March 17, 2022 Roberto Puzzanghera 81 comments
Vpopmail provides an easy way to manage virtual email domains and non /etc/passwd email accounts on your mail servers.
The purpose of this note is to show how to use
Mysql as the authentication system. Having a users database also offers the advantage of communicating with the database via
PHP, and creating web-based user interfaces to manage accounts.
The patch we'll apply is the result of the following bunch of patches:
vpopmailsave the aliasdomains to
MySQL. This makes the
dovecotsql auth driver aware of the aliasdomains, provided that you modify the sql query as well (see the
dovecotpage for more info).
vpopmailto copy your favourite delivery agent (stored in QMAILDIR/control/defauldelivery) into the .qmail-default file of any newly created domain, overriding the default
vpopmail's behaviour, where
vpopmailcopies its delivery agent
vdelivermail. You have to configure with
--enable-defaultdeliveryto enable this.
--disable-defaultdelivery, which is the default option)
vdelivermailis installed with the "delete" option instead of "bounce-no-mailbox", which is not reasonable anymore.
dovecot's sql auth driver with one table for each domain (
--disable-many-domains) you have to heavily customize your password query. With this patch
vpopmailinstalls the sql procedure and functions in the database when you create a new domain. The procedure can be called by
dovecotto perform the auth.
mysqllimits and will be loaded from
~/vpopmail/etc/pwd-query_disable-many-domains.sql. You can customize the sql procedure editing this file.
--enable-mysql-bin=PATHas we have to install the procedure calling the
mysqlbin as a shell command (no way to load an sql query from a file in C language, comments welcome).
vusagedrefuses to run the configure successfully, as the
mysqllibraries are not linked (
configure: error: No vauth_getpw in libvpopmail). After some inspection, I noticed that avoiding the break of the configure command, the following make command will find
libmysqlclientand compile with no problems, and the program works as expected.
autoreconf -f -iinto the
vusageddirectory is needed before configuring, as the
configure.acscript was modified.
vpopmail user and group. Be aware that the home directory below is going to be the one where
vpopmail will be installed, so you can change it if you want to have
groupadd -g 89 vchkpw useradd -g vchkpw -u 89 -d /home/vpopmail vpopmail
Before proceeding on Debian 11 (and maybe also in Ubuntu) you may have to install a couple of packages:
apt install build-essential autoconf automake libmariadb-dev default-libmysqlclient-dev
Download the source (original files here: http://sourceforge.net/projects/vpopmail/files/, but you can download my local copy) and configure.
NB you may have to replace
Debian and related.
cd /usr/local/src wget https://notes.sagredo.eu/files/qmail/tar/vpopmail-5.4.33.tar.gz wget https://notes.sagredo.eu/files/qmail/patches/vpopmail/roberto_vpopmail-5.4.33.patch tar xzf vpopmail-5.4.33.tar.gz cd vpopmail-5.4.33 chown -R root.root . patch -p1 < ../roberto_vpopmail-5.4.33.patch autoreconf -f -i ./configure \ --enable-qmaildir=/var/qmail/ \ --enable-qmail-newu=/var/qmail/bin/qmail-newu \ --enable-qmail-inject=/var/qmail/bin/qmail-inject \ --enable-qmail-newmrh=/var/qmail/bin/qmail-newmrh \ --disable-roaming-users \ --enable-auth-module=mysql \ --enable-incdir=/usr/include/mysql \ --enable-libdir=/usr/lib64 \ --enable-logging=p \ --disable-clear-passwd \ --enable-auth-logging \ --enable-sql-logging \ --disable-valias \ --disable-passwd \ --enable-qmail-ext \ --enable-learn-passwords \ --enable-mysql-limits \ --enable-sql-aliasdomains \ --enable-defaultdelivery
--disable-roaming-users roaming users will be disabled, since we don't want to use POP before SMTP authorization. We will patch qmail with smtp-auth instead.
--enable-auth-module=mysql builds mysql support and stores virtual users accounts into a mysql database.
--enable-incdir=/usr/include/mysql Your MySQL
include dir (use just in case you installed mysql from binaries or source in a non standard location. Mount mysql dir somewhere if it is installed in a different machine).
