav__link" >
The example scenario
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#modify-dovecots-configuration" class = "md-nav__link" >
Modify Dovecot's configuration
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#create-the-lua-script" class = "md-nav__link" >
Create the Lua script
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#debugging-a-lua-script" class = "md-nav__link" >
Debugging a Lua script
< / a >
< / li >
< / ul >
< / nav >
< / li >
< / ul >
< / nav >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "../../../faq/" class = "md-nav__link" >
< span class = "md-ellipsis" >
FAQ
< / span >
< / a >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle md-toggle--indeterminate" type = "checkbox" id = "__nav_7" >
< label class = "md-nav__link" for = "__nav_7" id = "__nav_7_label" tabindex = "0" >
< span class = "md-ellipsis" >
Contributing
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" data-md-level = "1" aria-labelledby = "__nav_7_label" aria-expanded = "false" >
< label class = "md-nav__title" for = "__nav_7" >
< span class = "md-nav__icon md-icon" > < / span >
Contributing
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "../../../contributing/general/" class = "md-nav__link" >
< span class = "md-ellipsis" >
General Information
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../contributing/tests/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Tests
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../../../contributing/issues-and-pull-requests/" class = "md-nav__link" >
< span class = "md-ellipsis" >
Issues and Pull Requests
< / span >
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "https://hub.docker.com/r/mailserver/docker-mailserver/" class = "md-nav__link" >
< span class = "md-ellipsis" >
DockerHub
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "https://github.com/docker-mailserver/docker-mailserver/pkgs/container/docker-mailserver" class = "md-nav__link" >
< span class = "md-ellipsis" >
GHCR
< / span >
< / a >
< / li >
< / ul >
< / nav >
< / div >
< / div >
< / div >
< div class = "md-sidebar md-sidebar--secondary" data-md-component = "sidebar" data-md-type = "toc" >
< div class = "md-sidebar__scrollwrap" >
< div class = "md-sidebar__inner" >
< nav class = "md-nav md-nav--secondary" aria-label = "Table of contents" >
< label class = "md-nav__title" for = "__toc" >
< span class = "md-nav__icon md-icon" > < / span >
Table of contents
< / label >
< ul class = "md-nav__list" data-md-component = "toc" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "#introduction" class = "md-nav__link" >
Introduction
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#the-example-scenario" class = "md-nav__link" >
The example scenario
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#modify-dovecots-configuration" class = "md-nav__link" >
Modify Dovecot's configuration
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#create-the-lua-script" class = "md-nav__link" >
Create the Lua script
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#debugging-a-lua-script" class = "md-nav__link" >
Debugging a Lua script
< / a >
< / li >
< / ul >
< / nav >
< / div >
< / div >
< / div >
< div class = "md-content" data-md-component = "content" >
< article class = "md-content__inner md-typeset" >
< a href = "https://github.com/docker-mailserver/docker-mailserver/edit/master/docs/content/examples/use-cases/auth-lua.md" title = "Edit this page" class = "md-content__button md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M10 20H6V4h7v5h5v3.1l2-2V8l-6-6H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h4v-2m10.2-7c.1 0 .3.1.4.2l1.3 1.3c.2.2.2.6 0 .8l-1 1-2.1-2.1 1-1c.1-.1.2-.2.4-.2m0 3.9L14.1 23H12v-2.1l6.1-6.1 2.1 2.1Z" / > < / svg >
< / a >
< a href = "https://github.com/docker-mailserver/docker-mailserver/raw/master/docs/content/examples/use-cases/auth-lua.md" title = "View source of this page" class = "md-content__button md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M17 18c.56 0 1 .44 1 1s-.44 1-1 1-1-.44-1-1 .44-1 1-1m0-3c-2.73 0-5.06 1.66-6 4 .94 2.34 3.27 4 6 4s5.06-1.66 6-4c-.94-2.34-3.27-4-6-4m0 6.5a2.5 2.5 0 0 1-2.5-2.5 2.5 2.5 0 0 1 2.5-2.5 2.5 2.5 0 0 1 2.5 2.5 2.5 2.5 0 0 1-2.5 2.5M9.27 20H6V4h7v5h5v4.07c.7.08 1.36.25 2 .49V8l-6-6H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h4.5a8.15 8.15 0 0 1-1.23-2Z" / > < / svg >
< / a >
< h1 > Lua Authentication< / h1 >
