Roundcube webmail
October 21, 2021 Roberto Puzzanghera 7 comments
- Info: http://roundcube.net
- Version: 1.5.0
- Requires: php>=5.5
Roundcube is a full featured webmail with a nice interface.
Changelog
- Oct 21, 2021
RC upgraded to v. 1.5.0 - Gen 3, 2021
disabled the SMTP authentication when sending messages via RC. SMTP port changed to 25.
Migrating to the last version
The following "migration" notes didn't work fine this time, when upgrading to v. 1.5.0 from v. 1.4.11. When running the installto.sh script I got a couple of error concerning the database schema:
ERROR: Error in DDL upgrade 2020020101: [1091] Can't DROP 'user_id_fk_cache_index'; check that column/key exists
This was very annoying. I cured it manually installing all the database foreign keys. Look at this page for more info. I also had to create the 'contactgroupmembers', but I think it would be created by the script in case of no errors.
I solved this one upgrading my mariadb from 10.0 to 10.5
ERROR: Error in DDL upgrade 2020091000: [1709] Index column size too large. The maximum column size is 767 bytes.
So, for what concerns this major update, it could be better for most of us to perform a clean installation.
I'm leaving the following "upgrade" notes for future upgrades, hoping that they may remain valid.
ClamAV
September 28, 2021 Roberto Puzzanghera 8 comments
- Info: http://www.clamav.net
- Latest version: 0.104.0
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.
Starting from v. 0.104.0 the installation of clamav is based only on CMake, which superseds the autotools install. Therefore we have to change the way the program is configured at compile time.
Since the installation we are going to do is very basic, I suggest to install a package from your distro and come back here to read the post-install notes.
What follows concerns the installation from source. As already said, CMake is needed and if your distro doesn't provide a recent version you should update it via python pip3; refer to this page if you need to update your CMake.
If you have a recent CMake version (v. 3.21.3 works here) this is how you can install clamav from source.
Patching qmail
September 27, 2021 Roberto Puzzanghera 325 comments
- Latest stable combined patch for netqmail-1.06 v. 2021.09.27 (MD5)
Changelog
The complete changelog and patch info are inside the README.PATCH file.
- Sep 27, 2021
-chkuser: now it allows double hyphens "--" in the sender email, like in y--s.co.jp (diff here) - Aug 22, 2021
-minor fix to qlog: now it logs the auth-type correctly (diff) - 2021.06.19
-chkuser: defined extra allowed characters in sender/rcpt addresses and added the slash to the list (tx Thomas). diff here - 2021.06.12
-RSA key and DH parameters are created 4096 bit long also in Makefile-cert. qmail-smtpd.c and qmail-remote.c updated accordingly (tx Eric Broch).
-Makefile-cert: the certs will be owned by vpopmail:vchkpw - 2021.03.21
-update_tmprsadh.sh: RSA key and DH parameters increased to 4096 bits - 2020.12.04
received.c: some adjustments to compile with gcc-10 (diff here) - 2020.07.29
-dk-filter: corrected a bug where dk-filter was using DKIMDOMAIN unconditionally. Now it uses DKIMDOMAIN only if _SENDER is null (tx Manvendra Bhangui). - 2020.07.27
-added a fix for CVE-2005-2513 (tx C) - 2020.04.25
-qmail-smtpd.c: added rcptcount = 0; in smtp_rset function to prevent the maxrcpto error if control/maxrcpt limit has been exceeded in multiple messages sent sequentially rather than in a single mail (tx Alexandre Fonceca) - 2020.04.16
-qmail-remote-logging patch added (more info here) - 2020.04.10
-DKIM patch updated to v. 1.28
* outgoing messages from null sender ("<>") will be signed as well with the domain in env variable DKIMDOMAIN
* declaring NODK env variable disables old domainkeys signature, while defining NODKIM disables DKIM.
Installing and configuring vpopmail
September 23, 2021 Roberto Puzzanghera 75 comments
- Inter7's original page
vpopmailversion: 5.4.33- Combined patch v. 2021.09.23
- Changelog
- More info here
- README.vdelivermail
Vpopmail provides an easy way to manage virtual email domains and non /etc/passwd email accounts on your mail servers.
The purpose of this note is to show how to use Mysql as the authentication system. Having a users database also offers the advantage of communicating with the database via PHP, and creating web-based user interfaces to manage accounts.
