Installing and configuring VPopMail

March 23, 2025 by Roberto Puzzanghera 145 comments

• VPopMail version: 5.6.7
• github: sagredo-dev/vpopmail
• Download
• Changelog
• README.vdelivermail
• Inter7's original page

Vpopmail provides an easy way to manage virtual email domains and non /etc/passwd email accounts on your mail servers.

Changelog

• Mar 23, 2025 (v. 5.6.7)
  - bug fix in vpopmaild.c: Crypted[64] enlarged to Crypted[128] to make room for SHA-512 passwords. This restores the usability of the RoundCube's 'password' plugin (commit)
  - fixed quota calculation in sql procedures for dovecot (tx Hakan Cakiroglu) (commit)
  - minor changes to the usage function of vmakedotqmail.c (commit)
• Feb 15, 2025 (v. 5.6.6)
  - bug fix: pwstr.h was not installed by Makefile (tx Bai Borko)
• Feb 9, 2025 (v. 5.6.5)
  - added pwd strength check also for vadduser.c
  - removed -std=c99 -D_XOPEN_SOURCE=500 arguments from CFLAGS in configure.ac to make clang happy
  - several changes to compile on FreeBSD clang v. 18.1.6
• Dec 20, 2024 (v 5.6.4)
  - Password strength enforcement (PR #5, grabbed from Matt Brookings' 5.5.0-dev version)
  - Dropped min pwd length feature.
  - vmysql.h: tables' layout changed in order to have VARCHAR instead of CHAR. Fields containing ip addresses enlarged to VARCHAR(39), to create room for ipv6. Unix timestamps definition changed from BIGINT(20) to INT(11). (commit 44bad58) Have a look to the upgrade notes below.
• Oct 19, 2024 (v.5.6.3)
  - bug fixed: passwords with length > 8 were denied if sha-512 was disabled
• Oct 14, 2024 (v. 5.6.2)
  - fixed a configure break where a trivial C test program exits on error with gcc-14.1 due to missing headers
  - vusaged/domain.c: fixed -Wimplicit-function-declaration compilation warning
  - vmysql.h: dropped the multicolumn PRIMARY KEY in valias table to allow multiple forwards for a given alias.
     In case one already has the valias table defined, this is the sql query for the upgrade:
     ALTER TABLE `vpopmail`.`valias` DROP PRIMARY KEY, ADD INDEX (`alias`, `domain`, `valias_type`) USING BTREE;
     ALTER TABLE `vpopmail`.`valias` ADD `id` INT NOT NULL AUTO_INCREMENT FIRST, ADD PRIMARY KEY (`id`);
• Jun 7, 2024
  - the header files of libev are now installed in /usr/local/include/libev (was /usr/local/include) to avoid conflicts with libevent. vusaged configure command was adjusted accordingly.
• Dec 11, 2023
  - vpopmail-5.6.0 released (read the upgrading notes)
• Aug 27, 2023
  - new combined patch. More info here
  * The logic of the defaultdelivery patch/feature has been revised. If configured with --enable-defauldelivery vpopmail will save control/defauldelivery in the user's .qmail and vdelivermail LDA in the domain's .qmail-default file. This will achieve multiple benefits: you have qmail forwards and sieve together and valias available. The valias table schema was changed as well.

read more

Roundcube plugins

March 23, 2025 by Roberto Puzzanghera 74 comments

• Official repository: http://plugins.roundcube.net/

Changelog

• Mar 23, 2025
  - the password plugin's vpopmaild driver is working again, as vpopmaild has been patched on vpopmail side (v. 5.6.7 and onwards).

 

