mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2025-05-28 00:57:46 +02:00
611a66bf98
* fix: Dovecot PassDB should restrict allowed auth mechanisms This prevents PassDBs incompatible with certain auth mechanisms from logging failures which accidentally triggers Fail2Ban. Instead only allow the PassDB to be authenticated against when it's compatible with the auth mechanism used. * tests: Use `curl` for OAuth2 login test-cases instead of netcat `curl` provides this capability for both IMAP and SMTP authentication with a bearer token. It supports both `XOAUTH2` and `OAUTHBEARER` mechanisms, as these updated test-cases demonstrate. * chore: Add entry to `CHANGELOG.md`
22 lines
691 B
Plaintext
22 lines
691 B
Plaintext
# NOTE: This is effectively the same default LDAP config shipped by Dovecot
|
|
# The only difference is the addition of the passdb mechanisms field,
|
|
# which restricts what auth mechanisms are supported / expected.
|
|
# This prevents unnecessary auth failure logs triggering Fail2Ban when
|
|
# additional passdb are enabled (OAuth2).
|
|
|
|
passdb {
|
|
driver = ldap
|
|
mechanism = plain login
|
|
|
|
# Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
|
|
args = /etc/dovecot/dovecot-ldap.conf.ext
|
|
}
|
|
|
|
userdb {
|
|
driver = ldap
|
|
args = /etc/dovecot/dovecot-ldap.conf.ext
|
|
|
|
# Default fields can be used to specify defaults that LDAP may override
|
|
#default_fields = home=/home/virtual/%u
|
|
}
|