Dovecot vpopmail-auth driver removal. Migrating to the SQL driver
February 10, 2023 Roberto Puzzanghera 65 comments
Those who are still using the Dovecot
's vpopmail
auth driver should consider a migration to another backend, as on January 4, 2021 dovecot-2.3.13
was released and the vpopmail
auth driver removed (more info here).
I'll show below how to support domain aliases with the sql driver both with all domains in the same vpopmail
table and with one table for each domain (--disable-many-domains
). You can find how to setup the driver in this page. A short reference to vpopmail
's vconvert
program is presented toward the bottom of this page, in case one is planning to switch to sql.
If you browse the comments below you'll find some other nice solutions:
- Ali Erturk TURKER maintains a patch to dovecot which restores the old
vpopmail
auth driver to life - Tyler Simpkin posted his auth.lua file (enhanced by Rick Richards to work with encrypted passwords)
- Laurent Bercot posted a solution based on passwd-file driver
- Pablo Murillo improved the sql password_query to work with one table for each domain
- erdgeist showed how to convert cdb accounts to postgres
Saving vpopmail
's aliasdomains
to MySQL
As some commentators have pointed out, switching to the dovecot
's sql auth driver can be painful if one has domain aliases. I will show below how to make dovecot
aware of the vpopmail
's aliasdomains
, so that a user who tries to login with a domain alias can pass the authentication.
The idea is to save the pairs alias/domain in a new "aliasdomains" MySQL
table, for example:
MariaDB [vpopmail]> SELECT * FROM aliasdomains; +----------------------+----------------------+ | alias | domain | +----------------------+----------------------+ | alias.net | realdomain.net | +----------------------+----------------------+
...and then modify the dovecot
's sql
query in order to select the user's domain from this table in case the domain is an alias or from the vpopmail
table otherwise.
I patched vpopmail
so that it will transparently do the sql stuff when creating/deleting the alias in the usual way by means of the vaddaliasdomain
/vdeldomain
vpopmail
's programs.
Installing Dovecot and sieve on a vpopmail + qmail server
February 10, 2023 Roberto Puzzanghera 73 comments
- Overview
- Installing
- Configuring
- Download my dovecot's config files
- dovecot.conf
- 10-auth.conf
- auth-sql.conf.ext
- 10-director.conf
- 10-logging.conf
- Logrotate
- 10-mail.conf
- 10-master.conf
- 10-ssl.conf
- 15-lda.conf
- 15-mailboxes.conf
- 20-imap.conf
- 20-lmtp.conf
- 20-pop3.conf
- 90-plugin.conf
- 90-quota.conf
Changelog
- Feb 10, 2023
- added a patch to restore the old vpopmail-auth driver (tx Ali Erturk TURKER) - Nov 2, 2022
-addedmailbox_list_index = yes
andmail_always_cache_fields = date.save
to 10-mail.conf (tx JonTDW, more info here) - Aug 9, 2022
-improved the sql stuff in case of --disable-many-domains (tx kengheng) - Apr 21, 2022
-Solr support added - Apr 17, 2022
-auth-sql.conf.ext: changed the userdb lookup for LDA from static to sql, as the home dir was not retrieved correctly if positioned in a subfolder (i.e. domains/0/domainname). - June 20, 2021
-15-mailboxes.conf: added Junk.TeachSpam and Junk.TeachNotSpam mailboxes to store messages for the learning and reporting systems (more info here) - March 17, 2021
- 90-quota.conf: quota definition adjusted in this wayquota = maildir::
as the GETQUOTA command was not returning the quota (thanks a.key) - March 2, 2021
- "one table per domain" support added (--disable-many-domains)
- added domains limits support to password_query (you have to compile vpopmail --enable-mysql-limits) - January 29, 2021
- auth-sql.conf.ext now uses the userdb's prefetch driver in order to perform one single query when doing the auth
- dovecot-sql.conf.ext has been modified to allow authentication both with real and alias domains, provided that you patched vpopmail accordingly. More info in this page.
- the iterate_query in the sql driver now extracts the "user" field (was "username") as required by the docs.
