VqAdmin

December 6, 2024 by Roberto Puzzanghera 37 comments

vqadmin is a web based control panel that allows system administrators to perform actions which require root access — for example, adding and deleting domains.

As you can see, VqAdmin has a new version with a new skin, all my patches (with ALI's patch included) and a lot of work in polishing the code. I also solved all autotools and gcc compilation warnings and changed a couple of things in order to rebuild the HTML theme (have a look at the changelog for more details). As always, your contributions in the comments are welcome.

PS: the apache side has some modification as well.

Have fun!

Changelog

  • Dec 06, 2024
    - added a patch to highlight users with restrictions and with admin privileges (PR #1, thanks Bai Borko)
    - added control files notlshosts_auto and tlsserverciphers
  • Oct 19, 2024 (version 2.4.2)
    - Minor fix to view_domain.html
    - Minor fix to the html of list all domains
    - aclocal fix
  • Jul 26, 2024 (version 2.4.1)
    - Fixed configure break. Trivial C test program breaks on gcc-14.1 due to missing headers (commit)
  • Mar 5, 2024
    - version 2.4.0 marked as stable
  • Jan 19, 2024
    - version 2.4.0-beta.2
     * fixed a buffer overflow in domain.c (tx Bai Borko)
     * solved -Wstringop-truncation warnings in domain.c and lang.c
  • Dec 21, 2023
    - 2.4.0-beta released
    - new skin
    - vqadmin moved to github
  • Jul 18, 2023
    patch updated
    - Italian translation file html/it updated, following the patch by Ali Erturk TURKER
    - the vqadmin source directory has been cleaned of unnececessary files
  • Feb 18, 2023
    Added Ali Erturk TURKER's patch to my combo. Original patch here

Install

VQ_VERSION=2.4.2
cd /usr/local/src
wget https://github.com/sagredo-dev/vqadmin/archive/refs/tags/v${VQ_VERSION}.tar.gz
tar xzf v${VQ_VERSION}.tar.gz
cd vqadmin-${VQ_VERSION}
chown -R root:root .

QMAILROOT=/var/www/qmail
./configure \
        --enable-qmaildir=${QMAILROOT} \
        --enable-cgibindir=${QMAILROOT}/cgi-bin
make
make install-strip

VqAdmin will be installed in /var/www/qmail/cgi-bin/vqadmin. Eventually adjust it to your apache directory.

Setting up Apache

vQadmin will require it's own CGI-allowed, access-protected, directory to operate. Inside the virtual host you have to put

<Directory ${QMAILROOT}/cgi-bin/vqadmin>
    Require all denied 
    Options ExecCGI
    AllowOverride AuthConfig
</Directory>
Alias /assets/ ${QMAILROOT}/cgi-bin/vqadmin/assets/ 
<Directory ${QMAILROOT}/cgi-bin/vqadmin/assets> 
    Require all granted 
</Directory>

And since if you install vqadmin in something else than /cgi-bin it will not work because it’s hardcoded you have to define /cgi-bin as a ScriptAlias

ScriptAlias /cgi-bin/ ${QMAILROOT}/cgi-bin/

This is my virtual host, in which I have both vQadmin and qmailadmin.

Define QMAILROOT /var/www/qmail
Define LOGDIR    /var/log/apache2

<VirtualHost *:443>
#       Include /path/to/sslstuff.conf
        ServerName yourdomain.net
        DocumentRoot ${QMAILROOT}
        ScriptAlias /cgi-bin/ ${QMAILROOT}/cgi-bin/
        AddHandler cgi-script .cgi .pl
        ErrorLog  ${LOGDIR}/qmailadmin_error_log
        CustomLog ${LOGDIR}/qmailadmin_access_log common
        <Directory ${QMAILROOT}>
            AllowOverride None
            Require all granted
        </Directory>
        <Directory ${QMAILROOT}/cgi-bin>
            AllowOverride None
            Options ExecCGI
            Require all granted
        </Directory>

        # VQADMIN 
        <Directory ${QMAILROOT}/cgi-bin/vqadmin> 
            Require all denied 
            Options ExecCGI 
            AllowOverride AuthConfig 
        </Directory> 
        Alias /assets/ ${QMAILROOT}/cgi-bin/vqadmin/assets/ 
        <Directory ${QMAILROOT}/cgi-bin/vqadmin/assets> 
            Require all granted 
        </Directory>
</VirtualHost>

Note that there are both qmailadmin and vqadmin on the same host

Setting up the access authorization

You can see that in the directory where vQadmin was installed there is an .htaccess file:

