Dovecot vpopmail-auth driver removal. Migrating to the SQL driver
February 10, 2023 Roberto Puzzanghera 65 comments
Those who are still using the Dovecot's vpopmail auth driver should consider a migration to another backend, as on January 4, 2021 dovecot-2.3.13 was released and the vpopmail auth driver removed (more info here).
I'll show below how to support domain aliases with the sql driver both with all domains in the same vpopmail table and with one table for each domain (--disable-many-domains). You can find how to setup the driver in this page. A short reference to vpopmail's vconvert program is presented toward the bottom of this page, in case one is planning to switch to sql.
If you browse the comments below you'll find some other nice solutions:
- Ali Erturk TURKER maintains a patch to dovecot which restores the old
vpopmailauth driver to life - Tyler Simpkin posted his auth.lua file (enhanced by Rick Richards to work with encrypted passwords)
- Laurent Bercot posted a solution based on passwd-file driver
- Pablo Murillo improved the sql password_query to work with one table for each domain
- erdgeist showed how to convert cdb accounts to postgres
Saving vpopmail's aliasdomains to MySQL
As some commentators have pointed out, switching to the dovecot's sql auth driver can be painful if one has domain aliases. I will show below how to make dovecot aware of the vpopmail's aliasdomains, so that a user who tries to login with a domain alias can pass the authentication.
The idea is to save the pairs alias/domain in a new "aliasdomains" MySQL table, for example:
MariaDB [vpopmail]> SELECT * FROM aliasdomains; +----------------------+----------------------+ | alias | domain | +----------------------+----------------------+ | alias.net | realdomain.net | +----------------------+----------------------+
...and then modify the dovecot's sql query in order to select the user's domain from this table in case the domain is an alias or from the vpopmail table otherwise.
I patched vpopmail so that it will transparently do the sql stuff when creating/deleting the alias in the usual way by means of the vaddaliasdomain/vdeldomain vpopmail's programs.
Installing Dovecot and sieve on a vpopmail + qmail server
February 10, 2023 Roberto Puzzanghera 73 comments
- Overview
- Installing
- Configuring
- Download my dovecot's config files
- dovecot.conf
- 10-auth.conf
- auth-sql.conf.ext
- 10-director.conf
- 10-logging.conf
- Logrotate
- 10-mail.conf
- 10-master.conf
- 10-ssl.conf
- 15-lda.conf
- 15-mailboxes.conf
- 20-imap.conf
- 20-lmtp.conf
- 20-pop3.conf
- 90-plugin.conf
- 90-quota.conf
Changelog
- Feb 10, 2023
- added a patch to restore the old vpopmail-auth driver (tx Ali Erturk TURKER) - Nov 2, 2022
-addedmailbox_list_index = yesandmail_always_cache_fields = date.saveto 10-mail.conf (tx JonTDW, more info here) - Aug 9, 2022
-improved the sql stuff in case of --disable-many-domains (tx kengheng) - Apr 21, 2022
-Solr support added - Apr 17, 2022
-auth-sql.conf.ext: changed the userdb lookup for LDA from static to sql, as the home dir was not retrieved correctly if positioned in a subfolder (i.e. domains/0/domainname). - June 20, 2021
-15-mailboxes.conf: added Junk.TeachSpam and Junk.TeachNotSpam mailboxes to store messages for the learning and reporting systems (more info here) - March 17, 2021
- 90-quota.conf: quota definition adjusted in this wayquota = maildir::as the GETQUOTA command was not returning the quota (thanks a.key) - March 2, 2021
- "one table per domain" support added (--disable-many-domains)
- added domains limits support to password_query (you have to compile vpopmail --enable-mysql-limits) - January 29, 2021
- auth-sql.conf.ext now uses the userdb's prefetch driver in order to perform one single query when doing the auth
- dovecot-sql.conf.ext has been modified to allow authentication both with real and alias domains, provided that you patched vpopmail accordingly. More info in this page.
- the iterate_query in the sql driver now extracts the "user" field (was "username") as required by the docs.
