vQadmin

vqadmin is a web based control panel that allows system administrators to perform actions which require root access — for example, adding and deleting domains.

Install

The patch we are going to apply is addressed to solve several issues. You can get some of these individual patches in this folder. More info are inside the patch file itself.

cd /usr/local/src
wget http://notes.sagredo.eu/sites/notes.sagredo.eu/files/qmail/tar/vqadmin-2.3.7.tar.gz
wget http://notes.sagredo.eu/sites/notes.sagredo.eu/files/qmail/patches/vqadmin/vqadmin-2.3.7_20150829.patch
tar xzf vqadmin-2.3.7.tar.gz
cd vqadmin-2.3.7
chown -R root.root .
patch -p1 < ../vqadmin-2.3.7_20150829.patch
./configure \
        --enable-qmaildir=/var/qmail \
        --enable-cgibindir=/usr/local/www/htdocs/qmail/cgi-bin
make
make install-strip

vQadmin will be installed in /usr/local/www/htdocs/qmail/cgi-bin/vqadmin. Eventually adjust it to your apache htdocs directory

Setting up Apache

vQadmin will require it's own CGI-allowed, access-protected, directory to operate. Inside the virtual host you have to put

<Directory "/usr/local/www/htdocs/qmail/cgi-bin/vqadmin">
    deny from all
    Options ExecCGI
    AllowOverride AuthConfig
    Order deny,allow
</Directory>

And since if you install vqamin in something else than /cgi-bin it will not work because it’s hardcoded you have to define /cgi-bin as a ScriptAlias

ScriptAlias /cgi-bin/ "/usr/local/www/htdocs/qmail/cgi-bin/"

This is my virtual host, in which I have both vQadmin and qmailadmin. I will explain the alias /image later.

<VirtualHost *:443>
        ServerName yourdomain.net
        DocumentRoot /usr/local/www/htdocs/qmail
        ScriptAlias /cgi-bin/ "/usr/local/www/htdocs/qmail/cgi-bin/"
        ErrorLog  "/usr/local/www/logs/qmailadmin_error_log"
        CustomLog "/usr/local/www/logs/qmailadmin_access_log" common
        <Directory "/usr/local/www/htdocs/qmail">
            AllowOverride None
            Order allow,deny
            Allow from all
        </Directory>
        <Directory "/usr/local/www/htdocs/qmail/cgi-bin">
            AllowOverride None
            Options ExecCGI
            Order allow,deny
            Allow from all 
        </Directory>

        # QMAILADMIN
        Alias /qmailadmin_img/ "/usr/local/www/htdocs/qmail/qmailadmin/qmailadmin_img/"
        <Directory "/usr/local/www/htdocs/qmail/qmailadmin/qmailadmin_img">
            Order allow,deny
            Allow from all
        </Directory>

        # VQADMIN
        <Directory "/usr/local/www/htdocs/qmail/cgi-bin/vqadmin">
            deny from all
            Options ExecCGI
            AllowOverride AuthConfig
            Order deny,allow 
        </Directory>
        Alias /images/ "/usr/local/www/htdocs/qmail/cgi-bin/vqadmin/images/"
        <Directory /usr/local/www/htdocs/qmail/cgi-bin/vqadmin/images>
            Order allow,deny
            Allow from all
        </Directory>
</VirtualHost>

Note that there are both qmailadmin and vqadmin on the same host

Setting up the access authorization

You can see that in the directory where vQadmin was installed there is an .htaccess file:

# cd /usr/local/www/htdocs/qmail/cgi-bin/vqadmin

# ls -la
total 148
drwxr-xr-x 4 vpopmail vchkpw   4096 2010-07-26 21:53 ./
drwxr-xr-x 3 root     apache   4096 2010-07-26 21:43 ../
-rw-r--r-- 1 nobody   apache    112 2009-08-04 17:32 .htaccess
drwxr-xr-x 2 vpopmail vchkpw   4096 2009-08-17 11:26 html/
-rw-r--r-- 1 vpopmail vchkpw    865 2009-08-17 15:03 vqadmin.acl
-rwsr-sr-x 1 root     root   122592 2010-07-26 21:53 vqadmin.cgi*

