From 62101cd86f630ec32df805bd218401b745ddfa46 Mon Sep 17 00:00:00 2001
From: Matthew Saunders Brown <msb@stackaas.com>
Date: Thu, 30 Jun 2022 08:24:35 -0700
Subject: [PATCH] add Admin option for email accounts

---
 bin/vmail-mboxes-add.sh          |  2 +-
 bin/vmail-mboxes-mod.sh          |  2 +-
 bin/vmail.sh                     |  4 ++--
 etc/dovecot/dovecot-sql.conf.ext |  2 +-
 etc/exim4/exim4.conf             | 22 +++++++++++-----------
 5 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/bin/vmail-mboxes-add.sh b/bin/vmail-mboxes-add.sh
index 18fc493..50cb7eb 100755
--- a/bin/vmail-mboxes-add.sh
+++ b/bin/vmail-mboxes-add.sh
@@ -20,7 +20,7 @@ help()
   echo "  -p <password>   Unencrypted Password for new email address."
   echo "  -q <quota>      Set mailbox quota in GB, otherwise default for this domain is used. NULL means no limit."
   echo "  -r <ratelimit>  Hourly rate limit for sending, multiplied by 10 for the daily limit. If unset domain default is used."
-  echo "  -s <0|1>        Status. 1 for enabled, 0 for disabled. Default is 1 for enabled."
+  echo "  -s <0|1|2>      Status. 0 = disabled, 1 = enabled, 2 = enabled with admin privileges. Default is 1."
   echo "  -j <0|1|2>      Filter Junk/Spam messages. 0 = no filtering. 1 = filter Junk only. 2 = filter Junk & Spam. Default is 2."
 }
 
diff --git a/bin/vmail-mboxes-mod.sh b/bin/vmail-mboxes-mod.sh
index 9d87d02..efbae2b 100755
--- a/bin/vmail-mboxes-mod.sh
+++ b/bin/vmail-mboxes-mod.sh
@@ -20,7 +20,7 @@ help()
   echo "  -p <password>   Set new password."
   echo "  -q <quota>      Set mailbox quota in GB, otherwise default for this domain is used. NULL means no limit."
   echo "  -r <ratelimit>  Hourly rate limit for sending, multiplied by 10 for the daily limit."
-  echo "  -s <0|1>        1 for enabled, 0 for disabled. Default is in db structure and is normally set to 1."
+  echo "  -s <0|1|2>      Status. 0 = disabled, 1 = enabled, 2 = enabled with admin privileges. Default is 1."
   echo "  -j <0|1|2>      Filter Junk/Spam message. 0 = no filtering. 1 = filter Junk only. 2 = filter Junk & Spam. Default is 2."
   exit
 }
diff --git a/bin/vmail.sh b/bin/vmail.sh
index 7b9dc2d..e295104 100755
--- a/bin/vmail.sh
+++ b/bin/vmail.sh
@@ -192,9 +192,9 @@ function vmail:getoptions () {
         r ) # ratelimit - hourly limit for sending, multiplied by 10 for daily limit
           ratelimit=${OPTARG}
           ;;
-        s ) # status - 0 or 1
+        s ) # status - 0 or 1 or 2
           status=${OPTARG}
-           if [[ $status != "0" ]] && [[ $status != "1" ]]; then
+           if [[ $status != "0" ]] && [[ $status != "1" ]] && [[ $status != "2" ]]; then
             echo "ERROR: Invalid status setting: -s $status"
             exit 1
           fi
diff --git a/etc/dovecot/dovecot-sql.conf.ext b/etc/dovecot/dovecot-sql.conf.ext
index 59ebdc1..728b1c6 100644
--- a/etc/dovecot/dovecot-sql.conf.ext
+++ b/etc/dovecot/dovecot-sql.conf.ext
@@ -140,7 +140,7 @@ default_pass_scheme = SHA512-CRYPT
 #    home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
 #  FROM users WHERE userid = '%u'
 