< h2 id = "introduction" > < a class = "toclink" href = "#introduction" > Introduction< / a > < / h2 >
< p > Dovecot has the ability to let users create their own custom user provisioning and authentication providers in < a href = "https://en.wikipedia.org/wiki/Lua_(programming_language)#Syntax" > Lua< / a > . This allows any data source that can be approached from Lua to be used for authentication, including web servers. It is possible to do more with Dovecot and Lua, but other use cases fall outside of the scope of this documentation page.< / p >
< div class = "admonition warning" >
< p class = "admonition-title" > Community contributed guide< / p >
< p > Dovecot authentication via Lua scripting is not officially supported in DMS. No assistance will be provided should you encounter any issues.< / p >
< p > DMS provides the required packages to support this guide. Note that these packages will be removed should they introduce any future maintenance burden.< / p >
< p > The example in this guide relies on the current way in which DMS works with Dovecot configuration files. Changes to this to accommodate new authentication methods such as OpenID Connect will likely break this example in the future. This guide is updated on a best-effort base.< / p >
< / div >
< p > Dovecot's Lua support can be used for user provisioning (userdb functionality) and/or password verification (passdb functionality). Consider using other userdb and passdb options before considering Lua, since Lua does require the use of additional (unsupported) program code that might require maintenance when updating DMS.< / p >
< p > Each implementation of Lua-based authentication is custom. Therefore it is impossible to write documentation that covers every scenario. Instead, this page describes a single example scenario. If that scenario is followed, you will learn vital aspects that are necessary to kickstart your own Lua development:< / p >
< ul >
< li > How to override Dovecot's default configuration to disable parts that conflict with your scenario.< / li >
< li > How to make Dovecot use your Lua script.< / li >
< li > How to add your own Lua script and any libraries it uses.< / li >
< li > How to debug your Lua script.< / li >
< / ul >
< h2 id = "the-example-scenario" > < a class = "toclink" href = "#the-example-scenario" > The example scenario< / a > < / h2 >
< p > This scenario starts with < a href = "../../../config/advanced/auth-ldap/" > DMS being configured to use LDAP< / a > for mailbox identification, user authorization and user authentication. In this scenario, < a href = "https://nextcloud.com/" > Nextcloud< / a > is also a service that uses the same LDAP server for user identification, authorization and authentication.< / p >
< p > The goal of this scenario is to have Dovecot not authenticate the user against LDAP, but against Nextcloud using an < a href = "https://docs.nextcloud.com/server/latest/user_manual/en/session_management.html#managing-devices" > application password< / a > . The idea behind this is that a compromised mailbox password does not compromise the user's account entirely. To make this work, Nextcloud is configured to < a href = "https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#token-auth-enforced" > deny the use of account passwords by clients< / a > and to < a href = "https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#lost-password-link" > disable account password reset through mail verification< / a > .< / p >
< p > If the application password is configured correctly, an adversary can only use it to access the user's mailbox on DMS, and CalDAV and CardDAV data on Nextcloud. File access through WebDAV can be disabled for the application password used to access mail. Having CalDAV and CardDAV compromised by the same password is a minor setback. If an adversary gets access to a Nextcloud application password through a device of the user, it is likely that the adversary also gets access to the user's calendars and contact lists anyway (locally or through the same account settings used for mail and CalDAV/CardDAV synchronization). The user's stored files in Nextcloud, the LDAP account password and any other services that rely on it would still be protected. A bonus is that a user is able to revoke and renew the mailbox password in Nextcloud for whatever reason, through a friendly user interface with all the security measures with which the Nextcloud instance is configured (e.g. verification of the current account password).< / p >