# more .htaccess
AuthType Basic
AuthUserFile /usr/local/etc/httpdpwd/vqadmin.passwd
AuthName "Authentication required"
require valid-user
satisfy any

/usr/local/etc/httpdpwd/vqadmin.passwd is the file where you have to store the account that is going to have access to vQadmin dir via httpd. Create an user:

# /usr/local/apache/bin/htpasswd -bc /usr/local/etc/httpdpwd/vqadmin.passwd admin [password]

# more /usr/local/etc/httpdpwd/vqadmin.passwd
admin:xxxxxxxxxxxxxx

That's it. Open the browser and look for https://yourdomain.net/cgi-bin/vqadmin/vqadmin.cgi

The "Invalid language file" problem

The patch we applyed should have fixed this language file issue.

On some browsers you can face an "Invalid language file" error message. This is because vqadmin looks for a language folder based on the browser language setting. For example, the vqadmin's italian language file is it, but the browser's language setting is it-it. To solve this issue locate the /vqadmin/html folder and create a symbolic link as follows:

cd /usr/local/www/htdocs/qmail/cgi-bin/vqadmin/html
ln -s it it-it

Comments

Hi,

Is it possible to use the "ln" command instead of "cp -p"?

I am worried about maintenance when upgrading vqadmin.

 

Thanks,

I think that's even better

I followed your instructions,everything goes well,but when I access from web broswer by http://www.domain.com/cgi-bin/vqadmin/vqadmin.cgi

I get the following errors:


vQadmin was unable to determine your username, which means your webserver is improperly configured to run with this CGI. For security reasons, this script will not run without Apache htaccess lists.
 

Can you help me to solve this problem,many thanks.

supposing that you actually have apache configured in this way

Options ExecCGI
AllowOverride AuthConfig

did you modified, for some reason, the .acl and .htaccess files under the vqadmin dir?

in my vhosts.conf file,I added the following code,just copied from your instructions:

       # VQADMIN
        <Directory "/www/htdocs/qmail/cgi-bin/vqadmin">
            deny from all
            Options ExecCGI
            AllowOverride AuthConfig
            Order deny,allow 
        </Directory>

        Alias /images/ "/www/htdocs/qmail/cgi-bin/vqadmin/images/"
        <Directory /www/htdocs/qmail/cgi-bin/vqadmin/images>
            Order allow,deny
            Allow from all
        </Directory>

my .htacces in /www/htdocs/qmail/cgi-bin/vqadmin:

AuthType Basic
AuthUserFile /usr/local/etc/httpdpwd/vqadmin.passwd
AuthName "Authentication required"
require valid-user
satisfy any

what about the .acl file? I would try to restore it as the original. Double check  /usr/local/etc/httpdpwd/vqadmin.passwd as well

i used the default vqadmin.acl,and didn't edit it ,just the original file:

#

# Default group contains permissions for all users
# not listed under any groups
#
# If the default group is not defined, users not
# listed under any other groups will have no
# permissions.
#
# Examples follow...
#

default - ...

#
# Access permissions:
#M Modify user information

# U Modify domain information
# C Create user
# A Create domain
# D Delete user
# X Delete domain
#
# These features will still appear in the HTML templates
# if the user doesn't have access to them, however, they will
# get a permission denied error if they try to make use of
# them.
#

tech VI tech1user
admin VIMUDCA admin1user

#
# An asterisk in the features field specifies that you
# want all users in this group to have access to
# all features.
#

senior * admin

your vqadmin seems ok, but deeper investigation is needed also in your apache. Let me know if you solve

I have not solve this problem,but there's another more important problem.When I enable CHKUSER by:

# This enables chkuser
export CHKUSER_START=ALWAYS

I can just send email,but I can't receive email,and if diabled it ,everthing is ok,I don't know why?

It's not easy to troubleshoot without details, but If you are strictly following my guide feel free to contact me in private; in that case post your tcp.smtp and run files