Installing Dovecot and sieve on a VpopMail + qmail server

March 15, 2025 by Roberto Puzzanghera 109 comments

Changelog

• Mar 15, 2025 (config version 2.4.0.1 diff) 
  - Added quota warnings feature. Improved quota configuration in 90-quota.conf (more info here)
  - Configured auth-master.conf.ext and auth-deny.conf.ext. To be included in local.conf
• Mar 9, 2025
  - fixed quota calculation in sql queries (tx Hakan Cakiroglu) (commit)
• Feb 22, 2025 (version 2025.02.25b)
  - Bug fix in 90-sieve.conf: global script to move spam into Junk now working
  - Bug fix in move-spam.sieve: it was erroneously matching "YES" in the header if "BAYES" was present (Feb 15, 2025 config version not affected, no need to recompile the sieve script)
• Feb 15, 2025
  - added support for vpopmail configured with --disable-many-domains
• Feb 8, 2025
  - dovecot_postlogin.sh: query changed in order to add new records as well (tx Bai Borko)
  - bug fix: pop3 service was executing imap instead of pop3 (tx Gabriel Torres)
• Jan 29, 2025
  - dovecot upgraded to v. 2.4.0. Old configuration files are not valid anymore and you have to install dovecot from scratch.
• Nov 15, 2024
  - added a postlogin script to update the vpopmail.lastauth SQL table on login (see 10-master.conf, thanks kengheng)
• Dec 29, 2023
  default_pass_scheme = SHA512-CRYPT (was MD5-CRYPT) in dovecot-sql.conf.ext, as vpopmail-5.6.x has now SHA512-CRYPT password by default

Setting up your firewall with Fail2Ban

March 14, 2025 by Roberto Puzzanghera 23 comments

• Version: 1.1.0
• More info here
• Howto (Wiki)
• Manual

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).

I will show shortly how to install and configure fail2ban to ban malicious IPs, especially those related to the qmail-dnsrbl patch. This will avoid to be banned ourselves by spamhaus, which is free up to 100.000 queries per day.

fail2ban requires that you have a firewall as nftables or iptables active.

Changelog

• Mar 14, 2025
  - dovecot filter updated for dovecot 2.4
• May 1, 2024
  - Fail2Ban upgraded to v. 1.1.0 (changelog)
  * This version drops the python2 support
  * new fail2ban-client stats command returns statistic in form of table (jail, backend, found and banned counts)
• Jul 15, 2023
  - the installation and the configuration has been revised in order to work on Debian, where python2 is missing (tx Gabriel Torres)
• Nov 20, 2022
  - switched all actions to nftables, as it has now replaced iptables and fail2ban has support for it. Just replace "iptables" with "nftables" in your jails.
• Nov 18, 2022
  - Fail2Ban upgraded to v. 1.0.2
  - jails now have a different action's declaration (iptables[type=multiport] instead of iptables-multiport[])
  - added a short note on how to configure the server with a network bridge

autorespond

March 12, 2025 by Roberto Puzzanghera 31 comments

• github repo
• Latest version: 2.0.9
• README 
• Changelog
• Original author: Inter7

autorespond is used for vacation messages. It's required by qmailadmin.

Changelog

• Mar 12, 2025
  - bug fix in memory allocation which caused a segfault when To: address has be used (tx Stephan for the hint)

read more

Roundcube webmail

March 9, 2025 by Roberto Puzzanghera 16 comments

• Info: https://roundcube.net
• Version: 1.6.10

Roundcube is a full featured webmail with a nice interface.

Changelog

• Mar 9, 2025
  added $config['quota_zero_as_unlimited'] = true; to show quota unlimited instead of unknown for accounts with unlimited quota
• Feb 9, 2025
  RC update to v. 1.6.10
• Gen 21, 2024
  RC upgraded to v. 1.6.6
  -new $config['imap_host'] variable
  -all my SMTP config options were stripped from my configuration file and I had to restore them
• Jan 3, 2021
  disabled the SMTP authentication when sending messages via RC. SMTP port changed to 25.

Read the release note at https://github.com/roundcube/roundcubemail/blob/master/CHANGELOG.md for more info.

Installing a Let's Encrypt certificate for your qmail, dovecot and apache servers

February 22, 2025 by Roberto Puzzanghera 28 comments

Changelog

• Feb 22, 2025
  - Let’s Encrypt have announced that they will end their free alerting service. Added a script to achieve the same internally.
• Aug 6, 2023
  - The certificates installation is now based on dehydrated. The previous documentation based on certbot will be left as is at the bottom of this page, but it won't be updated anymore.
• May 18, 2023
  - added the option --key-type rsa to the certbot command, to avoid that certbot will silently default to ECDSA the private key format, which results not understandable by my openssl-1.1. In this way the format of the private key will be RSA. More info here.

AWStats

February 13, 2025 by Roberto Puzzanghera 0 comments

A big thanks to Bai Borko for providing the instructions from which I derived the following and for the perl script.

AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages. It uses a partial information file to be able to process large log files, often and quickly. It can analyze log files from all major server tools like Apache log files (NCSA combined/XLF/ELF log format or common/CLF log format), WebStar, IIS (W3C log format) and a lot of other web, proxy, wap, streaming servers, mail servers and some ftp servers.