Installing and configuring vpopmail

More info here
The qmail newbie's guide to relaying
README.vdelivermail
vpopmail version: 5.4.33
Patch applied (detalis below)

Vpopmail provides an easy way to manage virtual email domains and non /etc/passwd email accounts on your mail servers.

The purpose of this note is to show how to use Mysql as the authentication system. Having a users database also offers the advantage of communicating with the database via PHP, and creating web-based user interfaces to manage accounts.

Changelog

February 26, 2021
- added a "defaultdelivery patch" to the package of patches. configure --enable-defaultdelivery to enable it.
February 15, 2021
- fix in the configure file. An autoreconf is needed as I modified the configure.in and Makefile.am files
February 10, 2021
- a C program vsavealiasdomains can now save all the existing domain aliases to MySQL. It can be useful in case of migrations to the dovecot's sql auth driver.
February 5, 2021
- sql-aliasdomains patch added and combined patch released
December 12, 2020
- patch to get vpopmail compatible with gcc-10

Patch details

The patch we'll apply puts together the following patches:

sql-aliasdomains patch, which makes vpopmail store aliasdomains on mysql. This makes dovecot sql auth driver aware of aliasdomains, provided that you modify the sql query as well.
defaultdelivery patch, which makes vpopmail to copy your preferred delivery agent (stored in QMAILDIR/control/defauldelivery) into the .qmail-default file of any newly created domain, overriding the default vpopmail's behaviour, where vpopmail copies its delivery agent vdelivermail.
gcc-10-compat patch, which gets vpopmail to compile with gcc-10

Setup

Create vpopmail user and group:

groupadd -g 89 vchkpw
useradd -g vchkpw -u 89 -d /home/vpopmail vpopmail

Download the source (original files here: http://sourceforge.net/projects/vpopmail/files/, but you can download my local copy) and configure.

cd /usr/local/src
wget https://notes.sagredo.eu/files/qmail/tar/vpopmail-5.4.33.tar.gz
wget https://notes.sagredo.eu/files/qmail/patches/vpopmail/roberto_vpopmail-5.4.33.patch
tar xzf vpopmail-5.4.33.tar.gz
cd vpopmail-5.4.33
chown -R root.root .
patch -p1 < ../roberto_vpopmail-5.4.33.patch

autoreconf -f -i
./configure \
        --enable-qmaildir=/var/qmail/ \
        --enable-qmail-newu=/var/qmail/bin/qmail-newu \
        --enable-qmail-inject=/var/qmail/bin/qmail-inject \
        --enable-qmail-newmrh=/var/qmail/bin/qmail-newmrh \
        --disable-roaming-users \
        --enable-auth-module=mysql \
        --enable-incdir=/usr/include/mysql \
        --enable-libdir=/usr/lib64 \
        --enable-logging=p \
        --disable-clear-passwd \
        --enable-auth-logging \
        --enable-sql-logging \
        --disable-valias \
        --disable-mysql-limits \
        --disable-passwd \
        --enable-qmail-ext \
        --enable-learn-passwords \
        --enable-sql-aliasdomains \
        --enable-defaultdelivery

--disable-roaming-users roaming users will be disabled, since we don't want to use POP before SMTP authorization. We will patch qmail with smtp-auth instead.

--enable-auth-module=mysql builds mysql support and stores virtual users accounts into a mysql database.

--enable-incdir=/usr/include/mysql Your MySQL include dir (use just in case you installed mysql from binaries or source in a non standard location. Mount mysql dir somewhere if it is installed in a different machine).

--enable-libdir=/usr/lib64 Your MySQL lib dir. Obviously it might be /usr/lib on 32b systems

--disable-valias Do not store aliases in MySQL, but as dot-qmail files.
Note: it appears that dovecot-lda continues to look for .qmail-alias files also when you enable this. So this option is useless if you deliver via dovecot-lda

--disable-passwd Don't include /etc/passwd support. I don't want to manage real users, this is just a web server.

--disable-clear-passwd Clear password will be not be saved on DB. If you don't want to have problems when users forget their passwords and you want to recover them quickly switch this to --enable-clear-passwd.