< p > A drawback of this method is that any (compromised) Nextcloud application password can be used to access the user's mailbox. This introduces a risk that a Nextcloud application password used for something else (e.g. WebDAV file access) is compromised and used to access the user's mailbox. Discussion of that risk and possible mitigations fall outside of the scope of this scenario.< / p >
< p > To answer the questions asked earlier for this specific scenario:< / p >
< ol >
< li > Do I want to use Lua to identify mailboxes and verify that users are are authorized to use mail services? < strong > No. Provisioning is done through LDAP.< / strong > < / li >
< li > Do I want to use Lua to verify passwords that users authenticate with for IMAP/POP3/SMTP in their mail clients? < strong > Yes. Password authentication is done through Lua against Nextcloud.< / strong > < / li >
< li > If the answer is 'yes' to question 1 or 2: are there other methods that better facilitate my use case instead of custom scripts which rely on me being a developer and not just a user? < strong > No. Only HTTP can be used to authenticate against Nextcloud, which is not supported natively by Dovecot or DMS.< / strong > < / li >
< / ol >
< p > While it is possible to extend the authentication methods which Nextcloud can facilitate with < a href = "https://apps.nextcloud.com/" > Nextcloud apps< / a > , there is currently a mismatch between what DMS supports and what Nextcloud applications can provide. This might change in the future. For now, Lua will be used to bridge the gap between DMS and Nextcloud for authentication only (Dovecot passdb), while LDAP will still be used to identify mailboxes and verify authorization (Dovecot userdb).< / p >
< h2 id = "modify-dovecots-configuration" > < a class = "toclink" href = "#modify-dovecots-configuration" > Modify Dovecot's configuration< / a > < / h2 >
< details class = "example" open = "open" >
< summary > Add to DMS volumes in < code > compose.yaml< / code > < / summary >
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "w" > < / span > < span class = "c1" > # All new volumes are marked :ro to configure them as read-only, since their contents are not changed from inside the container< / span >
< span class = "w" > < / span > < span class = "nt" > volumes< / span > < span class = "p" > :< / span >
< span class = "w" > < / span > < span class = "c1" > # Configuration override to disable LDAP authentication< / span >
< span class = "w" > < / span > < span class = "p p-Indicator" > -< / span > < span class = "w" > < / span > < span class = "l l-Scalar l-Scalar-Plain" > ./docker-data/dms/config/dovecot/auth-ldap.conf.ext:/etc/dovecot/conf.d/auth-ldap.conf.ext:ro< / span >
< span class = "w" > < / span > < span class = "c1" > # Configuration addition to enable Lua authentication< / span >
< span class = "w" > < / span > < span class = "p p-Indicator" > -< / span > < span class = "w" > < / span > < span class = "l l-Scalar l-Scalar-Plain" > ./docker-data/dms/config/dovecot/auth-lua-httpbasic.conf:/etc/dovecot/conf.d/auth-lua-httpbasic.conf:ro< / span >
< span class = "w" > < / span > < span class = "c1" > # Directory containing Lua scripts< / span >
< span class = "w" > < / span > < span class = "p p-Indicator" > -< / span > < span class = "w" > < / span > < span class = "l l-Scalar l-Scalar-Plain" > ./docker-data/dms/config/dovecot/lua/:/etc/dovecot/lua/:ro< / span >
< / code > < / pre > < / div >
< / details >
< p > Create a directory for Lua scripts:
< div class = "highlight" > < pre > < span > < / span > < code > mkdir< span class = "w" > < / span > -p< span class = "w" > < / span > ./docker-data/dms/config/dovecot/lua
< / code > < / pre > < / div > < / p >
< p > Create configuration file < code > ./docker-data/dms/config/dovecot/auth-ldap.conf.ext< / code > for LDAP user provisioning:
< div class = "highlight" > < pre > < span > < / span > < code > userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}
< / code > < / pre > < / div > < / p >
< p > Create configuration file < code > ./docker-data/dms/config/dovecot/auth-lua-httpbasic.conf< / code > for Lua user authentication:
< div class = "highlight" > < pre > < span > < / span > < code > passdb {
driver = lua
args = file=/etc/dovecot/lua/auth-httpbasic.lua blocking=yes