Overview
- Info: http://www.dovecot.org/
- Documentation: http://wiki2.dovecot.org
- Mail Server overview: http://wiki2.dovecot.org/MailServerOverview
- Download: http://www.dovecot.org/releases/2.3/
- Version: dovecot-2.3.20
Dovecot is an open source IMAP and POP3 email server for Linux/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations. It's fast, simple to set up, requires no special administration and it uses very little memory.
e-mail indexing with Solr FTS Engine
January 4, 2023 Roberto Puzzanghera 0 comments
Solr is a Lucene indexing server. Dovecot communicates to it using HTTP/XML queries. With this indexing server, you can do text searches in your emails.
- Download latest version: v. 9.1.0
- Solr documentation page
- Solr FTS Engine documentation page for Dovecot
Upgrading to version 9.1.0
- More info here
Before starting check that your java is at least at version 11.
Download version 9.1.0:
wget https://www.apache.org/dyn/closer.lua/solr/solr/9.1.0/solr-9.1.0.tgz?action=download -O solr-9.1.0.tgz
Then stop your Solr server and run the upgrade with the -f (upgrade) and -n (do not start the server when finished) options:
tar xzf solr-9.1.0.tgz solr-9.1.0/bin/install_solr_service.sh --strip-components=2 sudo bash ./install_solr_service.sh solr-9.1.0.tgz -f -n
Slackware users will have to do:
wget https://notes.sagredo.eu/files/qmail/solr/install_solr_slackware.sh chmod +x install_solr_slackware.sh ./install_solr_slackware.sh solr-9.1.0.tgz -f -n
Now download and install the new schema and configuration files for Dovecot
cd /var/solr/data/dovecot/conf rm -f schema.xml managed-schema solrconfig.xml wget https://notes.sagredo.eu/files/qmail/solr/schema-9.1.0.xml -O schema.xml wget https://notes.sagredo.eu/files/qmail/solr/solrconfig-9.1.0.xml -O solrconfig.xml chown solr:solr solrconfig.xml schema.xml
The new configuration file replaces LRUCache with CaffeineCache and changes the location of the .jar libraries (diff here).
Configure your /etc/default/solr.in.sh file, as many options are changed. Then restart the Solr server.
Finally upgrade the indexes (edit the downloaded script to insert your Dovecot password)
wget https://notes.sagredo.eu/files/qmail/solr/solr_rescan_index.sh chmod +x solr_rescan_index.sh chown root:root solr_rescan_index.sh chmod o-wrx solr_rescan_index.sh ./solr_rescan_index.sh Stopping Dovecot . <?xml version="1.0" encoding="UTF-8"?> <response> <lst name="responseHeader"> <int name="status">0</int> <int name="QTime">20</int> </lst> </response> Starting Dovecot.
If the script does not return errors (status=0) you are ok. If you get errors, double check the Authorization and the Solr's dovecot user credentials.
Installing ClamAV
January 1, 2023 Roberto Puzzanghera 8 comments
- Info: http://www.clamav.net
- Latest version: 1.0.1
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.
Upgrading to v. 1.0.x
Version 1.0.0 of ClamAV requires the Rust environment to be at least at version 1.61. If your distribution doesn't provide such a version you have to uninstall the existing Rust package and then install a new version in this way:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
This will install the binaries into /root/.cargo/bin. The installation will try to add this directory to your PATH. If something went wrong, add it by yourself to your profile:
export PATH:$PATH:/root/.cargo/bin
If one day you want to uninstall this Rust installation, because the package is available in your distro, you can do like this:
rustup self uninstall
Once Rust has been installed, you have to follow all the installation steps to overwrite the previous installation. At the end, you will have to move the new configuration files in place and edit them as described below.
cd /usr/local/etc mv clamd.conf clamd.conf.105 mv clamd.conf.sample clamd.conf mv freshclam.conf freshclam.conf.105 mv freshclam.conf.sample freshclam.conf
You can also remove your logrotate file, as the program is now able to do the rotation autonomously, provided that you have
LogRotate yes
in your config files.
