blax-software
/
docker-bastion
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
docker-bastion/examples/docker-mailserver/allowed-commands.list

40 lines
2.0 KiB
Plaintext
Raw Permalink Blame History

# ===========================================================================
# docker-mailserver broker allowlist
# ===========================================================================
# One extended-regex (ERE) rule per line. A client request is permitted only
# if it matches a rule WHOLE-LINE (anchored ^…$). Blank lines and lines
# starting with # are ignored. This file is re-read on every request, so
# edits take effect without restarting the bastion.
#
# COMMAND_PREFIX in the compose file prepends "docker exec -i mailserver
# setup", so the rules below describe only the `setup` sub-commands — clients
# send e.g. email add jane@example.com <password> and never see docker.
#
# Matched commands are word-split and run WITHOUT a shell, so ; | & $() are
# literal arguments, not operators. Values that must arrive intact cannot
# contain spaces — generate passwords from a space-free alphabet (hex /
# base64url) on the caller side.
#
# Argument classes use [^[:space:]] ("any non-space run") rather than .* so a
# rule can never match trailing junk. Tighten further to taste.
# ===========================================================================
# ---- email accounts -------------------------------------------------------
# add / update require an address and a password argument (no interactive
# prompt is possible over a non-TTY transport, so the password is mandatory).
email add [^[:space:]]+@[^[:space:]]+ [^[:space:]]+
email update [^[:space:]]+@[^[:space:]]+ [^[:space:]]+
email del [^[:space:]]+@[^[:space:]]+
email list
email restrict (add|del|list) (send|receive)( [^[:space:]]+@[^[:space:]]+)?
# ---- aliases --------------------------------------------------------------
alias add [^[:space:]]+@[^[:space:]]+ [^[:space:]]+
alias del [^[:space:]]+@[^[:space:]]+ [^[:space:]]+
alias list
# ---- quotas ---------------------------------------------------------------
# QUOTA is a size like 1G / 512M / 0 (0 = unlimited).
quota set [^[:space:]]+@[^[:space:]]+ [0-9]+[KMGT]?
quota del [^[:space:]]+@[^[:space:]]+
Reference in New Issue View Git Blame Copy Permalink