Georg Lauterbach 537247031f fix: Make Dovecot aware of basic aliases in userdb for quota support + Use correct hash scheme in passdb configuration (#2248) ... Dovecot quota support would log auth failures when Postfix validated incoming mail to accept/reject and the `check_policy_service` for `quota-status` was queried with a recipient that was an account alias. When Dovecot is not aware of the user account, it will not be able to check a quota and inform Postfix that everything is fine, Postfix will accept the mail and send it to Dovecot, where if the quota is exceeded will result in a bounce back to the sender. This is considered "backscatter" and can be abused by spammers forging the sender address which can get your server blacklisted. The solution is to either disable quota support `ENABLE_QUOTAS=0`, or as a workaround, add dummy accounts to Dovecot userdb for aliases in `postfix-virtual.cf` (not `postfix-aliases.cf`), these dummy accounts will map to the real user account mailbox (real users are defined in `postfix-accounts.cf`). The workaround is naive, in that we only check for basic 1-to-1 alias mapping to real accounts. This will still be an issue for aliases that map to another alias or multiple addresses (real or alias). Unfortunately Postfix will not expand aliases until accepting mail where this would be too late. A better solution is to proxy the `check_policy_service` from Dovecot `quota-status` that Postfix queries in `main.cf:smtpd_recipient_restrictions`, however this requires a fair amount more of additional work and still requires an implementation to recursively query aliases for nested or multiple address mappings, which can then be forwarded to the `quota-status` service configured by Dovecot in `/etc/dovecot/conf.d/90-quota.conf`. LDAP users are unaffected as quota support is not supported/implemented with `docker-mailserver` at this time, it is always considered disabled when using LDAP. --- Additionally Dovecot configuration for `passdb` has been fixed to use the correct password hash scheme of `SHA512-CRYPT`. Co-authored-by: Casper <casperklein@users.noreply.github.com> Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>		2021-11-01 14:20:22 +13:00
..
amavis/conf.d	Improve fail2ban docs and fix a typo (#2126)	2021-08-13 10:30:39 +02:00
bin	chore: Housekeeping on the 'open-dkim' script (#2267)	2021-10-30 10:10:32 +00:00
docker-configomat@4155504854	Updated submodule target/docker-configomat	2020-10-11 19:41:53 +02:00
dovecot	fix: Make Dovecot aware of basic aliases in userdb for quota support + Use correct hash scheme in passdb configuration (#2248)	2021-11-01 14:20:22 +13:00
fail2ban	Fail2Ban block behaviour (#1914)	2021-04-18 12:55:43 +02:00
fetchmail	Implement fetchmail (#260) (#271)	2016-08-21 22:13:13 +02:00
logwatch	Add logwatch maillog.conf file to support /var/log/mail/ (#2112)	2021-08-11 11:31:00 +02:00
opendkim	Fixed KeyTable refile in opendkim.conf https://serverfault.com/a/861701/377751 (#2249)	2021-10-16 19:04:51 +02:00
opendmarc	[opendmarc] Skip dmarc checks for email sent over authenticated sockets	2017-09-11 17:02:47 -07:00
postfix	chore: Remove invalid config in Postfix master.cf (#2272)	2021-11-01 14:03:56 +13:00
postgrey	housekeeping	2020-11-06 14:04:23 +01:00
postsrsd	formatting files according to standard (#1619)	2020-09-24 14:54:21 +02:00
scripts	fix: Make Dovecot aware of basic aliases in userdb for quota support + Use correct hash scheme in passdb configuration (#2248)	2021-11-01 14:20:22 +13:00
shared	init tests cases ffdhe4096	2020-04-26 22:23:51 +02:00
supervisor	reverted stopwaitsecs for postfix (#2137)	2021-08-17 15:39:30 +02:00