Overview
- Info: http://www.dovecot.org/
- Documentation: http://wiki2.dovecot.org
- Mail Server overview: http://wiki2.dovecot.org/MailServerOverview
- Download: http://www.dovecot.org/releases/2.3/
- Version: dovecot-2.3.20
Dovecot is an open source IMAP and POP3 email server for Linux/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations. It's fast, simple to set up, requires no special administration and it uses very little memory.
e-mail indexing with Solr FTS Engine
January 4, 2023 Roberto Puzzanghera 0 comments
Solr
is a Lucene indexing server. Dovecot
communicates to it using HTTP/XML
queries. With this indexing server, you can do text searches in your emails.
- Download latest version: v. 9.1.0
- Solr documentation page
- Solr FTS Engine documentation page for Dovecot
Upgrading to version 9.1.0
- More info here
Before starting check that your java
is at least at version 11.
Download version 9.1.0:
wget https://www.apache.org/dyn/closer.lua/solr/solr/9.1.0/solr-9.1.0.tgz?action=download -O solr-9.1.0.tgz
Then stop your Solr
server and run the upgrade with the -f
(upgrade) and -n
(do not start the server when finished) options:
tar xzf solr-9.1.0.tgz solr-9.1.0/bin/install_solr_service.sh --strip-components=2 sudo bash ./install_solr_service.sh solr-9.1.0.tgz -f -n
Slackware
users will have to do:
wget https://notes.sagredo.eu/files/qmail/solr/install_solr_slackware.sh chmod +x install_solr_slackware.sh ./install_solr_slackware.sh solr-9.1.0.tgz -f -n
Now download and install the new schema and configuration files for Dovecot
cd /var/solr/data/dovecot/conf rm -f schema.xml managed-schema solrconfig.xml wget https://notes.sagredo.eu/files/qmail/solr/schema-9.1.0.xml -O schema.xml wget https://notes.sagredo.eu/files/qmail/solr/solrconfig-9.1.0.xml -O solrconfig.xml chown solr:solr solrconfig.xml schema.xml
The new configuration file replaces LRUCache
with CaffeineCache
and changes the location of the .jar
libraries (diff here).
Configure your /etc/default/solr.in.sh file, as many options are changed. Then restart the Solr
server.
Finally upgrade the indexes (edit the downloaded script to insert your Dovecot
password)
wget https://notes.sagredo.eu/files/qmail/solr/solr_rescan_index.sh chmod +x solr_rescan_index.sh chown root:root solr_rescan_index.sh chmod o-wrx solr_rescan_index.sh ./solr_rescan_index.sh Stopping Dovecot . <?xml version="1.0" encoding="UTF-8"?> <response> <lst name="responseHeader"> <int name="status">0</int> <int name="QTime">20</int> </lst> </response> Starting Dovecot.
If the script does not return errors (status=0
) you are ok. If you get errors, double check the Authorization and the Solr
's dovecot user credentials.
Installing ClamAV
January 1, 2023 Roberto Puzzanghera 8 comments
- Info: http://www.clamav.net
- Latest version: 1.0.1
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.
Upgrading to v. 1.0.x
Version 1.0.0 of ClamAV
requires the Rust
environment to be at least at version 1.61. If your distribution doesn't provide such a version you have to uninstall the existing Rust
package and then install a new version in this way:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
This will install the binaries into /root/.cargo/bin. The installation will try to add this directory to your PATH
. If something went wrong, add it by yourself to your profile:
export PATH:$PATH:/root/.cargo/bin
If one day you want to uninstall this Rust
installation, because the package is available in your distro, you can do like this:
rustup self uninstall
Once Rust has been installed, you have to follow all the installation steps to overwrite the previous installation. At the end, you will have to move the new configuration files in place and edit them as described below.
cd /usr/local/etc mv clamd.conf clamd.conf.105 mv clamd.conf.sample clamd.conf mv freshclam.conf freshclam.conf.105 mv freshclam.conf.sample freshclam.conf
You can also remove your logrotate file, as the program is now able to do the rotation autonomously, provided that you have
LogRotate yes
in your config files.