Merge #2564

2564: Misc dovecot config changes r=mergify[bot] a=nextgens ## What type of PR? bug-fix ## What does this PR do? - fix RECIPIENT_DELIMITER (wrong scope, was ignored) This can be confirmed using: ``$nc imap 2525 ...`` and delivering to a VERP address - drop privileges of the LMTP daemon ### Related issue(s) ## Prerequisites Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [ ] In case of feature or enhancement: documentation updated accordingly - [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2025-03-03 14:52:36 +02:00 · 2022-12-02 10:31:22 +00:00 · 2022-12-02 10:31:22 +00:00 · 0bfe3f92a6
commit 0bfe3f92a6
parent 8c3da2815d 5da2ab8fd1
2 changed files with 11 additions and 8 deletions
--- a/core/dovecot/conf/dovecot.conf
+++ b/core/dovecot/conf/dovecot.conf
@ -7,6 +7,10 @@ postmaster_address = {{ POSTMASTER }}@{{ DOMAIN }}
 hostname = {{ HOSTNAMES.split(",")[0] }}
 submission_host = {{ FRONT_ADDRESS }}

+default_internal_user = dovecot
+default_login_user = mail
+default_internal_group = dovecot
+
 ###############
 # Mailboxes
 ###############
@ -80,18 +84,13 @@ userdb {
 }

 service auth {
-  user = dovecot
  unix_listener auth-userdb {
  }
 }

 service auth-worker {
  unix_listener auth-worker {
-    user = dovecot
-    group = mail
-    mode = 0660
  }
-  user = mail
 }

 ###############
@ -116,9 +115,9 @@ service imap-login {
 ###############
 # Delivery
 ###############
+recipient_delimiter = {{ RECIPIENT_DELIMITER }}
 protocol lmtp {
  mail_plugins = $mail_plugins sieve
-  recipient_delimiter = {{ RECIPIENT_DELIMITER }}
 }

 service lmtp {
--- a/core/dovecot/start.py
+++ b/core/dovecot/start.py
@ -5,6 +5,7 @@ import glob
 import multiprocessing
 import logging as log
 import sys
+from pwd import getpwnam

 from podop import run_server
 from socrate import system, conf
@ -12,7 +13,9 @@ from socrate import system, conf
 log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "WARNING"))

 def start_podop():
-    os.setuid(8)
+    id_mail = getpwnam('mail')
+    os.setgid(id_mail.pw_gid)
+    os.setuid(id_mail.pw_uid)
    url = "http://" + os.environ["ADMIN_ADDRESS"] + "/internal/dovecot/§"
    run_server(0, "dovecot", "/tmp/podop.socket", [
 		("quota", "url", url ),
@ -35,7 +38,8 @@ for script_file in glob.glob("/conf/*.script"):
    os.chmod(out_file, 0o555)

 # Run Podop, then postfix
-multiprocessing.Process(target=start_podop).start()
 os.system("chown mail:mail /mail")
 os.system("chown -R mail:mail /var/lib/dovecot /conf")
+
+multiprocessing.Process(target=start_podop).start()
 os.execv("/usr/sbin/dovecot", ["dovecot", "-c", "/etc/dovecot/dovecot.conf", "-F"])