- Inter7's original page
- Combined patch v. 2023.08.27
- More info here
Vpopmail provides an easy way to manage virtual email domains and non /etc/passwd email accounts on your mail servers.
The purpose of this note is to show how to use
Mysql as the authentication system. Having a users database also offers the advantage of communicating with the database via
PHP, and creating web-based user interfaces to manage accounts.
- Sep 5, 2023
- changed configuration option
p). Now failed attempts will be logged with no password shown.
- Aug 27, 2023
- new combined patch. More info here
* The logic of the defaultdelivery patch/feature has been revised. If configured with
--enable-defauldelivery vpopmailwill save control/defauldelivery in the user's .qmail and
vdelivermailLDA in the domain's .qmail-default file. This will achieve multiple benefits: you have
valiastable schema was changed as well.
The patch we'll apply is the result of the following bunch of patches:
- sql-aliasdomains patch, which makes
vpopmailsave the aliasdomains to
MySQL. This makes the
dovecotsql auth driver aware of the aliasdomains, provided that you modify the sql query as well (see the
dovecotpage for more info).
- defaultdelivery patch, will copy you favourite delivery agent, stored in QMAILDIR/control/defauldelivery, in the mailbox's .qmail and the
vpopmaildelivery agent in the domain's .qmail-default.
More info here, have also a look to the doc/README.defaultdelivery file.
- dovecot-sql-procedures patch
If you want to use the
dovecot's sql auth driver with one table for each domain (
--disable-many-domains) you have to heavily customize your queries to the sql database. With this patch
vpopmailinstalls the sql procedures and functions in the database when you create a new domain. The procedures can be called by
dovecotto perform the auth.
The sql stuff supports aliasdomains and
mysqllimits and will be loaded from ~/vpopmail/etc/disable-many-domains_procedures.sql. You can customize the sql procedure editing this file.
You have to configure with
--enable-mysql-bin=PATHas we have to install the procedures calling the
mysqlbin as a shell command (no way to load an sql query from a file in C language, comments welcome).
- vusaged configure patch
It seems that at least on Debian 11
vusagedrefuses to run the configure successfully, as the
MySQLlibraries are not linked (
configure: error: No vauth_getpw in libvpopmail). After some inspection, I noticed that avoiding the break of the configure command, the following make command will find
libmysqlclientand compile with no problems, and the program works as expected.
autoreconf -f -iinto the
vusageddirectory is needed before configuring, as the
configure.acscript was modified.
- recipient check patch. It can be used with Erwin Hoffmann's s/qmail to accomplish the recipient check. Not important in my installation, look at doc/README.vrcptcheck for more info.
- vuserinfo-D_newline, a cosmetic patch which prints a new line to separate users' infos when typing "vuserinfo -D domain"
- gcc-10-compat patch, which gets vpopmail to compile with
gcc-10and later versions
- A fix to the following issues (patch by Ali Erturk TURKER):
- vdelivermail.c checks spamassassin permissions, instead of maildrop permissions.
vopen_smtp_relay()return values corrected, so that
open_smtp_relay()can detect and report database connection errors (vmysql.c, voracle.pc, vpgsql.c)
vdel_limits()core-dumps if a database connection is not available beforehand. (vmysql.c, voracle.pc)
vpopmail user and group. Be aware that the home directory below is going to be the one where
vpopmail will be installed, so you can change it if you want to have
vpopmail elsewhere. You can also decide to assign different
uid/gid to vpopmail, as
qmail will be able to determine them dinamically.
groupadd -g 89 vchkpw useradd -g vchkpw -u 89 -d /home/vpopmail vpopmail
Download the source (original files here: http://sourceforge.net/projects/vpopmail/files/, but you can download my local copy) and configure.
NB you may have to replace
Debian and related.
cd /usr/local/src wget https://notes.sagredo.eu/files/qmail/tar/vpopmail-5.4.33.tar.gz wget https://notes.sagredo.eu/files/qmail/patches/vpopmail/combined_patch/roberto_vpopmail-5.4.33.patch tar xzf vpopmail-5.4.33.tar.gz cd vpopmail-5.4.33 chown -R root:root . patch -p1 < ../roberto_vpopmail-5.4.33.patch autoreconf -f -i ./configure \ --enable-qmaildir=/var/qmail/ \ --enable-qmail-newu=/var/qmail/bin/qmail-newu \ --enable-qmail-inject=/var/qmail/bin/qmail-inject \ --enable-qmail-newmrh=/var/qmail/bin/qmail-newmrh \ --disable-roaming-users \ --enable-auth-module=mysql \ --enable-incdir=/usr/include/mysql \ --enable-libdir=/usr/lib64 \ --enable-logging=e \ --disable-clear-passwd \ --enable-auth-logging \ --enable-sql-logging \ --disable-passwd \ --enable-qmail-ext \ --enable-learn-passwords \ --enable-mysql-limits \ --enable-valias \ --enable-sql-aliasdomains \ --enable-defaultdelivery
--disable-roaming-users roaming users will be disabled, since we don't want to use POP before SMTP authorization. We will patch
MySQL support and stores virtual users accounts into a mysql database.
include dir (use just in case you installed mysql from binaries or source in a non standard location. Mount mysql dir somewhere if it is installed in a different machine).
lib dir. Obviously it might be
/usr/lib on 32b systems
--disable-passwd Don't include /etc/passwd support. I don't want to manage real users, this is just a web server.