-password_query = SELECT vm_mboxes.passwd AS password, CONCAT('*:bytes=', vm_mboxes.quota, 'G') AS userdb_quota_rule, '/var/vmail/%d/%n' AS userdb_home, '/var/vmail/%d/%n/Maildir' AS userdb_mail, 'vmail' AS userdb_uid, 'vmail' AS userdb_gid FROM vm_domains, vm_mboxes WHERE vm_domains.domain = '%d' AND vm_domains.id = vm_mboxes.domain_id AND vm_mboxes.mbox = '%n' AND vm_domains.status = '1' AND vm_mboxes.status = '1'
+password_query = SELECT vm_mboxes.passwd AS password, CONCAT('*:bytes=', vm_mboxes.quota, 'G') AS userdb_quota_rule, '/var/vmail/%d/%n' AS userdb_home, '/var/vmail/%d/%n/Maildir' AS userdb_mail, 'vmail' AS userdb_uid, 'vmail' AS userdb_gid FROM vm_domains, vm_mboxes WHERE vm_domains.domain = '%d' AND vm_domains.id = vm_mboxes.domain_id AND vm_mboxes.mbox = '%n' AND vm_domains.status = '1' AND vm_mboxes.status > '0'
 
 # Query to get a list of all usernames.
 #iterate_query = SELECT username AS user FROM users
diff --git a/etc/exim4/exim4.conf b/etc/exim4/exim4.conf
index 9351fba..37515f9 100644
--- a/etc/exim4/exim4.conf
+++ b/etc/exim4/exim4.conf
@@ -799,7 +799,7 @@ virtual_alias:
   local_part_suffix = +*
   local_part_suffix_optional = true
   condition = ${if !eq {$received_protocol}{spam-scanned}}
-  data = ${lookup mysql{SELECT CONCAT(vm_mboxes.mbox,'@${domain}') FROM vm_aliases, vm_mboxes, vm_domains WHERE vm_aliases.alias='${local_part}' AND vm_aliases.mbox_id = vm_mboxes.id AND vm_mboxes.domain_id = vm_domains.id AND vm_domains.domain='${domain}' AND vm_domains.status = '1' AND vm_mboxes.status = '1'}}
+  data = ${lookup mysql{SELECT CONCAT(vm_mboxes.mbox,'@${domain}') FROM vm_aliases, vm_mboxes, vm_domains WHERE vm_aliases.alias='${local_part}' AND vm_aliases.mbox_id = vm_mboxes.id AND vm_mboxes.domain_id = vm_domains.id AND vm_domains.domain='${domain}' AND vm_domains.status = '1' AND vm_mboxes.status > '0'}}
 
 junk_filter:
   driver = accept
@@ -811,7 +811,7 @@ junk_filter:
               { eq {$header_X-Junk-Flag:}{YES}} \
               { !eq {$header_X-Whitelist-Flag:}{YES}} \
               } {yes}{no}}
-  condition = ${lookup mysql{SELECT vm_mboxes.id FROM vm_domains, vm_mboxes WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_mboxes.filter > '0'}}
+  condition = ${lookup mysql{SELECT vm_mboxes.id FROM vm_domains, vm_mboxes WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_domains.status = '1' AND vm_mboxes.status > '0' AND vm_mboxes.filter > '0'}}
   transport = junk_delivery
 
 spam_filter:
@@ -824,7 +824,7 @@ spam_filter:
               { eq {$header_X-Spam-Flag:}{YES}} \
               { !eq {$header_X-Whitelist-Flag:}{YES}} \
               } {yes}{no}}
-  condition = ${lookup mysql{SELECT vm_mboxes.id FROM vm_domains, vm_mboxes WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_mboxes.filter = '2'}}
+  condition = ${lookup mysql{SELECT vm_mboxes.id FROM vm_domains, vm_mboxes WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_domains.status = '1' AND vm_mboxes.status > '0' AND vm_mboxes.filter = '2'}}
   transport = junk_delivery
 