--enable-sql-logging Maintain the vlog table in MySQL (shows failed authentication requests).

--enable-auth-logging Maintain a lastauth table in MySQL (shows when / how a user last accessed their email)

--disable-mysql-limits MySQL doesn't store limits instead of .qmailadmin-limits files.

--enable-qmail-ext Enable qmail email address extension support (emails containing dots).

--enable-sql-aliasdomains (default) saves domain aliases to MySQL in order to validate the authentication for domain aliases when using the dovecot's sql driver, provided that you modify the password_query accordingly.

--enable-defualtdelivery installs into the .qmail-default file of each new domain the delivery agent stored in /var/qmail/control/defaultdelivery.

Compile and install:

make install-strip

vusaged

vusaged looks up every vpopmail user and tracks how much storage space they’re using. It requires libev.

Installing libev

Download latest version from http://dist.schmorp.de/libev/

cd /usr/local/src
wget  http://dist.schmorp.de/libev/libev-4.33.tar.gz
tar xzvf libev-4.33.tar.gz
cd libev-4.33
chown -R root.root .
./configure
make
make install
ldconfig

Installing and configuring `vusaged`

cd /usr/local/src/vpopmail-5.4.33/vusaged
./configure
make
cp -f vusaged /home/vpopmail/bin
cp -f etc/vusaged.conf /home/vpopmail/etc

Now copy the startup script ro /etc/rc.d (Slackware) or init.d and run it. This is a Slackware example:

cp contrib/rc.vusaged /etc/rc.d/
/etc/rc.d/rc.vusaged start

Configuring

Check your ~vpopmail/etc/tcp.smtp file This file should list all the static IPs of your machines that you want to allow to relay out to the internet. For example: to allow relaying for localhost and the localnet 10.0.0.x edit your ~vpopmail/etc/tcp.smtp as follows:

10.0.0.:allow,RELAYCLIENT=""
127.:allow,RELAYCLIENT=""

add any other IP later, whenever you want. To give a client relay access, add an entry to ~vpopmail/etc/tcp.smtp like:

IP address of client:allow,RELAYCLIENT=""

Now build the tcp.smtp.cdb. This command must be run every time you modify tcp.smtp

cd ~vpopmail/etc
tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp

Now setup a quota warning that will be delivered to users when they are at 90% quota

# nano ~vpopmail/domains/quotawarn.msg

From: SomeCompany Postmaster <postmaster@yourdomain.com>
Reply-To: postmaster@yourdomain.com
To: SomeCompany User:;
Subject: Mail quota warning
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

Your mailbox on the server is now more than 90% full.

So that you can continue to receive mail,
you need to remove some messages from your mailbox.

If you require assistance with this,
please contact our support department :

  email : support@yourdomain.com
  Tel   : xx xxxx xx

chmod 600 ~vpopmail/domains/quotawarn.msg
chown vpopmail.vchkpw ~vpopmail/domains/quotawarn.msg

Now adjust ~vpopmail/etc/vlimits.default. I use to limit the default user quota to 100MB (in bytes):

default_quota           104857600

Fixing `vusaged` bug (only vpopmail 5.4.30)

This bug appears to have been fixed in version 5.4.32. So skip this section if you’re installing 5.4.32.

Setting the default quota seems to cause this error when creating new domains:

client_connect: warning: config_begin failed
Segmentation fault

I saw the same error when creating new users via qmailadmin. This appears to be a bug in the 5.4.30 version: http://www.mail-archive.com/vchkpw@inter7.com/msg27383.html So, even if you're not using vusaged it'll be necessary to configure vusaged.conf as by Matt Brookings suggests, in order to avoid this bug:

cat > ~vpopmail/etc/vusagec.conf << __EOF__
Server:
  Disable = True;
__EOF__

If you’re interested in reading more about this, see http://comments.gmane.org/gmane.mail.qmail.admin/4761, where Matt says that vusaged isn’t needed (for quotas to work) in vpopmail version 5.4.30.