}
< / code > < / pre > < / div > < / p >
< p > That is all for configuring Dovecot.< / p >
< h2 id = "create-the-lua-script" > < a class = "toclink" href = "#create-the-lua-script" > Create the Lua script< / a > < / h2 >
< p > Create Lua file < code > ./docker-data/dms/config/dovecot/lua/auth-httpbasic.lua< / code > with contents:< / p >
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "kd" > local< / span > < span class = "n" > http_url< / span > < span class = "o" > =< / span > < span class = "s2" > " https://nextcloud.example.com/remote.php/dav/" < / span >
< span class = "kd" > local< / span > < span class = "n" > http_method< / span > < span class = "o" > =< / span > < span class = "s2" > " PROPFIND" < / span >
< span class = "kd" > local< / span > < span class = "n" > http_status_ok< / span > < span class = "o" > =< / span > < span class = "mi" > 207< / span >
< span class = "kd" > local< / span > < span class = "n" > http_status_failure< / span > < span class = "o" > =< / span > < span class = "mi" > 401< / span >
< span class = "kd" > local< / span > < span class = "n" > http_header_forwarded_for< / span > < span class = "o" > =< / span > < span class = "s2" > " X-Forwarded-For" < / span >
< span class = "nb" > package.path< / span > < span class = "o" > =< / span > < span class = "nb" > package.path< / span > < span class = "o" > ..< / span > < span class = "s2" > " ;/etc/dovecot/lua/?.lua" < / span >
< span class = "kd" > local< / span > < span class = "n" > base64< / span > < span class = "o" > =< / span > < span class = "nb" > require< / span > < span class = "p" > (< / span > < span class = "s2" > " base64" < / span > < span class = "p" > )< / span >
< span class = "kd" > local< / span > < span class = "n" > http_client< / span > < span class = "o" > =< / span > < span class = "n" > dovecot< / span > < span class = "p" > .< / span > < span class = "n" > http< / span > < span class = "p" > .< / span > < span class = "n" > client< / span > < span class = "p" > {< / span >
< span class = "n" > timeout< / span > < span class = "o" > =< / span > < span class = "mi" > 1000< / span > < span class = "p" > ;< / span >
< span class = "n" > max_attempts< / span > < span class = "o" > =< / span > < span class = "mi" > 1< / span > < span class = "p" > ;< / span >
< span class = "n" > debug< / span > < span class = "o" > =< / span > < span class = "kc" > false< / span > < span class = "p" > ;< / span >
< span class = "p" > }< / span >
< span class = "kr" > function< / span > < span class = "nf" > script_init< / span > < span class = "p" > ()< / span >
< span class = "kr" > return< / span > < span class = "mi" > 0< / span >
< span class = "kr" > end< / span >
< span class = "kr" > function< / span > < span class = "nf" > script_deinit< / span > < span class = "p" > ()< / span >
< span class = "kr" > end< / span >
< span class = "kr" > function< / span > < span class = "nf" > auth_passdb_lookup< / span > < span class = "p" > (< / span > < span class = "n" > req< / span > < span class = "p" > )< / span >
< span class = "kd" > local< / span > < span class = "n" > auth_request< / span > < span class = "o" > =< / span > < span class = "n" > http_client< / span > < span class = "p" > :< / span > < span class = "n" > request< / span > < span class = "p" > {< / span >
< span class = "n" > url< / span > < span class = "o" > =< / span > < span class = "n" > http_url< / span > < span class = "p" > ;< / span >
< span class = "n" > method< / span > < span class = "o" > =< / span > < span class = "n" > http_method< / span > < span class = "p" > ;< / span >
< span class = "p" > }< / span >
< span class = "n" > auth_request< / span > < span class = "p" > :< / span > < span class = "n" > add_header< / span > < span class = "p" > (< / span > < span class = "s2" > " Authorization" < / span > < span class = "p" > ,< / span > < span class = "s2" > " Basic " < / span > < span class = "o" > ..< / span > < span class = "p" > (< / span > < span class = "n" > base64< / span > < span class = "p" > .< / span > < span class = "n" > encode< / span > < span class = "p" > (< / span > < span class = "n" > req< / span > < span class = "p" > .< / span > < span class = "n" > user< / span > < span class = "o" > ..< / span > < span class = "s2" > " :" < / span > < span class = "o" > ..< / span > < span class = "n" > req< / span > < span class = "p" > .< / span > < span class = "n" > password< / span > < span class = "p" > )))< / span >