--disable-clear-passwd Clear password will not be saved to database for security reasons. If you don't want to have problems when users forget their passwords and you want to recover them quickly switch this to
--enable-logging=e Logs failed attempts on syslog (no failed passwords will be shown).
--enable-sql-logging Maintain the vlog table in MySQL (shows failed authentication requests).
--enable-auth-logging Maintain a lastauth table in MySQL (shows when / how a user last accessed their email)
--enable-mysql-limits MySQL stores domain limits instead of
--enable-qmail-ext Enable qmail email address extension support (emails containing dots).
--enable-sql-aliasdomains (default) saves domain aliases to MySQL in order to validate the authentication for domain aliases when using the
dovecot's sql driver, provided that you modify the
--enable-valias Store aliases in
--enable-defaultdelivery installs the delivery agent stored in
/var/qmail/control/defaultdelivery into the
.qmail file of each newly created user and
vdelivermail agent in the
.qmail-default of the newly created domains. More info here.
Compile and install:
vusaged looks up every
vpopmail user and tracks how much storage space they’re using. It requires
- Download latest version from http://dist.schmorp.de/libev/
cd /usr/local/src wget http://dist.schmorp.de/libev/libev-4.33.tar.gz tar xzvf libev-4.33.tar.gz cd libev-4.33 chown -R root.root . ./configure make make install ldconfig
Installing and configuring
VPOPMAILDIR=/home/vpopmail cd /usr/local/src/vpopmail-5.4.33/vusaged LIBS=`head -1 $VPOPMAILDIR/etc/lib_deps` ./configure --with-vpopmail=$VPOPMAILDIR make cp -f vusaged ~vpopmail/bin cp -f etc/vusaged.conf ~vpopmail/etc
If you get an error like this after the configure command
configure: error: No vauth_getpw in libvpopmail
try to rebuild the configure script in this way:
autoreconf -f -i
and then proceed to configure and compile. I patched the
configure.ac to avoid the break. This is actually a work around. If you solve the library linking error let me know.
Take a look to the discussion in the comments, as Luca suggested a different solution, which didn't solve for me but that I'm suggesting above in this page.
Now create your ~vpopmail/etc/tcp.smtp file. This file should list all the static IPs of your machines that you want to allow to relay out to the internet. For example: to allow relaying for localhost and the localnet 10.0.0.x edit your ~vpopmail/etc/tcp.smtp as follows:
add any other IP later, whenever you want. To give a client relay access, add an entry to ~vpopmail/etc/tcp.smtp like:
IP address of client:allow,RELAYCLIENT=""
Now build the tcp.smtp.cdb. This command must be run every time you modify tcp.smtp
cd ~vpopmail/etc tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp
Now setup a quota warning that will be delivered to users when they are at 90% quota
# nano ~vpopmail/domains/.quotawarn.msg From: SomeCompany Postmaster <firstname.lastname@example.org> Reply-To: email@example.com To: SomeCompany User:; Subject: Mail quota warning Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Your mailbox on the server is now more than 90% full. So that you can continue to receive mail, you need to remove some messages from your mailbox. If you require assistance with this, please contact our support department : email : firstname.lastname@example.org Tel : xx xxxx xx
chmod 600 ~vpopmail/domains/.quotawarn.msg chown vpopmail.vchkpw ~vpopmail/domains/.quotawarn.msg
Now adjust ~vpopmail/etc/vlimits.default. I use to limit the default user quota to 100MB (in bytes):
mysql back end
vpopmail user and database. Grant all privileges to the
vpopmail user. Then quit out of
MySQL and save the authentication information for the
vpopmail account into the
vpopmail.mysql config file:
> mysql [-h mysql-IP] -u root -p CREATE USER 'vpopmail'@'mailserver-IP' IDENTIFIED BY 'vpopmailpwd'; GRANT USAGE ON * . * TO 'vpopmail'@'mailserver-IP' IDENTIFIED BY 'vpopmailpwd' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; CREATE DATABASE IF NOT EXISTS vpopmail; GRANT ALL PRIVILEGES ON `vpopmail` . * TO 'vpopmail'@'mailserver-IP'; > echo "mysql-IP|0|vpopmail|vpopmailpwd|vpopmail" > ~vpopmail/etc/vpopmail.mysql
mysql-IP is the IP of the server which runs
mailserver-IP is the IP address where
qmail is running. Usually you can specify ‘localhost’ or 0.0.0.0 for both.
Creating virtual domains and virtual users
To add/delete a virtual domain
./vadddomain yourdomain.net [./vdeldomain yourdomain.net]
To add/delete a virtual user
./vadduser email@example.com [./vdeluser firstname.lastname@example.org]
To view information about user email accounts:
./vuserinfo email@example.com name: user passwd: xxxxxxxxxxxx clear passwd: xxxxxxxxx comment/gecos: Name Surname uid: 0 gid: 0 flags: 0 gecos: Name Surname limits: No user limits set. dir: /home/vpopmail/domains/yourdomain.net/user quota: 104857600S
These commands can be useful. But it will be much easier to manage domains and accounts when we install the
qmailadmin web interfaces later.
You may be interested to take a look to this page concerning
Domain aliases when using the
dovecot's sql auth driver
If you don't have domain aliases or this is a fresh installation you can skip this step.
If you already have domain aliases and want to switch to the
dovecot's sql auth driver, don't forget to read carefully the page where the
vpopmail/dovecot setup concerning domain aliases is explained, as you'll have to save your existing alias/domains pairs to
In short, you can quickly save all your domain aliases to MySQL in this way
for more options.
The database record will be saved by vpopmail for the new aliases that you will create from now on.