From 29a993e6fd4450bf394cdc71b9c54a63b37d401c Mon Sep 17 00:00:00 2001 From: Damien Martins Date: Fri, 17 Aug 2018 22:15:02 +0200 Subject: [PATCH] Better (aka safer) way to deal with authentication --- check_mailpass_expiration.sh | 15 +++++++-------- postfixadmin.my.cnf | 3 +++ 2 files changed, 10 insertions(+), 8 deletions(-) create mode 100644 postfixadmin.my.cnf diff --git a/check_mailpass_expiration.sh b/check_mailpass_expiration.sh index af200abc..359e27d3 100644 --- a/check_mailpass_expiration.sh +++ b/check_mailpass_expiration.sh @@ -2,8 +2,7 @@ #Adapt to your setup POSTFIX_DB="postfix_test" -POSTFIX_USER="postfixadmin" -POSTFIX_PASSWORD="my_password_is_strong" +MYSQL_CREDENTIALS_FILE="postfixadmin.my.cnf" #All the rest should be OK QUERY30DAYS="SELECT username,pw_expires_on FROM mailbox WHERE pw_expires_on > now() + interval 29 DAY AND pw_expires_on < now() + interval 30 day AND thirty = false;" @@ -11,21 +10,21 @@ QUERY14DAYS="SELECT username,pw_expires_on FROM mailbox WHERE pw_expires_on > no QUERY7DAYS="SELECT username,pw_expires_on FROM mailbox WHERE pw_expires_on > now() + interval 6 DAY AND pw_expires_on < now() + interval 7 day AND seven = false;" function notifyThirtyDays() { - mysql -B -u "$POSTFIX_USER" -p"$POSTFIX_PASSWORD" "$POSTFIX_DB" -e "$QUERY30DAYS" | while read -a RESULT; do + mysql -B --defaults-extra-file="$MYSQL_CREDENTIALS_FILE" "$POSTFIX_DB" -e "$QUERY30DAYS" | while read -a RESULT; do echo -e "Dear User, \n Your password will expire on ${RESULT[1]}" | mail -s "Password 30 days before expiration notication" -r noreply@eyetech.fr ${RESULT[0]} - echo "UPDATE mailbox SET thirty = true WHERE username = '${RESULT[0]}';" | mysql -u postfix postfix_test;done + echo "UPDATE mailbox SET thirty = true WHERE username = '${RESULT[0]}';" | mysql --defaults-extra-file="$MYSQL_CREDENTIALS_FILE" "$POSTFIX_DB" ; done } function notifyFourteenDays() { - mysql -B -u "$POSTFIX_USER" -p"$POSTFIX_PASSWORD" "$POSTFIX_DB" -e "$QUERY14DAYS" | while read -a RESULT; do + mysql -B --defaults-extra-file="$MYSQL_CREDENTIALS_FILE" "$POSTFIX_DB" -e "$QUERY14DAYS" | while read -a RESULT; do echo -e "Dear User, \n Your password will expire on ${RESULT[1]}" | mail -s "Password 14 days before expiration notication" -r noreply@eyetech.fr ${RESULT[0]} - echo "UPDATE mailbox SET fourteen = true WHERE username = '${RESULT[0]}';" | mysql -u postfix postfix_test;done + echo "UPDATE mailbox SET fourteen = true WHERE username = '${RESULT[0]}';" | mysql --defaults-extra-file="$MYSQL_CREDENTIALS_FILE" "$POSTFIX_DB" ; done } function notifySevenDays() { - mysql -B -u "$POSTFIX_USER" -p"$POSTFIX_PASSWORD" "$POSTFIX_DB" -e "$QUERY7DAYS" | while read -a RESULT; do + mysql -B --defaults-extra-file="$MYSQL_CREDENTIALS_FILE" "$POSTFIX_DB" -e "$QUERY7DAYS" | while read -a RESULT; do echo -e "Dear User, \n Your password will expire on ${RESULT[1]}" | mail -s "Password 7 days before expiraiton notication" -r noreply@eyetech.fr ${RESULT[0]} - echo "UPDATE mailbox SET seven = true WHERE username = '${RESULT[0]}';" | mysql -u postfix postfix_test;done + echo "UPDATE mailbox SET seven = true WHERE username = '${RESULT[0]}';" | mysql --defaults-extra-file="$MYSQL_CREDENTIALS_FILE" "$POSTFIX_DB" ; done } notifyThirtyDays # Execute the function for 30 day notices diff --git a/postfixadmin.my.cnf b/postfixadmin.my.cnf new file mode 100644 index 00000000..22d1c088 --- /dev/null +++ b/postfixadmin.my.cnf @@ -0,0 +1,3 @@ +[client] +user=postfix_read_write_account +password=strong_password