Configuring `mysql` back end

Create the vpopmail user and database. Grant all privileges to the vpopmail user. Then quit out of MySQL and save the authentication information for the vpopmail account into the vpopmail.mysql config file:

> /usr/local/mysql/bin/mysql [-h mysql-IP] -u root -p 

CREATE USER 'vpopmail'@'mailserver-IP' IDENTIFIED BY 'vpopmailpwd'; 

GRANT USAGE ON * . * TO 'vpopmail'@'mailserver-IP' IDENTIFIED BY 'vpopmailpwd' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE DATABASE IF NOT EXISTS `vpopmail` ;
GRANT ALL PRIVILEGES ON `vpopmail` . * TO 'vpopmail'@'mailserver-IP';

> echo "mysql-IP|0|vpopmail|vpopmailpwd|vpopmail" > ~vpopmail/etc/vpopmail.mysql

where mysql-IP is the IP of the server which runs mysqld, and mailserver-IP is the IP address where qmail is running. Usually you can specify ‘localhost’ or 0.0.0.0 for both.

Creating virtual domains and virtual users

cd ~vpopmail/bin/

To add/delete a virtual domain

./vadddomain yourdomain.net [./vdeldomain yourdomain.net]

To add/delete a virtual user

./vadduser user@yourdomain.net [./vdeluser user@yourdomain.net]

To view information about user email accounts:

./vuserinfo user@yourdomain.net

name:   user
passwd: xxxxxxxxxxxx
clear passwd: xxxxxxxxx
comment/gecos: Name Surname
uid:    0
gid:    0
flags:  0
gecos: Name Surname
limits: No user limits set.
dir:       /home/vpopmail/domains/yourdomain.net/user
quota:     104857600S

These commands can be useful. But it will be much easier to manage domains and accounts when we install the vqadmin and qmailadmin web interfaces later.

You may be interested to take a look to this page concerning vpopmail testing.

Domain aliases when using the `dovecot`'s sql auth driver

If you don't have domain aliases or this is a fresh installation you can skip this step.

If you already have domain aliases and want to switch to the dovecot's sql auth driver, don't forget to read carefully the page where the vpopmail/dovecot setup concerning domain aliases is explained, as you'll have to save your existing alias/domains pairs to MySQL.

In short, you can quickly save all your domain aliases to MySQL in this way

vsavealiasdomains -A

Type

vsavealiasdomains -h

for more options.

The database record will be saved by vpopmail for the new aliases that you will create from now on.

qmail

Patching

add a comment

Comments

problem with passwords containing special characters like %

blueintheface February 26, 2021 10:05

I'm doinig a fresh installation, decided to compile with --enable-clear-passwd and am running into the following problem:

# /home/vpopmail/bin/vadduser user@mydomain.tld '%#RxtraMtbx#37%'
vmysql: sql error[2]: Data too long for column 'pw_clear_passwd' at row 1
Failed while attempting to add user to auth backend
Error: no authentication database connection

Using "%#" or "%+" or the like doesn't seem possible, but "%R" works.

OS: OpenSUSE 15.2
DB: MariaDB 10.4.17
Server-Character-Set: UTF-8 Unicode (utf8mb4)
Database "vpopmail" was created using collation "utf8mb4_general_ci", which is the default for standard MariaDB installation.

I'm ok with changing passwords for existing users (have to import a couple of existing domains) but am afraid there may be other issues with passwords and authentication.

Or is it just the clear password which is the problem and authentication with whatever client will be ok even when passwords like '%RxtraMT#66%' are used?

Installing and configuring vpopmail

Changelog

Patch details

Setup

vusaged

Installing libev

Installing and configuring vusaged

Configuring

Fixing vusaged bug (only vpopmail 5.4.30)

Configuring mysql back end

Creating virtual domains and virtual users

Domain aliases when using the dovecot's sql auth driver

Comments

qmail notes

Other contents

Recent comments

Recent posts

Installing and configuring `vusaged`

Fixing `vusaged` bug (only vpopmail 5.4.30)

Configuring `mysql` back end

Domain aliases when using the `dovecot`'s sql auth driver