# cd /var/www/qmail/cgi-bin/vqadmin

# ls -la
total 148
drwxr-xr-x 4 vpopmail vchkpw   4096 2010-07-26 21:53 ./
drwxr-xr-x 3 root     apache   4096 2010-07-26 21:43 ../
-rw-r--r-- 1 nobody   apache    112 2009-08-04 17:32 .htaccess
drwxr-xr-x 2 vpopmail vchkpw   4096 2009-08-17 11:26 html/
-rw-r--r-- 1 vpopmail vchkpw    865 2009-08-17 15:03 vqadmin.acl
-rwsr-sr-x 1 root     root   122592 2010-07-26 21:53 vqadmin.cgi*

# more .htaccess
AuthType Basic
AuthUserFile /etc/httpd/httpdpwd/vqadmin.passwd
AuthName "Authentication required"
Require valid-user

/etc/httpd/httpdpwd/vqadmin.passwd is the file where you have to store the account that is going to have access to vQadmin dir via httpd. Create an user:

# mkdir -p /etc/httpd/httpdpwd
# chown apache:apache /etc/httpd/httpdpwd
# htpasswd -bc /etc/httpd/httpdpwd/vqadmin.passwd admin [password]
# chmod o-r /etc/httpd/httpdpwd/vqadmin.passwd

# more /etc/httpd/httpdpwd/vqadmin.passwd
admin:xxxxxxxxxxxxxx

That's it. Open the browser and look for https://yourdomain.net/cgi-bin/vqadmin/vqadmin.cgi

Comments

vQadmin new feature

Hello Roberto,

In my organization, there are many people with mail boxes in qmail.
Our practice when someone leaves the company is to disable their email account without deleting it.
For qmail, there isn't a good tool that shows which users have restrictions imposed on them. At least I couldn't find one
I created this small patch for vqadmin-2.4.2 that does exactly that.
In the user list, I added an additional column called "Restrictions," which indicates whether a user has restrictions or not.
If a user has restrictions, I highlight the entire row in red.
All users with administrative accounts are highlighted in green.
If somebody consider this for useful can use it.

Here is the patch:

diff -ruN vqadmin-2.4.2/assets/style.css vqadmin-2.4.2-mod/assets/style.css
--- vqadmin-2.4.2/assets/style.css 2024-10-19 13:56:02.000000000 +0300
+++ vqadmin-2.4.2-mod/assets/style.css 2024-12-04 19:43:44.270895802 +0200
@@ -28,3 +28,19 @@
font-size: 0.8rem;
padding: .40rem;
}
+
+.trgreen > td {
+ background-color: #80FF00;
+ line-height: 140%;
+ font-weight: bold;
+}
+
+.trred > td {
+ background-color: #ff3333;
+ line-height: 140%;
+ font-weight: bold;
+}
+
+tr.trred a {
+ color: #fff933;
+}
diff -ruN vqadmin-2.4.2/user.c vqadmin-2.4.2-mod/user.c
--- vqadmin-2.4.2/user.c 2024-10-19 13:56:02.000000000 +0300
+++ vqadmin-2.4.2-mod/user.c 2024-12-04 19:28:49.599055970 +0200
@@ -358,16 +358,22 @@
printf("Forward\n");
printf("Vacation\n");
printf("Quota\n");
- printf("Domain Administrator\n");
- printf("Last Logon\n");
- printf("\n");
+ printf("Admin\n");
+ printf("Last Logon\n");
+ printf("Restrictions\n\n");
+ printf("\n\n");}

count = 0;
while(vpw != NULL && count < 128000 ){
++count;

- printf("");
+ if (vpw->pw_gid == 0) {
+ printf("");
+ }else if (vpw->pw_gid == 4096) {
+ printf("");
+ }else printf("");
+
printf("", vpw->pw_name, domain);
printf("%s\n", vpw->pw_name);
#ifdef CLEAR_PASS
@@ -422,11 +428,15 @@
#ifdef ENABLE_AUTH_LOGGING
mytime = vget_lastauth(vpw, domain);
- if ( mytime == 0 ) printf("NEVER LOGGED IN\n");
- else printf("%s\n", asctime(localtime(&mytime)));
+ if ( mytime == 0 ) printf("NEVER LOGGED IN\n");
+ else printf("%s\n", asctime(localtime(&mytime)));
#else
printf("* auth logging not enabled *\n");
#endif
+
+ if (vpw->pw_gid != 0 && vpw->pw_gid != 4096) {
+ printf("Yes\n\n");
+ } else printf("No\n\n");
vpw = vauth_getall(domain,0,0);
}