 virtual_vacation:
@@ -835,7 +835,7 @@ virtual_vacation:
               { !match {$h_precedence:} {(?i)junk|bulk|list}} \
               { !eq {$received_protocol}{spam-scanned}} \
               { !eq {$sender_address} {}} \
-              { eq {${lookup mysql{SELECT vm_autoresponders.mode FROM vm_domains, vm_mboxes, vm_autoresponders WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_autoresponders.mbox_id = vm_mboxes.id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_autoresponders.status = '1'}{$value}fail}}{Vacation}} \
+              { eq {${lookup mysql{SELECT vm_autoresponders.mode FROM vm_domains, vm_mboxes, vm_autoresponders WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_autoresponders.mbox_id = vm_mboxes.id AND vm_domains.status = '1' AND vm_mboxes.status > '0' AND vm_autoresponders.status = '1'}{$value}fail}}{Vacation}} \
               } {yes} {no}}
   # add options for start & end date fields
   no_expn
@@ -861,7 +861,7 @@ virtual_autoresponder:
               { !match {$h_precedence:} {(?i)junk|bulk|list}} \
               { !eq {$received_protocol}{spam-scanned}} \
               { !eq {$sender_address} {}} \
-              { eq {${lookup mysql{SELECT vm_autoresponders.mode FROM vm_domains, vm_mboxes, vm_autoresponders WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_autoresponders.mbox_id = vm_mboxes.id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_autoresponders.status = '1'}{$value}fail}}{Autoresponder} } \
+              { eq {${lookup mysql{SELECT vm_autoresponders.mode FROM vm_domains, vm_mboxes, vm_autoresponders WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_autoresponders.mbox_id = vm_mboxes.id AND vm_domains.status = '1' AND vm_mboxes.status > '0' AND vm_autoresponders.status = '1'}{$value}fail}}{Autoresponder} } \
               } {yes} {no}}
   # add options for start & end date fields
   no_expn
@@ -882,7 +882,7 @@ virtual_forward_and_drop:
   condition = ${if !eq {$received_protocol}{spam-scanned}}
   local_part_suffix = +*
   local_part_suffix_optional = true
-  data = ${lookup mysql{SELECT vm_forwards.forward_to FROM vm_domains, vm_mboxes, vm_forwards WHERE vm_domains.domain='${domain}' AND vm_domains.id = vm_mboxes.domain_id AND vm_mboxes.mbox='${local_part}' AND vm_mboxes.id=vm_forwards.mbox_id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_forwards.save_local='0'}}
+  data = ${lookup mysql{SELECT vm_forwards.forward_to FROM vm_domains, vm_mboxes, vm_forwards WHERE vm_domains.domain='${domain}' AND vm_domains.id = vm_mboxes.domain_id AND vm_mboxes.mbox='${local_part}' AND vm_mboxes.id=vm_forwards.mbox_id AND vm_domains.status = '1' AND vm_mboxes.status > '0' AND vm_forwards.save_local='0'}}
 
 virtual_forward_and_keep:
   driver = redirect
@@ -890,7 +890,7 @@ virtual_forward_and_keep:
   condition = ${if !eq {$received_protocol}{spam-scanned}}
   local_part_suffix = +*
   local_part_suffix_optional = true
-  data = ${lookup mysql{SELECT CONCAT('${local_part}@${domain}\n', vm_forwards.forward_to) FROM vm_domains, vm_mboxes, vm_forwards WHERE vm_domains.domain='${domain}' AND vm_domains.id = vm_mboxes.domain_id AND vm_mboxes.mbox='${local_part}' AND vm_mboxes.id=vm_forwards.mbox_id AND vm_domains.status = '1' AND vm_mboxes.status = '1' AND vm_forwards.save_local='1'}}
+  data = ${lookup mysql{SELECT CONCAT('${local_part}@${domain}\n', vm_forwards.forward_to) FROM vm_domains, vm_mboxes, vm_forwards WHERE vm_domains.domain='${domain}' AND vm_domains.id = vm_mboxes.domain_id AND vm_mboxes.mbox='${local_part}' AND vm_mboxes.id=vm_forwards.mbox_id AND vm_domains.status = '1' AND vm_mboxes.status > '0' AND vm_forwards.save_local='1'}}
 
