From 4cc77567cc2fe7e07c9371c37529ef8979ab4e4a Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Wed, 18 Nov 2020 10:26:24 -0700 Subject: [PATCH 1/4] postfix: reject_unlisted_sender --- install/tpl/debian_postfix.conf.master | 1 + install/tpl/fedora_postfix.conf.master | 1 + install/tpl/gentoo_postfix.conf.master | 1 + install/tpl/opensuse_postfix.conf.master | 1 + 4 files changed, 4 insertions(+) diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master index dcd5f592d8..a6a48e0e02 100644 --- a/install/tpl/debian_postfix.conf.master +++ b/install/tpl/debian_postfix.conf.master @@ -28,6 +28,7 @@ proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virt smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit smtpd_sender_restrictions = {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf +smtpd_reject_unlisted_sender = yes smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master index 45bc0c117e..3cd8357a66 100644 --- a/install/tpl/fedora_postfix.conf.master +++ b/install/tpl/fedora_postfix.conf.master @@ -24,6 +24,7 @@ proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virt smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit smtpd_sender_restrictions = {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf +smtpd_reject_unlisted_sender = yes smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master index b3ff8f6804..f4a1d4025c 100644 --- a/install/tpl/gentoo_postfix.conf.master +++ b/install/tpl/gentoo_postfix.conf.master @@ -23,6 +23,7 @@ proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virt smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit smtpd_sender_restrictions = {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf +smtpd_reject_unlisted_sender = yes smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master index 7386fad16e..7d3669853a 100644 --- a/install/tpl/opensuse_postfix.conf.master +++ b/install/tpl/opensuse_postfix.conf.master @@ -26,6 +26,7 @@ proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virt smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit smtpd_sender_restrictions = {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf +smtpd_reject_unlisted_sender = yes smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit -- GitLab From e1c013e9f2c68fd178fcc340c73c5999c790723d Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Wed, 18 Nov 2020 11:26:54 -0700 Subject: [PATCH 2/4] sender_login_maps missing check for active domain --- install/tpl/mysql-virtual_sender_login_maps.cf.master | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/install/tpl/mysql-virtual_sender_login_maps.cf.master b/install/tpl/mysql-virtual_sender_login_maps.cf.master index f97229d213..165bee1231 100644 --- a/install/tpl/mysql-virtual_sender_login_maps.cf.master +++ b/install/tpl/mysql-virtual_sender_login_maps.cf.master @@ -4,4 +4,5 @@ dbname = {mysql_server_database} hosts = {mysql_server_ip} query = SELECT destination FROM mail_forwarding WHERE source = '%s' AND active = 'y' AND allow_send_as = 'y' AND server_id = {server_id} UNION - SELECT email FROM mail_user WHERE email = '%s' AND disablesmtp = 'n' AND server_id = {server_id}; + SELECT email FROM mail_user WHERE email = '%s' AND disablesmtp = 'n' AND server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) -- GitLab From 6242ec108c76fc7010317eb1f2e24c464315b59d Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Wed, 18 Nov 2020 11:37:58 -0700 Subject: [PATCH 3/4] other templates missing mail_domain active checks --- install/tpl/mysql-virtual_email2email.cf.master | 2 ++ install/tpl/mysql-virtual_gids.cf.master | 3 ++- install/tpl/mysql-virtual_mailboxes.cf.master | 3 ++- install/tpl/mysql-virtual_outgoing_bcc.cf.master | 5 ++++- install/tpl/mysql-virtual_policy_greylist.cf.master | 5 +++-- install/tpl/mysql-virtual_uids.cf.master | 3 ++- 6 files changed, 15 insertions(+), 6 deletions(-) diff --git a/install/tpl/mysql-virtual_email2email.cf.master