Reply |

vQadmin new feature

added to v 2.4.3

Reply |

vQadmin new feature

Thank you.  I'll check it out 

Reply |

Small bug in v2.4.0

Hi Roberto,

there is a small bug in the new vqadmin v2.4.0.
when i try to list domains

List Domains -> Click on the domain
or
View Domain -> Search

Receive 500 Internal Server Error

this is from apache error log :
[cgi:error] AH01215: *** buffer overflow detected ***: terminated: /var/www/html/qmail/cgi-bin/vqadmin/vqadmin.cgi

I fixed this in this way:

VQ_VERSION=2.4.0
cd /usr/local/src
wget https://github.com/sagredo-dev/vqadmin/archive/refs/tags/v${VQ_VERSION=}.tar.gz
tar xzf v${VQ_VERSION}.tar.gz

cat <>vqadmin-2.4.0.patch
--- vqadmin-2.4.0/domain.c 2023-12-22 21:05:12.000000000 +0200
+++ vqadmin-2.4.0_mod/domain.c 2024-01-18 14:31:08.825379072 +0200
@@ -519,16 +519,16 @@
global_par("DN", domain);
global_par("DD", Dir);

- snprintf(cuid, sizeof(cuid)+1, "%lu", (long unsigned)uid);
+ sprintf(cuid,"%lu", (long unsigned)uid);
global_par("DU", cuid);

- snprintf(cgid, sizeof(cgid)+1, "%lu", (long unsigned)gid);
+ sprintf(cgid,"%lu", (long unsigned)gid);
global_par("DG", cgid);

open_big_dir(domain, uid, gid);
close_big_dir(domain,uid,gid);

- snprintf(cusers, sizeof(cusers)+1, "%lu", (long unsigned)vdir.cur_users);
+ sprintf(cusers,"%lu", (long unsigned)vdir.cur_users);
global_par("DS", cusers);

vpw = vauth_getpw("postmaster", domain);
EOF

cd vqadmin-${VQ_VERSION}
patch -p1 < ../vqadmin-2.4.0.patch
chown -R root:root .

QMAILROOT=/var/www/qmail
./configure \
--enable-qmaildir=${QMAILROOT} \
--enable-cgibindir=${QMAILROOT}/cgi-bin
make
make install-strip

Reply |

Small bug in v2.4.0

Hi Bai, I see the issue in the code, even though I compile with no errors here. It is a buffer overflow of the original code (I didn't touch those lines).

If I apply your changes I get warnings like this that I would like to avoid

domain.c: In function ‘post_domain_info’: 
domain.c:522:21: warning: ‘sprintf’ may write a terminating nul past the end of the destination [-Wformat-overflow=]
 522 |   sprintf(cuid, "%lu", (long unsigned)uid);
     |                     ^
domain.c:522:3: note: ‘sprintf’ output between 2 and 11 bytes into a destination of size 10
 522 |   sprintf(cuid, "%lu", (long unsigned)uid);
     |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I just modified by creating room in cuid[11] (was cuid[10]) so that we don't need to declare a size bigger than the buffer here

snprintf(cuid, sizeof(cuid), "%lu", (long unsigned)uid);

the same for cgid and cusers.
Can you download the main tree and check if now it compiles cleanly for you?

Or better you can patch like this https://github.com/sagredo-dev/vqadmin/commit/602ff5e8b56cfa9733f2f4bfed97d4764247a1ba

Reply |

Small bug in v2.4.0

Hi Roberto,

Your patch also is working good. Seems it is better than mine because of lack of warnings when compile.
Thank you for your work , now this tool VqAdmin looks and works much better!

Reply |

Small bug in v2.4.0

Thank you. I'll check it out

Btw, why are you patching vqadmin? Now you have to download it from github

Reply |

Bugfixes, adds mysql-limits support to vqadmin, various UI improvements.

Hi Roberto,

If you are using vpopmail with mysql backend and enabled mysql limits option (--enable-mysql-limits), vqadmin is pretty much useless, because it is not aware of this this option. It creates ".qmailadmin-limits" in the domain folder, but vpopmail does not care at all (due to --enable-mysql-limits).

- That annoyed me a little bit, so I fixed it. Now vqadmin is aware of mysql-limits, and updates the database as necessary.

- I also fixed a core-dump due to SIGILL caused by memcpy. I changed it to memmove, as suggested on this link:

The memcpy() function shall copy the first n bytes pointed to by src to the buffer pointed to by dest.
Source and destination may not overlap. If source and destination might overlap, memmove() must be used instead.

- I added missing limits and permissions, changed the UI to be more user-friendly.

The patch is here. It can be applied cleanly on your "vqadmin-2.3.7_20200226.patch".

Feel free to share it on your website.

