Dovecot vpopmail-auth driver removal. Migrating to the SQL driver

February 10, 2023 Roberto Puzzanghera 65 comments

Those who are still using the Dovecot's vpopmail auth driver should consider a migration to another backend, as on January 4, 2021 dovecot-2.3.13 was released and the vpopmail auth driver removed (more info here).

I'll show below how to support domain aliases with the sql driver both with all domains in the same vpopmail table and with one table for each domain (--disable-many-domains). You can find how to setup the driver in this page. A short reference to vpopmail's vconvert program is presented toward the bottom of this page, in case one is planning to switch to sql.

If you browse the comments below you'll find some other nice solutions:

Saving vpopmail's aliasdomains to MySQL

As some commentators have pointed out, switching to the dovecot's sql auth driver can be painful if one has domain aliases. I will show below how to make dovecot aware of the vpopmail's aliasdomains, so that a user who tries to login with a domain alias can pass the authentication.

The idea is to save the pairs alias/domain in a new "aliasdomains" MySQL table, for example:

MariaDB [vpopmail]> SELECT * FROM aliasdomains; 
+----------------------+----------------------+ 
| alias                | domain               | 
+----------------------+----------------------+ 
| alias.net            | realdomain.net       | 
+----------------------+----------------------+

...and then modify the dovecot's sql query in order to select the user's domain from this table in case the domain is an alias or from the vpopmail table otherwise.

I patched vpopmail so that it  will transparently do the sql stuff when creating/deleting the alias in the usual way by means of the vaddaliasdomain/vdeldomain vpopmail's programs.

Installing Dovecot and sieve on a vpopmail + qmail server

February 10, 2023 Roberto Puzzanghera 73 comments

Changelog

  • Feb 10, 2023
    - added a patch to restore the old vpopmail-auth driver (tx Ali Erturk TURKER)
  • Nov 2, 2022
    -added mailbox_list_index = yes and mail_always_cache_fields = date.save to 10-mail.conf (tx JonTDW, more info here)
  • Aug 9, 2022
    -improved the sql stuff in case of --disable-many-domains (tx kengheng)
  • Apr 21, 2022
    -Solr support added
  • Apr 17, 2022
    -auth-sql.conf.ext: changed the userdb lookup for LDA from static to sql, as the home dir was not retrieved correctly if positioned in a subfolder (i.e. domains/0/domainname).
  • June 20, 2021
    -15-mailboxes.conf: added Junk.TeachSpam and Junk.TeachNotSpam mailboxes to store messages for the learning and reporting systems (more info here)
  • March 17, 2021
    - 90-quota.conf: quota definition adjusted in this way quota = maildir:: as the GETQUOTA command was not returning the quota (thanks a.key)
  • March 2, 2021
    - "one table per domain" support added (--disable-many-domains)
    - added domains limits support to password_query (you have to compile vpopmail --enable-mysql-limits)
  • January 29, 2021
    - auth-sql.conf.ext now uses the userdb's prefetch driver in order to perform one single query when doing the auth
    - dovecot-sql.conf.ext has been modified to allow authentication both with real and alias domains, provided that you patched vpopmail accordingly. More info in this page.
    - the iterate_query in the sql driver now extracts the "user" field (was "username") as required by the docs.

Overview

Dovecot is an open source IMAP and POP3 email server for Linux/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations. It's fast, simple to set up, requires no special administration and it uses very little memory.

e-mail indexing with Solr FTS Engine

January 4, 2023 Roberto Puzzanghera 0 comments

Solr is a Lucene indexing server. Dovecot communicates to it using HTTP/XML queries. With this indexing server, you can do text searches in your emails.

Upgrading to version 9.1.0

Before starting check that your java is at least at version 11.

Download version 9.1.0:

wget https://www.apache.org/dyn/closer.lua/solr/solr/9.1.0/solr-9.1.0.tgz?action=download -O solr-9.1.0.tgz

Then stop your Solr server and run the upgrade with the -f (upgrade) and -n (do not start the server when finished) options:

tar xzf solr-9.1.0.tgz solr-9.1.0/bin/install_solr_service.sh --strip-components=2
sudo bash ./install_solr_service.sh solr-9.1.0.tgz -f -n

Slackware users will have to do:

wget https://notes.sagredo.eu/files/qmail/solr/install_solr_slackware.sh
chmod +x install_solr_slackware.sh
./install_solr_slackware.sh solr-9.1.0.tgz -f -n

Now download and install the new schema and configuration files for Dovecot

cd /var/solr/data/dovecot/conf
rm -f schema.xml managed-schema solrconfig.xml
wget https://notes.sagredo.eu/files/qmail/solr/schema-9.1.0.xml     -O schema.xml
wget https://notes.sagredo.eu/files/qmail/solr/solrconfig-9.1.0.xml -O solrconfig.xml
chown solr:solr solrconfig.xml schema.xml

The new configuration file replaces LRUCache with CaffeineCache and changes the location of the .jar libraries (diff here).

Configure your /etc/default/solr.in.sh file, as many options are changed. Then restart the Solr server.

Finally upgrade the indexes (edit the downloaded script to insert your Dovecot password)

wget https://notes.sagredo.eu/files/qmail/solr/solr_rescan_index.sh
chmod +x solr_rescan_index.sh
chown root:root solr_rescan_index.sh
chmod o-wrx solr_rescan_index.sh

./solr_rescan_index.sh
Stopping Dovecot 
. 
<?xml version="1.0" encoding="UTF-8"?> 
<response> 

<lst name="responseHeader"> 
 <int name="status">0</int> 
 <int name="QTime">20</int> 
</lst> 
</response> 
Starting Dovecot.

If the script does not return errors (status=0) you are ok. If you get errors, double check the Authorization and the Solr's dovecot user credentials.

Installing ClamAV

January 1, 2023 Roberto Puzzanghera 8 comments

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.

Upgrading to v. 1.0.x

Version 1.0.0 of ClamAV requires the Rust environment to be at least at version 1.61. If your distribution doesn't provide such a version you have to uninstall the existing Rust package and then install a new version in this way:

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

This will install the binaries into /root/.cargo/bin. The installation will try to add this directory to your PATH. If something went wrong, add it by yourself to your profile:

export PATH:$PATH:/root/.cargo/bin

If one day you want to uninstall this Rust installation, because the package is available in your distro, you can do like this:

rustup self uninstall

Once Rust has been installed, you have to follow all the installation steps to overwrite the previous installation. At the end, you will have to move the new configuration files in place and edit them as described below.

cd /usr/local/etc
mv clamd.conf clamd.conf.105
mv clamd.conf.sample clamd.conf
mv freshclam.conf freshclam.conf.105
mv freshclam.conf.sample freshclam.conf

You can also remove your logrotate file, as the program is now able to do the rotation autonomously, provided that you have 

LogRotate yes

in your config files.