Trying to limit the API calls to doveadm-http-api by configure allowed
commands, but once the commands added to the list, the RestAPI no longer
work.
1) Return correct reply when doveadm_allowed_commands is empty
# curl -k -H "Content-Type: application/json" -H "Authorization:
X-Dovecot-API <base64 api key>" https://localhost:9088/doveadm/v1
-d'[["quotaGet",{"user":"us...@mydomain.com"},"c01"]]'
[["doveadmResponse",[{"root":"User
quota","type":"STORAGE","value":"0","limit":1024","percent":"0"},{"root":"Userquota","type":"MESSAGE","value":"0","limit":"-","percent":"0"}],"c01"]]
2) Return unAuthorized when doveadm_allowed_commands =
quotaGet,quotaRecalc,expunge
# curl -k -H "Content-Type: application/json" -H "Authorization:
X-Dovecot-API <base64 api key>" https://localhost:9088/doveadm/v1
-d'[["quotaGet",{"user":"us...@mydomain.com"},"c01"]]'
[["error",{"type":"unAuthorized", "exitCode":0},"c01"]]
Here is my config,
# uname -a
Linux ad92422d8e94 3.10.0-862.2.3.el7.x86_64 #1 SMP Wed May 9 18:05:47
UTC 2018 x86_64 Linux
# free -m
total used free shared buffers cached
Mem: 15885 7133 8751 0 1 4374
-/+ buffers/cache: 2758 13126
Swap: 0 0 0
/ # dovecot -n
# 2.3.2.1 (0719df592): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.2 (7704de5e)
# OS: Linux 3.10.0-862.2.3.el7.x86_64 x86_64 xfs
# Hostname: ad92422d8e94
auth_mechanisms = plain login
doveadm_allowed_commands = quotaGet,quotaRecalc,expunge
doveadm_api_key = # hidden, use -P to show it
hostname = mailhost.mydomain.com
info_log_path = /dev/stdout
lda_mailbox_autosubscribe = yes
log_path = /dev/stderr
login_greeting = Dovecot ready.
mail_gid = vmail
mail_home = /var/vmail/%d/%n
mail_location = maildir:/var/vmail/%d/%n/Maildir
mail_plugins = " quota zlib"
mail_privileged_group = vmail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
imapsieve_mailbox1_before =
file:/etc/dovecot/sieve/global/learn-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before =
file:/etc/dovecot/sieve/global/learn-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
quota = maildir:User quota
quota_exceeded_message = User %u has exhausted allowed storage space.
recipient_delimiter = -
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_before = /etc/dovecot/sieve/global/spam-to-folder.sieve
sieve_global_extensions = +vnd.dovecot.pipe
sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
sieve_pipe_exec_timeout = 60s
sieve_plugins = sieve_imapsieve sieve_extprograms
zlib_save = gz
zlib_save_level = 6
}
postmaster_address = postmas...@mydomain.com
protocols = lmtp imap pop3 sieve
recipient_delimiter = -
service auth {
inet_listener {
port = 9000
}
}
service doveadm {
client_limit = 1
drop_priv_before_exec = no
executable = doveadm-server
extra_groups = $default_internal_group
inet_listener http {
port = 9088
ssl = yes
}
service_count = 1
}
service lmtp {
inet_listener lmtp {
port = 24
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
ssl_cert = </etc/tls/mailserver.crt
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
submission_host = mta-host.mydomain.com
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lmtp {
mail_plugins = " quota zlib sieve"
}
protocol imap {
mail_plugins = " quota zlib imap_sieve imap_quota imap_zlib"
}