 spamcheck_router:
   driver = accept
@@ -903,7 +903,7 @@ spamcheck_router:
               { < {$message_size}{512k}} \
               { !eq {$header_X-Junk-Flag:}{YES}} \
               { !eq {$header_X-Whitelist-Flag:}{YES}} \
-              { eq {${lookup mysql{SELECT vm_mboxes.status FROM vm_domains, vm_mboxes WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_domains.status = '1' AND vm_mboxes.status = '1'}{$value}fail}}{1} } \
+              { gt {${lookup mysql{SELECT vm_mboxes.status FROM vm_domains, vm_mboxes WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_domains.status = '1'}{$value}fail}}{0} } \
               } {yes} {no}}
   # Check for other headers too? Blacklist, SPF, DKIM failers go directly to Spam folder without spam scan??? - actually they should go to spam folder before this router is hit?
   headers_remove = X-Spam-Checker-Version:X-Spam-Flag:X-Spam-Level:X-Spam-Status:X-Spam-Score:X-Spam-Report
@@ -914,7 +914,7 @@ user_filter:
   domains = +local_domains
   local_part_suffix = +*
   local_part_suffix_optional = true
-  data = ${lookup mysql{SELECT vm_filters.filter FROM vm_domains, vm_mboxes, vm_filters WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_mboxes.id = vm_filters.mbox_id AND vm_domains.status = '1' AND vm_mboxes.status = '1' }}
+  data = ${lookup mysql{SELECT vm_filters.filter FROM vm_domains, vm_mboxes, vm_filters WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_mboxes.id = vm_filters.mbox_id AND vm_domains.status = '1' AND vm_mboxes.status > '0' }}
   user = vmail
   no_verify
   no_expn
@@ -931,7 +931,7 @@ lmtp_localuser:
   domains = +local_domains
   local_part_suffix = +*
   local_part_suffix_optional = true
-  condition = ${lookup mysql{SELECT vm_mboxes.id FROM vm_domains, vm_mboxes WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_domains.status = '1' AND vm_mboxes.status = '1'}}
+  condition = ${lookup mysql{SELECT vm_mboxes.id FROM vm_domains, vm_mboxes WHERE vm_domains.domain='${domain}' AND vm_mboxes.mbox='${local_part}' AND vm_domains.id = vm_mboxes.domain_id AND vm_domains.status = '1' AND vm_mboxes.status > '0'}}
   # add checks to query for domain & mbox being active
   transport = dovecot_lmtp
   cannot_route_message = Unknown user
@@ -941,7 +941,7 @@ virtual_alias_catchall:
   driver = redirect
   domains = +local_domains
   condition = ${if !eq {$received_protocol}{spam-scanned}}
-  data = ${lookup mysql{SELECT CONCAT(vm_mboxes.mbox,'@${domain}') FROM vm_aliases, vm_mboxes, vm_domains WHERE vm_aliases.alias='catchall' AND vm_aliases.mbox_id = vm_mboxes.id AND vm_mboxes.domain_id = vm_domains.id AND vm_domains.domain='${domain}' AND vm_domains.status='1' AND vm_mboxes.status='1'}}
+  data = ${lookup mysql{SELECT CONCAT(vm_mboxes.mbox,'@${domain}') FROM vm_aliases, vm_mboxes, vm_domains WHERE vm_aliases.alias='catchall' AND vm_aliases.mbox_id = vm_mboxes.id AND vm_mboxes.domain_id = vm_domains.id AND vm_domains.domain='${domain}' AND vm_domains.status = '1' AND vm_mboxes.status > '0'}}
 
 # This router handles aliasing using a linearly searched alias file with the
 # name SYSTEM_ALIASES_FILE. When this configuration is installed automatically,