Reply |

Bugfixes, adds mysql-limits support to vqadmin, various UI improvements.

Ali, I had to include <stdint.h> to avoid a compilation break:

In file included from vqadmin.c:25: 
global.h:151:9: error: unknown type name ‘uint64_t’
151 | typedef uint64_t storage_t;

Reply |

Bugfixes, adds mysql-limits support to vqadmin, various UI improvements.

Hi Roberto

Thanks a lot for having a look at the patch.

The vqadmin UI looks archaic, but it gets the job done anyway. We can replace it altogether with a fancy UI in the future, but for the time being I would like to dig deeper into vpopmail. I feel like there is a lot of room for improvement there. We may add sqlite or firebird support to vpopmail. Or we can enhance the existing functionality.

Anyway, thanks again for this wonderful website. It is the most complete qmail related site I've seen so far.

Reply |

Bugfixes, adds mysql-limits support to vqadmin, various UI improvements.

Concerning vpopmail, have you had a look to this fork? They have already added sqlite support and many other third parties patches (mine included) and improved a lot the program. I would like to use that version of vpopmail once they create a tag

Reply |

Bugfixes, adds mysql-limits support to vqadmin, various UI improvements.

Hi Roberto,

I wasn't aware of the vpopmail fork. I just checked their repo and they are on the right track.

Vpopmail is really a well-designed software, which we should all appreciate and not allow it to rot.

That was my main motivation to restore the abondoned vpopmail authentication support in dovecot, and I will try to contribute the new vpopmail fork as much as I can.

Reply |

Bugfixes, adds mysql-limits support to vqadmin, various UI improvements.

Great! Thanks a lot. I abandoned vqadmin years ago just when I switched everything to mysql, but now I'll give a chance again to it.

I'll certainly add this patch to my one. I'm also looking at your fixes to vpopmail.

Reply |

Unknown Authz provider: valid-user

Hi Mr Roberto,

i got this error message in my apache error.log file:

[Wed Sep 09 12:37:51.904875 2020]  /var/www/qmail/cgi-bin/vqadmin/.htaccess: Unknown Authz provider: valid-user

which area i need to look into?

thank you

Reply |

Unknown Authz provider: valid-user

did you enable mod_authz_user in your apache? look here https://serverfault.com/questions/737784/phpmyadmin-on-apache2-reload-unknown-authz-provider-valid-user-error

PS Can you take a look at the previous thread here?

Reply |

Unknown Authz provider: valid-user

Hi Mr Roberto,

thanks for the advise, it works now.

Reply |

vQadmin Patch Error

Hi Roberto

The following error occurred when apply the patch:

Hunk #1 FAILED at 32 (different line endings).
1 out of 1 hunk FAILED -- saving rejects to file html/mod_user.html.rej

It is found that files in source directory //html/ contain CTRL-M (^M) characters at the end of lines that lead to error when apply the patch.
You can run the command as underneath in that directory to remove the CTRL-M characters:

sed -i -e "s/\r//" //html/*

Afterthat, the patch can apply successfully without error.

Reply |

vQadmin Patch Error

Thank you, Tony. Corrected.

Reply |

patching vQadmin

Hello Roberto

When I try to apply vQadmin patch, I got an error:

cd vqadmin-2.3.7
vqadmin-2.3.7]# chown -R root.root .
patch -p1 < ../vqadmin-2.3.7_20150829.patch
patching file Makefile.in
patching file config.guess
patching file config.sub
patching file domain.c
patching file html/mod_user.html
Hunk #1 FAILED at 12 (different line endings).
1 out of 1 hunk FAILED -- saving rejects to file html/mod_user.html.rej
patching file lang.c
patching file user.c

Could you help me ?

- varanda

Reply |

patching vQadmin

This new patch should be fine now...

Reply |

patching vQadmin

Hello again,

The problem changed:

patching file Makefile.in
patching file config.guess
patching file config.sub
patching file domain.c
patching file html/mod_user.html
Hunk #1 FAILED at 32 (different line endings).
1 out of 1 hunk FAILED -- saving rejects to file html/mod_user.html.rej
patching file lang.c
patching file user.c

Take your time

;-)

- varanda

Reply |

patching vQadmin

try to download the source again and patch please, because I cleaned that file and uploaded it

Reply |

patching vQadmin

Hi, there is a problem in my patch.

I'll fix it as soon as I can. In the meantime you can try to modify the file mod_user.html according to the html/mod_user.html.rej diff file, or compile as is, but the program will show the users' clear pwd.

