Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Disabled account can still receive email
See original GitHub issueImpacted versions
- OS Type: Debian
- OS Version: Buster
- Database Type: PostgreSQL
- Database version: 11
- Modoboa: 1.17.0
Steps to reproduce
- Create an account with Simple user role and disable it - either at the creation or after
- Send an email to this account
Current behavior
Even if the account is disabled, the recipient is still allowed by Postfix and the email is delivered.
Expected behavior
If I understand the meaning of a disabled account, emails to this address should be rejected.
Debugging
While trying to find in Postfix when this recipient is accepted, I found that it was by looking up in sql-aliases.cf table. Even if there is a condition on enabled in the admin_alias table, the object is still returned. And indeed, even if the core_user is disabled, the corresponding admin_alias is not.
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hi,
I’m running 1.17.0 and I added the patch manually. But the mail are still received. I think that’s because that’s dovecot-lmtp which is responsible for accepting or not the mail. And in the user_query in dovecot, we never check for the is_active attribute.
Hi @kryskool, no it does not fix this problem and this is why I commented this commit. It only disables aliases which have been added manually from the interface (
internal=False) and not automatically like here (internal=True).