< span class = "n" > auth_request< / span > < span class = "p" > :< / span > < span class = "n" > add_header< / span > < span class = "p" > (< / span > < span class = "n" > http_header_forwarded_for< / span > < span class = "p" > ,< / span > < span class = "n" > req< / span > < span class = "p" > .< / span > < span class = "n" > remote_ip< / span > < span class = "p" > )< / span >
< span class = "kd" > local< / span > < span class = "n" > auth_response< / span > < span class = "o" > =< / span > < span class = "n" > auth_request< / span > < span class = "p" > :< / span > < span class = "n" > submit< / span > < span class = "p" > ()< / span >
< span class = "kd" > local< / span > < span class = "n" > resp_status< / span > < span class = "o" > =< / span > < span class = "n" > auth_response< / span > < span class = "p" > :< / span > < span class = "n" > status< / span > < span class = "p" > ()< / span >
< span class = "kd" > local< / span > < span class = "n" > reason< / span > < span class = "o" > =< / span > < span class = "n" > auth_response< / span > < span class = "p" > :< / span > < span class = "n" > reason< / span > < span class = "p" > ()< / span >
< span class = "kd" > local< / span > < span class = "n" > returnStatus< / span > < span class = "o" > =< / span > < span class = "n" > dovecot< / span > < span class = "p" > .< / span > < span class = "n" > auth< / span > < span class = "p" > .< / span > < span class = "n" > PASSDB_RESULT_INTERNAL_FAILURE< / span >
< span class = "kd" > local< / span > < span class = "n" > returnDesc< / span > < span class = "o" > =< / span > < span class = "n" > http_method< / span > < span class = "o" > ..< / span > < span class = "s2" > " - " < / span > < span class = "o" > ..< / span > < span class = "n" > http_url< / span > < span class = "o" > ..< / span > < span class = "s2" > " - " < / span > < span class = "o" > ..< / span > < span class = "n" > resp_status< / span > < span class = "o" > ..< / span > < span class = "s2" > " " < / span > < span class = "o" > ..< / span > < span class = "n" > reason< / span >
< span class = "kr" > if< / span > < span class = "n" > resp_status< / span > < span class = "o" > ==< / span > < span class = "n" > http_status_ok< / span >
< span class = "kr" > then< / span >
< span class = "n" > returnStatus< / span > < span class = "o" > =< / span > < span class = "n" > dovecot< / span > < span class = "p" > .< / span > < span class = "n" > auth< / span > < span class = "p" > .< / span > < span class = "n" > PASSDB_RESULT_OK< / span >
< span class = "n" > returnDesc< / span > < span class = "o" > =< / span > < span class = "s2" > " nopassword=y" < / span >
< span class = "kr" > elseif< / span > < span class = "n" > resp_status< / span > < span class = "o" > ==< / span > < span class = "n" > http_status_failure< / span >
< span class = "kr" > then< / span >
< span class = "n" > returnStatus< / span > < span class = "o" > =< / span > < span class = "n" > dovecot< / span > < span class = "p" > .< / span > < span class = "n" > auth< / span > < span class = "p" > .< / span > < span class = "n" > PASSDB_RESULT_PASSWORD_MISMATCH< / span >
< span class = "n" > returnDesc< / span > < span class = "o" > =< / span > < span class = "s2" > " " < / span >
< span class = "kr" > end< / span >
< span class = "kr" > return< / span > < span class = "n" > returnStatus< / span > < span class = "p" > ,< / span > < span class = "n" > returnDesc< / span >
< span class = "kr" > end< / span >
< / code > < / pre > < / div >
< p > Replace the hostname in the URL to the actual hostname of Nextcloud.< / p >
< p > Dovecot < a href = "https://doc.dovecot.org/admin_manual/lua/#dovecot.http.client" > provides an HTTP client for use in Lua< / a > . Aside of that, Lua by itself is pretty barebones. It chooses library compactness over included functionality. You can see that in that a separate library is referenced to add support for Base64 encoding, which is required for < a href = "https://en.wikipedia.org/wiki/Basic_access_authentication" > HTTP basic access authentication< / a > . This library (also a Lua script) is not included. It must be downloaded and stored in the same directory:< / p >
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "nb" > cd< / span > < span class = "w" > < / span > ./docker-data/dms/config/dovecot/lua