Be aware that this program seems not work fine anymore. I don't remember what broke it at a certain point (perhaps it was the vpopmail upgrade to v. 5.4.33)

Reply |

Use apache 2.4 with vqadmin

Be aware when using apache 2.4 with vqadmin will give the error "Authentication Failed Username unknown"

change your .htccess to

AuthType Basic
AuthBasicProvider file
AuthUserFile /var/www/cgi-bin/vqadmin/vqadmin.passwd
AuthName vQadmin
require valid-user

and the apache config to

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
        AddHandler cgi-script .cgi .pl
        <Directory "/var/www/cgi-bin/vqadmin">
            Options ExecCGI
            AllowOverride All
            Require all denied
       
        Alias /images/ "/var/www/cgi-bin/vqadmin/images/"
       
            Require all granted

Reply |

Use apache 2.4 with vqadmin

Thank you. It's working again now.

Actually it was sufficient ro remove

satisfy any

from .htaccess. Infact AuthBasicProvider defaults to file while the AddHandler option is already inside the httpd.conf

Reply |

vQadmin

vQadmin cgi and virtual host file are not seen in browser - color ? - only seen when marked text

before adding password - /usr/local/etc/httpdpwd dir does not exists - must be created and chown apache.apache

Reply |

vQadmin

> vQadmin cgi and virtual host file are not seen in browser - color ? - only seen when marked text

Thank you. This is another issue caused by the migration from the old drupal CMS

> before adding password - /usr/local/etc/httpdpwd dir does not exists - must be created and chown apache.apache

ok, I'm going to correct it

Reply |

I followed your

I followed your instructions,everything goes well,but when I access from web broswer by http://www.domain.com/cgi-bin/vqadmin/vqadmin.cgi

I get the following errors:

vQadmin was unable to determine your username, which means your webserver is improperly configured to run with this CGI. For security reasons, this script will not run without Apache htaccess lists.

Can you help me to solve this problem,many thanks.

Reply |

supposing that you actually

supposing that you actually have apache configured in this way

Options ExecCGI
AllowOverride AuthConfig

did you modified, for some reason, the .acl and .htaccess files under the vqadmin dir?

Reply |

in my vhosts.conf file

in my vhosts.conf file,I added the following code,just copied from your instructions:

       # VQADMIN
        <Directory "/www/htdocs/qmail/cgi-bin/vqadmin">
            deny from all
            Options ExecCGI
            AllowOverride AuthConfig
            Order deny,allow 
        </Directory>

        Alias /images/ "/www/htdocs/qmail/cgi-bin/vqadmin/images/"
        <Directory /www/htdocs/qmail/cgi-bin/vqadmin/images>
            Order allow,deny
            Allow from all
        </Directory>

my .htacces in /www/htdocs/qmail/cgi-bin/vqadmin:

AuthType Basic
AuthUserFile /usr/local/etc/httpdpwd/vqadmin.passwd
AuthName "Authentication required"
require valid-user
satisfy any

Reply |

what about the .acl file? I

what about the .acl file? I would try to restore it as the original. Double check  /usr/local/etc/httpdpwd/vqadmin.passwd as well

Reply |

i used the default

i used the default vqadmin.acl,and didn't edit it ,just the original file:

#

# Default group contains permissions for all users
# not listed under any groups
#
# If the default group is not defined, users not
# listed under any other groups will have no
# permissions.
#
# Examples follow...
#

default - ...

#
# Access permissions:
#M Modify user information

# U Modify domain information
# C Create user
# A Create domain
# D Delete user
# X Delete domain
#
# These features will still appear in the HTML templates
# if the user doesn't have access to them, however, they will
# get a permission denied error if they try to make use of
# them.
#

tech VI tech1user
admin VIMUDCA admin1user

#
# An asterisk in the features field specifies that you
# want all users in this group to have access to
# all features.
#

senior * admin

Reply |

your vqadmin seems ok, but

your vqadmin seems ok, but deeper investigation is needed also in your apache. Let me know if you solve

Reply |

I have not solve this

I have not solve this problem,but there's another more important problem.When I enable CHKUSER by:

# This enables chkuser
export CHKUSER_START=ALWAYS

I can just send email,but I can't receive email,and if diabled it ,everthing is ok,I don't know why?

Reply |

It's not easy to troubleshoot

It's not easy to troubleshoot without details, but If you are strictly following my guide feel free to contact me in private; in that case post your tcp.smtp and run files

Reply |

The "Invalid language file" problem

Hi,

Is it possible to use the "ln" command instead of "cp -p"?

I am worried about maintenance when upgrading vqadmin.

Thanks,

Reply |

I think that's even better

I think that's even better

Reply |

Recent comments
Recent posts

RSS feeds