From 9fc70d8cc764612b1dc1510cc6d2571bd13af423 Mon Sep 17 00:00:00 2001
From: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
Date: Wed, 20 Oct 2021 04:51:35 +0200
Subject: [PATCH] add postfixadmin_permit_inactive_user_nosmtp option

---
 README.md                                                | 4 ++++
 roles/postfixadmin/defaults/main.yml                     | 1 +
 .../templates/etc/dovecot/dovecot-sql.conf.j2            | 9 ++++++++-
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f319da0..2dfa514 100644
--- a/README.md
+++ b/README.md
@@ -105,6 +105,10 @@ postfixadmin_transport_options:
   - lmtp:unix:private/dovecot-lmtp
 # Base URL is needed to call the bootstrap API
 postfixadmin_base_url: https://example.org/postfixadmin
+
+# If set to yes/true, this option permits login for inactive users, but only if the service is NOT smtp.
+# This permits disabled users to still read their mail, but will not allow them to send mail.
+postfixadmin_permit_inactive_user_nosmtp: yes
 ```
 
 As this role involves some secrets, you should put the following
diff --git a/roles/postfixadmin/defaults/main.yml b/roles/postfixadmin/defaults/main.yml
index 5d41bd0..6d1f746 100644
--- a/roles/postfixadmin/defaults/main.yml
+++ b/roles/postfixadmin/defaults/main.yml
@@ -71,6 +71,7 @@ postfixadmin_database_postfix_user: postfix
 postfixadmin_database_postfix_hosts: 'unix:/run/mysqld/mysqld.sock'
 postfixadmin_database_dovecot_user: postfix
 postfixadmin_database_dovecot_hosts: '/run/mysqld/mysqld.sock'
+postfixadmin_permit_inactive_user_nosmtp: no
 
 virtual_mail_home: /home/virtual
 virtual_mail_uid: virtual
diff --git a/roles/postfixadmin/templates/etc/dovecot/dovecot-sql.conf.j2 b/roles/postfixadmin/templates/etc/dovecot/dovecot-sql.conf.j2
index bcf1fb5..1dfb057 100644
--- a/roles/postfixadmin/templates/etc/dovecot/dovecot-sql.conf.j2
+++ b/roles/postfixadmin/templates/etc/dovecot/dovecot-sql.conf.j2
@@ -3,5 +3,12 @@
 driver = mysql
 connect = host={{ postfixadmin_database_dovecot_hosts }} dbname={{ postfixadmin_database_name }} user={{ postfixadmin_database_dovecot_user }} password={{ postfixadmin_database_dovecot_password }}
 default_pass_scheme = BLF-CRYPT
+{% if postfixadmin_permit_inactive_user_nosmtp %}
+# '%s'<>'smtp' permits login for inactive users, but only if the service is NOT smtp.
+# This permits disabled users to still read their mail, but will not allow them to send mail.
+password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND ( active='1' OR '%s'<>'smtp' )
+user_query = SELECT CONCAT('{{ virtual_mail_home }}', maildir) AS home, {{ virtual_mail_numeric_uid }} AS uid, {{ virtual_mail_numeric_gid }} AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND ( active='1' OR '%s'<>'smtp' )
+{% else %}
 password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'
-user_query = SELECT CONCAT('{{ virtual_mail_home }}', maildir) AS home, {{ virtual_mail_numeric_uid }} AS uid, {{ virtual_mail_numeric_gid }} AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active='1'
\ No newline at end of file
+user_query = SELECT CONCAT('{{ virtual_mail_home }}', maildir) AS home, {{ virtual_mail_numeric_uid }} AS uid, {{ virtual_mail_numeric_gid }} AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active='1'
+{% endif %}
\ No newline at end of file