curl< span class = "w" > < / span > -JLO< span class = "w" > < / span > https://raw.githubusercontent.com/iskolbin/lbase64/master/base64.lua
< / code > < / pre > < / div >
< p > Only use native (pure Lua) libraries as dependencies if possible, such as < code > base64.lua< / code > from the example. This ensures maximum compatibility. Performance is less of an issue since Lua scripts written for Dovecot probably won't be long or complex, and there won't be a lot of data processing by Lua itself.< / p >
< h2 id = "debugging-a-lua-script" > < a class = "toclink" href = "#debugging-a-lua-script" > Debugging a Lua script< / a > < / h2 >
< p > To see which Lua version is used by Dovecot if you plan to do something that is version dependent, run:< / p >
< div class = "highlight" > < pre > < span > < / span > < code > docker< span class = "w" > < / span > < span class = "nb" > exec< / span > < span class = "w" > < / span > CONTAINER_NAME< span class = "w" > < / span > strings< span class = "w" > < / span > /usr/lib/dovecot/libdovecot-lua.so< span class = "p" > |< / span > grep< span class = "w" > < / span > < span class = "s1" > ' ^LUA_' < / span >
< / code > < / pre > < / div >
< p > While Dovecot logs the status of authentication attempts for any passdb backend, Dovecot will also log Lua scripting errors and messages sent to Dovecot's < a href = "https://doc.dovecot.org/admin_manual/lua/#dovecot.i_debug" > Lua API log functions< / a > . The combined DMS log (including that of Dovecot) can be viewed using < code > docker logs CONTAINER_NAME< / code > . If the log is too noisy (< em > due to other processes in the container also logging to it< / em > ), < code > docker exec CONTAINER_NAME cat /var/log/mail/mail.log< / code > can be used to view the log of Dovecot and Postfix specifically.< / p >
< p > If working with HTTP in Lua, setting < code > debug = true;< / code > when initiating < code > dovecot.http.client< / code > will create debug log messages for every HTTP request and response.< / p >
< p > Note that Lua runs compiled bytecode, and that scripts will be compiled when they are initially started. Once compiled, the bytecode is cached and changes in the Lua script will not be processed automatically. Dovecot will reload its configuration and clear its cached Lua bytecode when running < code > docker exec CONTAINER_NAME dovecot reload< / code > . A (changed) Lua script will be compiled to bytecode the next time it is executed after running the Dovecot reload command.< / p >
< / article >
< / div >
< / div >
< button type = "button" class = "md-top md-icon" data-md-component = "top" hidden >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12Z" / > < / svg >
Back to top
< / button >
< / main >
< footer class = "md-footer" >
< div class = "md-footer-meta md-typeset" >
< div class = "md-footer-meta__inner md-grid" >
< div class = "md-copyright" >
< div class = "md-copyright__highlight" >
< p > & copy < a href = "https://github.com/docker-mailserver" > < em > Docker Mailserver Organization< / em > < / a > < br / > < span > This project is licensed under the MIT license.< / span > < / p >
< / div >
Made with
< a href = "https://squidfunk.github.io/mkdocs-material/" target = "_blank" rel = "noopener" >
Material for MkDocs
< / a >
< / div >
< / div >
< / div >
< / footer >
< / div >
< div class = "md-dialog" data-md-component = "dialog" >
< div class = "md-dialog__inner md-typeset" > < / div >
< / div >
< script id = "__config" type = "application/json" > { "base" : "../../.." , "features" : [ "navigation.tabs" , "navigation.top" , "navigation.expand" , "navigation.instant" , "content.action.edit" , "content.action.view" , "content.code.annotate" ] , "search" : "../../../assets/javascripts/workers/search.dfff1995.min.js" , "translations" : { "clipboard.copied" : "Copied to clipboard" , "clipboard.copy" : "Copy to clipboard" , "search.result.more.one" : "1 more on this page" , "search.result.more.other" : "# more on this page" , "search.result.none" : "No matching documents" , "search.result.one" : "1 matching document" , "search.result.other" : "# matching documents" , "search.result.placeholder" : "Type to start searching" , "search.result.term.missing" : "Missing" , "select.version" : "Select version" } , "version" : { "provider" : "mike" } } < / script >
< script src = "../../../assets/javascripts/bundle.dff1b7c8.min.js" > < / script >
< / body >
< / html >