Patch details
The patch we'll apply is the result of the following bunch of patches:
- sql-aliasdomains patch, which makes vpopmail save the aliasdomains to
MySQL. This makes thedovecotsql auth driver aware of the aliasdomains, provided that you modify the sql query as well (see thedovecotpage for more info). - defaultdelivery patch, which makes vpopmail to copy your favourite delivery agent (stored in QMAILDIR/control/defauldelivery) into the .qmail-default file of any newly created domain, overriding the default vpopmail's behaviour, where vpopmail copies its delivery agent vdelivermail. You have to configure with
--enable-defaultdeliveryto enable this.
If the functionality is disabled (--disable-defaultdelivery, which is the default option)vdelivermailis installed with the "delete" option instead of "bounce-no-mailbox", which is not reasonable anymore. - dovecot-pwd_query patch
If you want to use thedovecot's sql auth driver with one table for each domain (--disable-many-domains) you have to heavily customize your password query. With this patchvpopmailinstalls the sql procedure and functions in the database when you create a new domain. The procedure can be called bydovecotto perform the auth.
The sql stuff supports aliasdomains andmysqllimits and will be loaded from~/vpopmail/etc/pwd-query_disable-many-domains.sql. You can customize the sql procedure editing this file.
You have to configure with--enable-mysql-bin=PATHas we have to install the procedure calling themysqlbin as a shell command (no way to load an sql query from a file in C language, comments welcome). - recipient check patch. It can be used with Erwin Hoffmann's s/qmail to accomplish the recipent check. Not important in my installation, look at doc/README.vrcptcheck for more info.
- gcc-10-compat patch, which gets vpopmail to compile with
gcc-10
Razor2, Pyzor, Spamcop and DCC setup
July 14, 2021 Roberto Puzzanghera 0 comments
This page concerns the setup of several filtering networks which help spamassassin to decide if a given message is spam or not. Enabling them, together with the bayesian learning system, drastically improves the spamassassin efficiency in doing this.
Spamassassin User Preferences via SQL
July 12, 2021 Roberto Puzzanghera 20 comments
Info: http://spamassassin.apache.org/dist/sql/README - http://wiki.apache.org/spamassassin/UsingSQL
SpamAssassin can now load users' score files from an SQL database. The concept here is to have a web application (PHP/perl/ASP/etc.) that will allow users to be able to update their local preferences on how SpamAssassin will filter their e-mail. The most common use for a system like this would be for users to be able to update the white/black list of addresses without the need for them to update their $HOME/.spamassassin/user_prefs file.
You can skip this page if you want to manage only global options via /etc/mail/spamassassin.
Be aware that user rules will be easily managed by means of the "sauprefs" plugin of Rouncube webmail.
Changelog
- Jul 12, 2021
-bug fix: the "preference" varchar length in the database "userprefs" table was increased to 50 (was 30) to create space for long labels such as "bayes_auto_learn_threshold_spam", which resulted truncated before the modification.
Setting up a script for the Spamassassin's learning and reporting systems
June 20, 2021 Roberto Puzzanghera 0 comments
Now that we have the spam filters in place we have to train our bayesian system and report our spam to Razor, Pyzor and Spamcop.
The obvious thing that comes in mind at this point could be to call sa_learn and spamassassin --report in cascade when clicking in the Roundcube webmail's "Mark as Junk" button (look at the cmd_learn and multi_driver drivers of the markasjunk plugin), but this option has a couple of downsides:
- the learning process, the resulting journal syncing and the connection to several filtering networks takes up to 10 seconds, a time interval that our users don't want to wait.
- even worse, when they click the "Mark as Junk" button it is not always for a real spam message. For example, think about the regular newsletters that they no longer want to read and that they decide to conveniently label as spamming instead of unsubscribe in the proper way.
Therefore it is better to run these two tasks by means a cronjob every night (and this is going to solve the first issue), processing the messages stored in a folder where the users had copied only real spam or ham messages (then fixing the second as well).
Dovecot vpopmail-auth driver removal. Migrating to the SQL driver
March 9, 2021 Roberto Puzzanghera 36 comments
Those who are still using the Dovecot's vpopmail auth driver should consider a migration to another backend, as on January 4, 2021 dovecot-2.3.13 was released and the vpopmail auth driver removed (more info here).
I'll show below how to support domain aliases with the sql driver both with all domains in the same vpopmail table and with one table for each domain (--disable-many-domains). You can find how to setup the driver in this page. A short reference to vpopmail's vconvert program is presented toward the bottom of this page, in case one is planning to switch to sql.
If you browse the comments below you'll find some other nice solutions to replace the vpopmail driver:
- Tyler Simkin posted his auth.lua file (enhanced by Rick Richards to work with encrypted passwords)
- Laurent Bercot posted a solution based on passwd-file driver
- Pablo Murillo improved the sql password_query to work with one table for each domain
- erdgeist showed how to convert cdb accounts to postgres
Saving vpopmail's aliasdomains to MySQL
As some commentators have pointed out, switching to the dovecot's sql auth driver can be painful if one has domain aliases. I will show below how to make dovecot aware of the vpopmail's aliasdomains, so that a user who tries to login with a domain alias can pass the authentication.
The idea is to save the pairs alias/domain in a new "aliasdomains" MySQL table, for example:
MariaDB [vpopmail]> SELECT * FROM aliasdomains; +----------------------+----------------------+ | alias | domain | +----------------------+----------------------+ | alias.net | realdomain.net | +----------------------+----------------------+
...and then modify the dovecot's sql query in order to select the user's domain from this table in case the domain is an alias or from the vpopmail table otherwise.
I patched vpopmail so that it will transparently do the sql stuff when creating/deleting the alias in the usual way by means of the vaddaliasdomain/vdeldomain vpopmail's programs.
qmailadmin
September 1, 2020 Roberto Puzzanghera 73 comments
- Author: Inter7
- Version: 1.2.16
- Download the sources from http://sourceforge.net/projects/qmailadmin/files/
- Combined patch v. 20210312
qmailAdmin is a free software package that provides a web interface for managing a qmail system with virtual domains. It provides admin for adding/deleting users, Aliases, Forwards, Mailing lists and Autoresponders.
Combined patch details
- qmailadmin-skin, a patch that I created during covid-19 spare time, provides a new responsive skin to the control panel. It modifies everything under the html dir and many .c files in order to adjust the html embedded into the source files. Added a stylesheet style.css in the images folder and a couple of png files for the qmail logo. It should be much easier to modify the
qmailadmin's skin from now on. - patch to call
cracklibin order to check for the password strenght. This should avoid unsafe accounts created by domain administrators such as "test 123456". - A nice patch (thanks to Tony, original author unknown) which gets
qmailadminto have authentication failures logged. This makes possible to ban malicious IPs viafail2ban. It is required to create the log file/var/log/qma-auth.loginitially and assign write priviledges toapache. - ezmlm-idx 7 compatibility patch (author unknown), which restores the compatibility with
ezmlm-idx-7(thanks to J.D. Trolinger for the advice). - a fix to the catchall account (thanks to Luca Franceschini).
- another fix to autorespond.c to correct the way
.qmailfiles are modified
Changelog
- 2021.03.12
-patch cleanup - 2020.09.02
-mod_user.html: cleaned the html as it was printing unneeded strings - 2020.08.10
- mod_user.html: added the "value" attribute to the name/gecos input tag
- Makefile.in: added a line to install the css, as already done for Makefile.am
(tx Pablo Murillo) - 2020.05.22
- mod_user.html: removed the "required" attribute on password field, to allow modifications in case of no password change
Running OpenBoard in a window
May 10, 2021 Roberto Puzzanghera 11 comments
- OpenBoard home page
- Download my patch
- Github discussion
- Slackbuild (Slackware users)
These days I'm forced again to do lessons from remote. My school asked me to refer to Google Meet for the videoconferences and one thing I disliked was the Jam interactive whiteboard, which is completely inadequate for scientific subjects. On the other hand OpenBoard, my favourite board tool that I successfully use with Zoom, seemed not to be recognized as an application to be shared, because it runs fullscreen.
After some googleing I found a patch from this guy (I big thank for his work!) which forces OpenBoard to run in a window, but at the cost of passing a variable at compilation time. I modified the logic of that patch so that a user can set how OpenBoard will run just modifying an option in the config file. The "run windowed" feature is disabled by default, so it will not bother those teachers who are already familiar with the interface, but it can be easily switched on by advanced users.