b/install/tpl/mysql-virtual_email2email.cf.master index 326ef2c3d9..1ae7f9addc 100644 --- a/install/tpl/mysql-virtual_email2email.cf.master +++ b/install/tpl/mysql-virtual_email2email.cf.master @@ -3,5 +3,7 @@ password = {mysql_server_ispconfig_password} dbname = {mysql_server_database} hosts = {mysql_server_ip} query = SELECT email FROM mail_user WHERE email = '%s' AND forward_in_lda = 'n' AND disabledeliver = 'n' AND postfix = 'y' AND server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) UNION SELECT cc AS email FROM mail_user WHERE email = '%s' AND cc != '' AND (forward_in_lda = 'n' OR disabledeliver = 'y') AND postfix = 'y' AND server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) diff --git a/install/tpl/mysql-virtual_gids.cf.master b/install/tpl/mysql-virtual_gids.cf.master index 5611b935dd..0bd2c8ec69 100644 --- a/install/tpl/mysql-virtual_gids.cf.master +++ b/install/tpl/mysql-virtual_gids.cf.master @@ -2,4 +2,5 @@ user = {mysql_server_ispconfig_user} password = {mysql_server_ispconfig_password} dbname = {mysql_server_database} hosts = {mysql_server_ip} -query = select gid from mail_user where email = '%s' and postfix = 'y' and server_id = {server_id} +query = SELECT gid FROM mail_user WHERE email = '%s' AND postfix = 'y' AND server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) diff --git a/install/tpl/mysql-virtual_mailboxes.cf.master b/install/tpl/mysql-virtual_mailboxes.cf.master index 8b2677a196..76cc05f464 100644 --- a/install/tpl/mysql-virtual_mailboxes.cf.master +++ b/install/tpl/mysql-virtual_mailboxes.cf.master @@ -2,4 +2,5 @@ user = {mysql_server_ispconfig_user} password = {mysql_server_ispconfig_password} dbname = {mysql_server_database} hosts = {mysql_server_ip} -query = select CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') from mail_user where email = '%s' and postfix = 'y' and disabledeliver = 'n' and server_id = {server_id} +query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM mail_user WHERE email = '%s' AND postfix = 'y' AND disabledeliver = 'n' AND server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) diff --git a/install/tpl/mysql-virtual_outgoing_bcc.cf.master b/install/tpl/mysql-virtual_outgoing_bcc.cf.master index 19b235fcf5..1501154e16 100644 --- a/install/tpl/mysql-virtual_outgoing_bcc.cf.master +++ b/install/tpl/mysql-virtual_outgoing_bcc.cf.master @@ -4,7 +4,9 @@ dbname = {mysql_server_database} hosts = {mysql_server_ip} query = SELECT sender_cc FROM ( SELECT SUBSTRING_INDEX(sender_cc, ',', 1) AS sender_cc - FROM mail_user WHERE email = '%s' AND disablesmtp = 'n' AND sender_cc != '' AND server_id = {server_id} + FROM mail_user + WHERE email = '%s' AND disablesmtp = 'n' AND sender_cc != '' AND server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) UNION SELECT SUBSTRING_INDEX(u.sender_cc, ',', 1) AS sender_cc FROM mail_user u, mail_forwarding f @@ -13,4 +15,5 @@ query = SELECT sender_cc FROM ( '[[:blank:]]*(,[[:blank:]]*[[:alnum:]]|,?[[:blank:]]*(\\r?\\n|$))' ) AND u.disablesmtp = 'n' AND u.sender_cc != '' AND u.server_id = {server_id} AND f.source = '%s' AND f.allow_send_as = 'y' AND f.active = 'y' AND f.server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) ) table1 WHERE sender_cc != '' LIMIT 1 diff --git a/install/tpl/mysql-virtual_policy_greylist.cf.master b/install/tpl/mysql-virtual_policy_greylist.cf.master index 5203b1a2ea..8896b823a7 100644 --- a/install/tpl/mysql-virtual_policy_greylist.cf.master +++ b/install/tpl/mysql-virtual_policy_greylist.cf.master @@ -5,9 +5,10 @@ hosts = {mysql_server_ip} query = SELECT 'greylisting' FROM ( SELECT `greylisting`, 1 as `prio` FROM `mail_user` WHERE `server_id` = {server_id} AND `email` = '%s' + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) UNION - SELECT `greylisting`, 2 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '%s' + SELECT `greylisting`, 2 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '%s' AND