Trying to limit the API calls to doveadm-http-api by configure allowed
commands, but once the commands added to the list, the RestAPI no longer
work.
1) Return correct reply when doveadm_allowed_commands is empty
# curl -k -H "Content-Type: application/json" -H "Authorization:
X-Dovecot-API <base64 api key>" https://localhost:9088/doveadm/v1
-d'[["quotaGet",{"user":"user1 at
mydomain.com"},"c01"]]'
[["doveadmResponse",[{"root":"User
quota","type":"STORAGE","value":"0","limit":1024","percent":"0"},{"root":"Userquota","type":"MESSAGE","value":"0","limit":"-","percent":"0"}],"c01"]]
2) Return unAuthorized when doveadm_allowed_commands =
quotaGet,quotaRecalc,expunge
# curl -k -H "Content-Type: application/json" -H "Authorization:
X-Dovecot-API <base64 api key>" https://localhost:9088/doveadm/v1
-d'[["quotaGet",{"user":"user1 at
mydomain.com"},"c01"]]'
[["error",{"type":"unAuthorized",
"exitCode":0},"c01"]]
Here is my config,
?# uname -a
Linux ad92422d8e94 3.10.0-862.2.3.el7.x86_64 #1 SMP Wed May 9 18:05:47
UTC 2018 x86_64 Linux
# free -m
???????????? total?????? used?????? free???? shared??? buffers cached
Mem:???????? 15885?????? 7133?????? 8751????????? 0 1?????? 4374
-/+ buffers/cache:?????? 2758????? 13126
Swap:??????????? 0????????? 0????????? 0
/ # dovecot -n
# 2.3.2.1 (0719df592): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.2 (7704de5e)
# OS: Linux 3.10.0-862.2.3.el7.x86_64 x86_64? xfs
# Hostname: ad92422d8e94
auth_mechanisms = plain login
doveadm_allowed_commands = quotaGet,quotaRecalc,expunge
doveadm_api_key =? # hidden, use -P to show it
hostname = mailhost.mydomain.com
info_log_path = /dev/stdout
lda_mailbox_autosubscribe = yes
log_path = /dev/stderr
login_greeting = Dovecot ready.
mail_gid = vmail
mail_home = /var/vmail/%d/%n
mail_location = maildir:/var/vmail/%d/%n/Maildir
mail_plugins = " quota zlib"
mail_privileged_group = vmail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
? inbox = yes
? location ? mailbox Drafts {
??? auto = subscribe
??? special_use = \Drafts
? }
? mailbox Junk {
??? auto = subscribe
??? special_use = \Junk
? }
? mailbox Sent {
??? auto = subscribe
??? special_use = \Sent
? }
? mailbox "Sent Messages" {
??? auto = subscribe
??? special_use = \Sent
? }
? mailbox Trash {
??? auto = subscribe
??? special_use = \Trash
? }
? prefix }
passdb {
? args = /etc/dovecot/dovecot-sql.conf.ext
? driver = sql
}
plugin {
? imapsieve_mailbox1_before =
file:/etc/dovecot/sieve/global/learn-spam.sieve
? imapsieve_mailbox1_causes = COPY
? imapsieve_mailbox1_name = Junk
? imapsieve_mailbox2_before =
file:/etc/dovecot/sieve/global/learn-ham.sieve
? imapsieve_mailbox2_causes = COPY
? imapsieve_mailbox2_from = Junk
? imapsieve_mailbox2_name = *
? quota = maildir:User quota
? quota_exceeded_message = User %u has exhausted allowed storage space.
? recipient_delimiter = -
? sieve = file:~/sieve;active=~/.dovecot.sieve
? sieve_before = /etc/dovecot/sieve/global/spam-to-folder.sieve
? sieve_global_extensions = +vnd.dovecot.pipe
? sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
? sieve_pipe_exec_timeout = 60s
? sieve_plugins = sieve_imapsieve sieve_extprograms
? zlib_save = gz
? zlib_save_level = 6
}
postmaster_address = postmaster at mydomain.com
protocols = lmtp imap pop3 sieve
recipient_delimiter = -
service auth {
? inet_listener {
??? port = 9000
? }
}
service doveadm {
? client_limit = 1
? drop_priv_before_exec = no
? executable = doveadm-server
? extra_groups = $default_internal_group
? inet_listener http {
??? port = 9088
??? ssl = yes
? }
? service_count = 1
}
service lmtp {
? inet_listener lmtp {
??? port = 24
? }
}
service managesieve-login {
? inet_listener sieve {
??? port = 4190
? }
}
ssl_cert = </etc/tls/mailserver.crt
ssl_dh =? # hidden, use -P to show it
ssl_key =? # hidden, use -P to show it
submission_host = mta-host.mydomain.com
userdb {
? args = /etc/dovecot/dovecot-sql.conf.ext
? driver = sql
}
protocol lmtp {
? mail_plugins = " quota zlib sieve"
}
protocol imap {
? mail_plugins = " quota zlib imap_sieve imap_quota imap_zlib"
}