Courier Patch for automatic maildir creation: Usage: Writing the creator

4.3 Writing the creator

Beware! The creator script is called with a simple exec. Thus, they cannot be ``inlined'' bash scripts. Example:

THIS IS BAD: MAILDIR_CREATOR="mkdir $(echo 'SELECT * FROM ...'|cut -f); chmod..."

There are few things to keep in mind when writing the mailcreator script:

Unless you are using a suid script (with some kind of wraparound), the script will have the user's privileges. Starting from this assumption, I would suggest you setup the home directories to be owned by the recipient and by a generic mailgroup. Thus, you can create a /home/mail owned by root with privileges 0770 (rwxrwx---) where every user is part of the mailgroup and owns is own directory, set with permissions similar to 0700, leading to something like
```
drwxrwx--- root mailgrp /home/mail
drwx------ usr1 mailgrp /home/mail/usr1
drwx------ usr2 mailgrp /home/mail/usr2
```
Using this scheme, no user would be able to read somebody else mails, no user would be able to remove anybody else maildirs, however, any mailgrp user could be able to create any number of directories inside /home/mail without giving the right to courier to write in there leading to a denial of service. This method is thus suggested to those of you who don't give shell accounts to their mail users.
Other better solutions probably exist, but keep in mind that authmkhome runs with user privileges.
Beware that the username passed to the creator is the name used to authenticate the user with pop3 or imap. Thus, in most cases, it won't be a valid system username. Use the UID environment variable instead.

The maildir creator script can take a lot of information from the environment. However, the content of the environment may change from version to version of courier. Before you use those variables, I suggest you put some line like the following in your script, just to make sure that the variable you want to use exists:

        set >> /tmp/state.log

Here is an incomplete list of variables available in courier-0.36.0 and their values (most of them are just crap from our point of view):


ADDRESS=0
AUTHADDR=ccontavalli@localhost  # Mail address of the logged in user
AUTHARGC=4                      # See man authlib
AUTHARGV0=/usr/lib/courier/courier/imaplogin 
AUTHARGV1=/usr/lib/courier/authlib/authdaemon
AUTHARGV2=/usr/bin/imapd
AUTHARGV3=Maildir
AUTHENTICATED=ccontavalli@localhost # Username
AUTHEXPIRE=1009760251
AUTHFULLNAME='Carlo Contavalli' # Full name of the user (if provided by the db)
AUTHMODULES=authdaemon
AUTHMODULES_ORIG=authdaemon
AUTHUSER=/usr/lib/courier/courier/imaplogin
EUID=1051                       # Effective user id of the process 
                                # (provided by your system)
GROUPS=()                       # Additional groups (provided by your system)
HOSTNAME=caronte                # Hostname (provided by your system)
IMAPDSTART=YES
IMAPLOGINTAG=001
IMAP_CAPABILITY='IMAP4rev1 CHILDREN NAMESPACE \
        THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT'
IMAP_CAPABILITY_ORIG='IMAP4rev1 CHILDREN NAMESPACE \
        THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT \
        AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE'
IMAP_CAPABILITY_TLS='IMAP4rev1 CHILDREN NAMESPACE \
        THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=PLAIN'
IMAP_CAPABILITY_TLS_ORIG='IMAP4rev1 CHILDREN NAMESPACE \
        THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5 \
        AUTH=CRAM-SHA1 IDLE AUTH=PLAIN'
IMAP_CHECK_ALL_FOLDERS=0
IMAP_DISABLETHREADSORT=0
IMAP_EMPTYTRASH=Trash:7
IMAP_IDLE_TIMEOUT=60
IMAP_MOVE_EXPUNGE_TO_TRASH=0
IMAP_OBSOLETE_CLIENT=0
IMAP_STARTTLS=NO
IMAP_ULIMITD=65536
IMAP_USELOCKS=0
MAILDIR=1051/
MAXDAEMONS=40
MAXPERIP=4
OPTERR=1
OPTIND=1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PIDFILE=/var/run/courier/imapd.pid
PIPESTATUS=([0]="0")
PORT=143
PPID=668
TCPDOPTS='-nodnslookup -noidentlookup'
TCPLOCALIP=::ffff:127.0.0.1
TCPLOCALPORT=143
TCPREMOTEIP=::ffff:127.0.0.1
TCPREMOTEPORT=1030
UID=1051

Finally, here is an example of maildir creator that uses the provided environment variables and the suggested scheme of ownerships and rights:

#!/bin/bash

username=$1
maildir=$2
maildirmake /home/mail/$maildir
chown -R $UID:mailgrp /home/mail/$maildir

logger -p auth.notice -t courier Automagically created homedir "$maildir"\
         for uid "$UID" aka "$username".

Next Previous Contents