active = 'y' UNION - SELECT `greylisting`, 3 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '@%d' ORDER BY `prio` ASC LIMIT 1 + SELECT `greylisting`, 3 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '@%d' AND active = 'y' ORDER BY `prio` ASC LIMIT 1 ) AS rules WHERE rules.greylisting = 'y' diff --git a/install/tpl/mysql-virtual_uids.cf.master b/install/tpl/mysql-virtual_uids.cf.master index de35368c0a..6fa041bae5 100644 --- a/install/tpl/mysql-virtual_uids.cf.master +++ b/install/tpl/mysql-virtual_uids.cf.master @@ -2,4 +2,5 @@ user = {mysql_server_ispconfig_user} password = {mysql_server_ispconfig_password} dbname = {mysql_server_database} hosts = {mysql_server_ip} -query = select uid from mail_user where email = '%s' and postfix = 'y' and server_id = {server_id} +query = SELECT uid FROM mail_user WHERE email = '%s' AND postfix = 'y' AND server_id = {server_id} + AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = {server_id}) -- GitLab From a26d4faef64372d536952819d893bbb4d1a251d9 Mon Sep 17 00:00:00 2001 From: Jesse Norell Date: Wed, 18 Nov 2020 13:31:52 -0700 Subject: [PATCH 4/4] dovecot password_query should check mail_domain.active --- install/tpl/debian6_dovecot-sql.conf.master | 3 ++- install/tpl/debian_dovecot-sql.conf.master | 3 ++- install/tpl/fedora_dovecot-sql.conf.master | 3 ++- install/tpl/opensuse_dovecot-sql.conf.master | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/install/tpl/debian6_dovecot-sql.conf.master b/install/tpl/debian6_dovecot-sql.conf.master index e05330dc26..72f286eace 100644 --- a/install/tpl/debian6_dovecot-sql.conf.master +++ b/install/tpl/debian6_dovecot-sql.conf.master @@ -14,7 +14,8 @@ connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_se default_pass_scheme = CRYPT # password-query with prefetch -password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' +password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = '%d' AND active = 'y' AND server_id = {server_id}) + user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers. diff --git a/install/tpl/debian_dovecot-sql.conf.master b/install/tpl/debian_dovecot-sql.conf.master index 2e0858057e..4cbe22f1b9 100644 --- a/install/tpl/debian_dovecot-sql.conf.master +++ b/install/tpl/debian_dovecot-sql.conf.master @@ -121,7 +121,8 @@ connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_se default_pass_scheme = CRYPT # password-query with prefetch -password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' +password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = '%d' AND active = 'y' AND server_id = {server_id}) + user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers. diff --git a/install/tpl/fedora_dovecot-sql.conf.master b/install/tpl/fedora_dovecot-sql.conf.master index 5d06d51e5d..00ef4faf25 100644 --- a/install/tpl/fedora_dovecot-sql.conf.master +++ b/install/tpl/fedora_dovecot-sql.conf.master @@ -134,7 +134,8 @@ connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_se default_pass_scheme = CRYPT # password-query with prefetch -password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' +password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = '%d' AND active = 'y' AND server_id = {server_id}) + user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers. diff --git a/install/tpl/opensuse_dovecot-sql.conf.master b/install/tpl/opensuse_dovecot-sql.conf.master index 5d06d51e5d..00ef4faf25 100644 --- a/install/tpl/opensuse_dovecot-sql.conf.master +++ b/install/tpl/opensuse_dovecot-sql.conf.master @@ -134,7 +134,8 @@ connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_se default_pass_scheme = CRYPT # password-query with prefetch -password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' +password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = '%d' AND active = 'y' AND server_id = {server_id}) + user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers. -- GitLab