userdb: Add support for receive-only users

Some use cases, like receive-only MTAs, need domain users for receiving emails, but have no real need for passwords since they will never use submission. Today, that is not supported, and those use-cases require the administrator to come up with a password unnecessarily, adding complexity and possibly risk. This patch implements "receive-only users", which don't have a valid password, thus exist for the purposes of delivering mail, but always fail authentication. See https://github.com/albertito/chasquid/issues/44 for more details and rationale. Thanks to xavierg who suggested this feature on IRC.
2025-12-19 14:57:04 +00:00 · 2023-12-03 00:12:46 +00:00
parent dbff2f0455
commit 83ae4c3478
9 changed files with 213 additions and 47 deletions
--- a/cmd/chasquid-util/test.sh
+++ b/cmd/chasquid-util/test.sh
@@ -34,6 +34,17 @@ if ! r user-add user@domain --password=passwd > /dev/null; then
 fi
 check_userdb

+if ! r user-add denied@domain --receive_only > /dev/null; then
+	echo user-add --receive_only failed
+	exit 1
+fi
+check_userdb
+
+if r user-add xxx@domain --password=passwd --receive_only > /dev/null; then
+	echo user-add --password --receive_only worked
+	exit 1
+fi
+
 if ! r authenticate user@domain --password=passwd > /dev/null; then
 	echo authenticate failed
 	exit 1
@@ -44,6 +55,11 @@ if r authenticate user@domain --password=abcd > /dev/null; then
 	exit 1
 fi

+if r authenticate denied@domain --password=abcd > /dev/null; then
+	echo authenticate on a no-submission user worked
+	exit 1
+fi
+
 # Interactive authentication.
 # Need to wrap the execution under "script" since the interaction requires an
 # actual TTY, and that's a fairly portable way to do that.