Installing and configuring vpopmail

August 9, 2022 Roberto Puzzanghera 83 comments

Vpopmail provides an easy way to manage virtual email domains and non /etc/passwd email accounts on your mail servers.

The purpose of this note is to show how to use Mysql as the authentication system. Having a users database also offers the advantage of communicating with the database via PHP, and creating web-based user interfaces to manage accounts.

Patch details

The patch we'll apply is the result of the following bunch of patches:

  • sql-aliasdomains patch, which makes vpopmail save the aliasdomains to MySQL. This makes the dovecot sql auth driver aware of the aliasdomains, provided that you modify the sql query as well (see the dovecot page for more info).
  • defaultdelivery patch, which makes vpopmail to copy your favourite delivery agent (stored in QMAILDIR/control/defauldelivery) into the .qmail-default file of any newly created domain, overriding the default vpopmail's behaviour, where vpopmail copies its delivery agent vdelivermail. You have to configure with --enable-defaultdelivery to enable this.
    If the functionality is disabled (--disable-defaultdelivery, which is the default option) vdelivermail is installed with the "delete" option instead of "bounce-no-mailbox", which is not reasonable anymore.
  • dovecot-sql-procedures patch
    If you want to use the dovecot's sql auth driver with one table for each domain (--disable-many-domains) you have to heavily customize your queries to the sql database. With this patch vpopmail installs the sql procedures and functions in the database when you create a new domain. The procedures can be called by dovecot to perform the auth.
    The sql stuff supports aliasdomains and mysql limits and will be loaded from ~/vpopmail/etc/disable-many-domains_procedures.sql. You can customize the sql procedure editing this file.
    You have to configure with --enable-mysql-bin=PATH as we have to install the procedures calling the mysql bin as a shell command (no way to load an sql query from a file in C language, comments welcome).
  • vusaged configure patch
    It seems that at least on Debian 11 vusaged refuses to run the configure successfully, as the mysql libraries are not linked (configure: error: No vauth_getpw in libvpopmail). After some inspection, I noticed that avoiding the break of the configure command, the following make command will find libmysqlclient and compile with no problems, and the program works as expected.
    NB: an autoreconf -f -i into the vusaged directory is needed before configuring, as the configure.ac script was modified.
  • recipient check patch. It can be used with Erwin Hoffmann's s/qmail to accomplish the recipient check. Not important in my installation, look at doc/README.vrcptcheck for more info.
  • gcc-10-compat patch, which gets vpopmail to compile with gcc-10

Roundcube plugins

August 8, 2022 Roberto Puzzanghera 26 comments

My enabled plugins are (at the moment):

  • Password, to change the user's password
  • ManageSieve, which writes sieve scripts to filter the incoming mails (reject, move to specific folders etc.). Note that in order to use it you must have Dovecot managesieve enabled.
  • SpamAssassin User Prefs SQL (sauserprefs), which writes the spamassassin user preferences in the DB. The user will be allowed to create a black/white list, to adjust the required_score and so on.
  • MarkAsJunk. You can add the sender's email address to the blacklist, or run a command such as sa_learn. Requires sauprefs.
  • ContextMenu. Adds context menus to the message list, folder list and address book. Menu includes the abilities mark messages as read/unread, delete, reply and forward.
  • Newmail notifier. can notify new mail focusing browser window and changing favicon, playing a sound and  displaying desktop notification (using webkitNotifications feature).
  • Persistent login, which provides a "Keep me logged in" aka "Remember Me" functionality for Roundcube.
  • ZipDownload, which adds an option to download all attachments to a message in one zip file, when a message has multiple attachments.
  • enigma adds support for viewing and sending of signed and encrypted messages in PGP (RFC 2440) and PGP/MIME (RFC 3156) format
  • swipe, which adds left/right/down swipe actions to entries in the the message list on touch devices (tables/phones).

Other plugins that I have used in the past for which the old documentation might not be valid anymore

  • autologon. Autologin from external Site e.g. (CMS, Portal ...)
  • logout redirect. Modified version to only redirect to the homepage (depending on the domain part of the default identity)
  • rcguard. This plugin logs failed login attempts and requires users to go through a reCAPTCHA verification process when the number of failed attempts go too high.
  • carddav. CardDav client. You can sync your addressbook against a CardDav server like nextcloud or SoGO.
  • quickrules (abandoned project). Adds a button to the message list to allow the quick creation of rules in the SieveRules plugin. Information from selected emails is used to prefile the new rule form.

ucspi-ssl - TLS encryption for Client/Server IPv6/IPv4 communication

May 9, 2022 Roberto Puzzanghera 3 comments

sslserver, sslclient, and sslhandle are command-line tools for building SSL client-server applications. 

sslserver listens for IPv6 and/or IPv4 connections, and runs a program for each connection it accepts. The program environment includes variables that hold the local and remote host names, IP addresses, and port numbers. sslserver offers a concurrency limit on acceptance of new connections, and selective handling of connections based on client identity supporting CIDR IP address notation. sslserver supports STARTTLS and STLS.

sslclient requests a connection to either a IPv6 or IPv4 TCP sockets, and runs a program. The program environment includes the same variables as for sslserver.

sslhandle is a pre-forking sslserver; though without STARTTLS/STLS capabilities.

With sslserver we can have a secure connection on port 465 to receive our emails.

You have already installed fehQlibs, which are supplementary C libraries needed for ucspi-ssl.

tar xzf /usr/local/src/ucspi-ssl-0.12.3.tgz
cd host/superscript.com/net/ucspi-ssl-0.12.3
./package/install

The configuration of the supervise script for qmail-smtps is inside the configuration page.

e-mail indexing with Solr FTS Engine

April 21, 2022 Roberto Puzzanghera 0 comments

Solr is a Lucene indexing server. Dovecot communicates to it using HTTP/XML queries. With this indexing server, you can do text searches in your emails.

Installing

Solr is a java servlet which requires openjdk v. 8 or later. Be sure that you have the java binary in you path and that you have defined the variable JAVA_HOME, for example

PATH=$PATH:/usr/lib64/java/bin/
JAVA_HOME=/usr/lib64/java/

Download the binary version of Solr and install

cd /usr/local/src
wget https://www.apache.org/dyn/closer.lua/lucene/solr/8.11.1/solr-8.11.1.tgz?action=download -O solr-8.11.1.tgz

Extract the installer from the archive and run it. The installer will work for most Linux distributions based on systemd.

tar xzf solr-8.11.1.tgz solr-8.11.1/bin/install_solr_service.sh --strip-components=2
sudo bash ./install_solr_service.sh solr-8.11.1.tgz

The server will be launched by systemd at boot time.