Bugfix send only accounts (#66)

Fix password query to cover send only accounts, added test cases

mda/rootfs/etc/dovecot/dovecot-sql.conf.ext.templ

@@ -1,6 +1,6 @@
 driver = mysql
 connect = host={{ .Env.MYSQL_HOST }} dbname={{ .Env.MYSQL_DATABASE }} user={{ .Env.MYSQL_USER }} password={{ .Env.MYSQL_PASSWORD }}
 default_pass_scheme = SHA256-CRYPT
-password_query = SELECT mail_users.name AS user, mail_domains.name AS domain, password FROM mail_users JOIN mail_domains ON mail_users.domain_id = mail_domains.id WHERE mail_users.name = '%n' AND mail_domains.name = '%d' AND enabled = 1;
-user_query = SELECT concat('*:storage=', quota, 'M') AS quota_rule FROM mail_users JOIN mail_domains ON mail_users.domain_id = mail_domains.id WHERE mail_users.name = '%n' AND mail_domains.name = '%d' AND send_only = 0;
-iterate_query = SELECT mail_users.name AS username, mail_domains.name AS domain FROM mail_users JOIN mail_domains ON mail_users.domain_id = mail_domains.id WHERE send_only = 0;
+password_query = SELECT mail_users.name AS user, mail_domains.name AS domain, password FROM mail_users JOIN mail_domains ON mail_users.domain_id = mail_domains.id WHERE mail_users.name = '%n' AND mail_domains.name = '%d' AND enabled = 1 AND NOT (send_only = 1 AND "%s" in ('imap', 'pop3'));
+user_query = SELECT concat('*:storage=', quota, 'M') AS quota_rule FROM mail_users JOIN mail_domains ON mail_users.domain_id = mail_domains.id WHERE mail_users.name = '%n' AND mail_domains.name = '%d';
+iterate_query = SELECT mail_users.name AS username, mail_domains.name AS domain FROM mail_users JOIN mail_domains ON mail_users.domain_id = mail_domains.id;

test/rootfs/usr/share/tests/003_mta.bats

@@ -10,11 +10,16 @@
     [ "$status" -eq 0 ]
 }
 
-@test "authentification on smtp should fail" {
+@test "authentification on smtp with disabled account should fail" {
     run swaks -s mta --to [email protected] --from [email protected] -a -au [email protected] -ap test1234 -tls --body "$BATS_TEST_DESCRIPTION"
     [ "$status" -eq 28 ]
 }
 
+@test "authentification on smtp with disabled and send only account should fail" {
+    run swaks -s mta --to [email protected] --from [email protected] -a -au [email protected] -ap test1234 -tls --body "$BATS_TEST_DESCRIPTION"
+    [ "$status" -eq 28 ]
+}
+
 @test "send mail to mda with smtp authentification (submission service)" {
     run swaks -s mda --port 587 --to [email protected] --from [email protected] -a -au [email protected] -ap changeme -tls --body "$BATS_TEST_DESCRIPTION"
     [ "$status" -eq 0 ]
@@ -25,6 +30,11 @@
     [ "$status" -eq 0 ]
 }
 
+@test "send mail to mda from sendonly account with smtp authentification (submission service)" {
+    run swaks -s mda --port 587 --to [email protected] --from [email protected] -a -au [email protected] -ap test1234 -tls --body "$BATS_TEST_DESCRIPTION"
+    [ "$status" -eq 0 ]
+}
+
 @test "send mail to local alias" {
     run swaks -s mta --to [email protected] --body "$BATS_TEST_DESCRIPTION"
     [ "$status" -eq 0 ]
@@ -76,6 +86,11 @@
     [ "$status" -eq 0 ]
 }
 
+@test "send mail to mda from sendonly account with smtp authentification (submission service) is stored" {
+    run grep -r "send mail to mda from sendonly account with smtp authentification (submission service)" /var/vmail/example.com/admin/Maildir/
+    [ "$status" -eq 0 ]
+}
+
 @test "junk mail is assorted to the junk folder" {
     run grep -r "send junk mail to local address" /var/vmail/example.com/admin/Maildir/.Junk/
     [ "$status" -eq 0 ]
@@ -101,7 +116,7 @@
     [ "$status" -eq 24 ]
 }
 
-@test "mail to send disabled and only mailbox is rejected anyway" {
+@test "mail to disabled and send only mailbox is rejected anyway" {
     run swaks -s mta --to [email protected] --body "$BATS_TEST_DESCRIPTION"
     [ "$status" -eq 24 ]
 }