[feature req] Allow 'disabled' users to login (maybe need an allow_login field too like for active) #620
Comments
|
Hi @worgenrage - no need to apologise for your excellent english (it's probably better than mine!). |
|
I'm fine with this as long as it's opt-in only; it should not be enabled automatically. Otherwise, it's a security hole. Let's keep it as a separate option that's off by default. |
|
To summarise you'd like to split the current 'mailbox.active' field into two boolean type fields - perhaps called something like 'enable_smtp' and 'enable_pickup' where
|
hey! Exactly. Something like that. btw in this "setup" enable_smtp is equal and operates as now the 'active' field*. And well as above commets, this option or "patch" or call it anything can NOT be default ! Just only an optional "feature" with some big "warnings" for security reasons ^^ as we can read a few comments before. Of course if we split up to enable_smtp and enable_pickup then need to do some "changes" in the mysql queries configs too. For dovecot we need to check if enable_pickup is 1 ? then okay, allow to login via IMAP / POP / etc. if 0 then no. For postfix part, enable_pickup is irrevelant, no need to use it or check it, because postfix does not need to know about pickup thing. Just need to check enable_smtp. Probably this "feature" can be added to ADDITIONS directory, but i'm not sure about that, because if you split active thing, then you need to modify the base code too, not just "extend" the SQL schema. Or just leave alone the "active" thing as is and extend it with enable_pickup. so no need to break the actual working code, just extend it. By default active is the only field that should be checked - as now it happens - but if you enable the pickup thing in postfixadmin config, then in ADDITIONS folder -> you can extend your actual mysql schema -> you can use the extended pickup SQL query thing for configs, etc. Sorry, a little bit long answer ^^ Short answer: yes :) Regards! |
Hey there!
I just got a little problem today, I had to disable an email address in postfixadmin just did it and then one of my user noticed
that she can not login to IMAP server. Which is fine.. because dovecot mysql config using:
*** FROM mailbox WHERE username = '%u' AND active = '1'And postfix mysql config using this method too. Which basically not a problem, because if you disable a user then active goes to 0.
But sometimes you (as for me now) need to disable an email account (stop recieveing emails for that address,etc) BUT you need to
reach the disabled ermail user box via IMAP service (for searching older emails, etc, etc, etc).
Probably if there will be rework for 'active' section or add another part to the database like allow_login 0/1 then you can manage
IMAP server to allow login for that user.
For now i just solved this stuff by removing dovecot_mysql* config the "" AND active = '1' ""part.
The problem with this that all disabled users are allowed to login to IMAP server.
So maybe for postfixadmin we need some "allow_login" stuff that works like "active" part.
Then you can disable an email address, but allow to login via IMAP.
I know that it is not the best thing that you allow other users to reach "disabled" email boxes, but some companies does this.
Just my 2 cent.
ps.: Sorry for my english not my native lang*
Regards
-worgenrage-
The text was updated successfully, but these errors were encountered: