Greylisting for qmail
April 18, 2023 Roberto Puzzanghera 9 comments
Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again after a delay, and if sufficient time has elapsed, the email will be accepted.
While greylisting is not effective as in the past, it still cut a certain fraction of the total spam.
Changelog
- Apr 18, 2023
Bai Borko showed a different approach in purging the database ofjgreylist
and posted his script here. Basically, instead of deleting the old records his script leaves in the database the records with trusted IPs of the last 30 days based on the qmail-smtpd logs. Have a look!
qmail-spp
greylisting plugin
I introduce here how greylisting
can be implemented on qmail
by means of another qmail-spp plugin, which saves the data in MySQL
. Having the data in MySQL
is useful to measure how much spam is blocked by greylisting
.
- More info here
- Author: Manuel Mausz
vQadmin
February 18, 2023 Roberto Puzzanghera 30 comments
- Info: http://www.inter7.com/vqadmin-sysadmin-webcontrol/
- Download (local copy): vqadmin-2.3.7
- Combined patch installed (v. 2023.02.18)
vqadmin is a web based control panel that allows system administrators to perform actions which require root access — for example, adding and deleting domains.
Changelog
- Feb 18, 2023
Added Ali Erturk TURKER's patch to my combo. Original patch here
Installing and configuring vpopmail
February 18, 2023 Roberto Puzzanghera 90 comments
- Inter7's original page
vpopmail
version: 5.4.33- Combined patch v. 2023.03.02
- Changelog
- More info here
- README.vdelivermail
Vpopmail provides an easy way to manage virtual email domains and non /etc/passwd email accounts on your mail servers.
The purpose of this note is to show how to use Mysql
as the authentication system. Having a users database also offers the advantage of communicating with the database via PHP
, and creating web-based user interfaces to manage accounts.
Patch details
The patch we'll apply is the result of the following bunch of patches:
- sql-aliasdomains patch, which makes
vpopmail
save the aliasdomains toMySQL
. This makes thedovecot
sql auth driver aware of the aliasdomains, provided that you modify the sql query as well (see thedovecot
page for more info). - defaultdelivery patch, which makes
vpopmail
to copy your favourite delivery agent (stored in QMAILDIR/control/defauldelivery) into the .qmail-default file of any newly created domain, overriding the defaultvpopmail
's behaviour, wherevpopmail
copies its delivery agentvdelivermail
. You have to configure with--enable-defaultdelivery
to enable this.
If the functionality is disabled (--disable-defaultdelivery
, which is the default option)vdelivermail
is installed with the "delete" option instead of "bounce-no-mailbox", which is not reasonable anymore. - dovecot-sql-procedures patch
If you want to use thedovecot
's sql auth driver with one table for each domain (--disable-many-domains
) you have to heavily customize your queries to the sql database. With this patchvpopmail
installs the sql procedures and functions in the database when you create a new domain. The procedures can be called bydovecot
to perform the auth.
The sql stuff supports aliasdomains andmysql
limits and will be loaded from~/vpopmail/etc/disable-many-domains_procedures.sql.
You can customize the sql procedure editing this file.
You have to configure with--enable-mysql-bin=PATH
as we have to install the procedures calling themysql
bin as a shell command (no way to load an sql query from a file in C language, comments welcome). - vusaged configure patch
It seems that at least on Debian 11vusaged
refuses to run the configure successfully, as theMySQL
libraries are not linked (configure: error: No vauth_getpw in libvpopmail
). After some inspection, I noticed that avoiding the break of the configure command, the following make command will findlibmysqlclient
and compile with no problems, and the program works as expected.
NB: anautoreconf -f -i
into thevusaged
directory is needed before configuring, as theconfigure.ac
script was modified. - recipient check patch. It can be used with Erwin Hoffmann's s/qmail to accomplish the recipient check. Not important in my installation, look at doc/README.vrcptcheck for more info.
- vuserinfo-D_newline, a cosmetic patch which prints a new line to separate users' infos when typing "vuserinfo -D domain"
- gcc-10-compat patch, which gets vpopmail to compile with
gcc-10
and later versions - A fix to the following issues (patch by Ali Erturk TURKER):
- vdelivermail.c checks spamassassin permissions, instead of maildrop permissions.
-vopen_smtp_relay()
return values corrected, so thatopen_smtp_relay()
can detect and report database connection errors (vmysql.c, voracle.pc, vpgsql.c)
-vdel_limits()
core-dumps if a database connection is not available beforehand. (vmysql.c, voracle.pc)
Dovecot vpopmail-auth driver removal. Migrating to the SQL driver
February 10, 2023 Roberto Puzzanghera 65 comments
Those who are still using the Dovecot
's vpopmail
auth driver should consider a migration to another backend, as on January 4, 2021 dovecot-2.3.13
was released and the vpopmail
auth driver removed (more info here).
I'll show below how to support domain aliases with the sql driver both with all domains in the same vpopmail
table and with one table for each domain (--disable-many-domains
). You can find how to setup the driver in this page. A short reference to vpopmail
's vconvert
program is presented toward the bottom of this page, in case one is planning to switch to sql.
If you browse the comments below you'll find some other nice solutions:
- Ali Erturk TURKER maintains a patch to dovecot which restores the old
vpopmail
auth driver to life - Tyler Simpkin posted his auth.lua file (enhanced by Rick Richards to work with encrypted passwords)
- Laurent Bercot posted a solution based on passwd-file driver
- Pablo Murillo improved the sql password_query to work with one table for each domain
- erdgeist showed how to convert cdb accounts to postgres
Saving vpopmail
's aliasdomains
to MySQL
As some commentators have pointed out, switching to the dovecot
's sql auth driver can be painful if one has domain aliases. I will show below how to make dovecot
aware of the vpopmail
's aliasdomains
, so that a user who tries to login with a domain alias can pass the authentication.
The idea is to save the pairs alias/domain in a new "aliasdomains" MySQL
table, for example:
MariaDB [vpopmail]> SELECT * FROM aliasdomains; +----------------------+----------------------+ | alias | domain | +----------------------+----------------------+ | alias.net | realdomain.net | +----------------------+----------------------+
...and then modify the dovecot
's sql
query in order to select the user's domain from this table in case the domain is an alias or from the vpopmail
table otherwise.
I patched vpopmail
so that it will transparently do the sql stuff when creating/deleting the alias in the usual way by means of the vaddaliasdomain
/vdeldomain
vpopmail
's programs.