--enable-libdir=/usr/lib64 Your MySQL
lib dir. Obviously it might be
/usr/lib on 32b systems
--disable-valias Do not store aliases in
MySQL, but as
Note: it appears that
dovecot-lda continues to look for .qmail-alias files also when you enable this. So this option is useless if you deliver via dovecot-lda
--disable-passwd Don't include /etc/passwd support. I don't want to manage real users, this is just a web server.
--disable-clear-passwd Clear password will be not be saved to database for security reasons. If you don't want to have problems when users forget their passwords and you want to recover them quickly switch this to
--enable-sql-logging Maintain the vlog table in MySQL (shows failed authentication requests).
--enable-auth-logging Maintain a lastauth table in MySQL (shows when / how a user last accessed their email)
--enable-mysql-limits MySQL stores domain limits instead of
--enable-qmail-ext Enable qmail email address extension support (emails containing dots).
--enable-sql-aliasdomains (default) saves domain aliases to MySQL in order to validate the authentication for domain aliases when using the
dovecot's sql driver, provided that you modify the
--enable-defaultdelivery installs the delivery agent stored in
/var/qmail/control/defaultdelivery into the
.qmail-default file of each newly created domain.
Compile and install:
vusaged looks up every
vpopmail user and tracks how much storage space they’re using. It requires
cd /usr/local/src wget http://dist.schmorp.de/libev/libev-4.33.tar.gz tar xzvf libev-4.33.tar.gz cd libev-4.33 chown -R root.root . ./configure make make install ldconfig
cd /usr/local/src/vpopmail-5.4.33/vusaged LIBS=`head -1 /home/vpopmail/etc/lib_deps` ./configure --with-vpopmail=/home/vpopmail make cp -f vusaged /home/vpopmail/bin cp -f etc/vusaged.conf /home/vpopmail/etc
Now copy the startup script ro /etc/rc.d (Slackware) or init.d and run it. This is a Slackware example:
cp contrib/rc.vusaged /etc/rc.d/ /etc/rc.d/rc.vusaged start
If you get an error like this after the configure command
configure: error: No vauth_getpw in libvpopmail
try to rebuild the configure script in this way:
autoreconf -f -i
and then proceed to configure and compile. I patched the
configure.ac to avoid the break. This is actually a work around. If you solve the library linking error let me know.
Take a look to the discussion in the comments, as Luca suggested a different solution, which didn't solve for me but that I'm suggesting above in this page.
Now create your ~vpopmail/etc/tcp.smtp file. This file should list all the static IPs of your machines that you want to allow to relay out to the internet. For example: to allow relaying for localhost and the localnet 10.0.0.x edit your ~vpopmail/etc/tcp.smtp as follows:
add any other IP later, whenever you want. To give a client relay access, add an entry to ~vpopmail/etc/tcp.smtp like:
IP address of client:allow,RELAYCLIENT=""
Now build the tcp.smtp.cdb. This command must be run every time you modify tcp.smtp
cd ~vpopmail/etc tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp
Now setup a quota warning that will be delivered to users when they are at 90% quota
# nano ~vpopmail/domains/quotawarn.msg From: SomeCompany Postmaster <email@example.com> Reply-To: firstname.lastname@example.org To: SomeCompany User:; Subject: Mail quota warning Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Your mailbox on the server is now more than 90% full. So that you can continue to receive mail, you need to remove some messages from your mailbox. If you require assistance with this, please contact our support department : email : email@example.com Tel : xx xxxx xx
chmod 600 ~vpopmail/domains/quotawarn.msg chown vpopmail.vchkpw ~vpopmail/domains/quotawarn.msg
Now adjust ~vpopmail/etc/vlimits.default. I use to limit the default user quota to 100MB (in bytes):
vpopmail user and database. Grant all privileges to the
vpopmail user. Then quit out of
MySQL and save the authentication information for the
vpopmail account into the
vpopmail.mysql config file:
> mysql [-h mysql-IP] -u root -p CREATE USER 'vpopmail'@'mailserver-IP' IDENTIFIED BY 'vpopmailpwd'; GRANT USAGE ON * . * TO 'vpopmail'@'mailserver-IP' IDENTIFIED BY 'vpopmailpwd' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; CREATE DATABASE IF NOT EXISTS `vpopmail` ; GRANT ALL PRIVILEGES ON `vpopmail` . * TO 'vpopmail'@'mailserver-IP'; > echo "mysql-IP|0|vpopmail|vpopmailpwd|vpopmail" > ~vpopmail/etc/vpopmail.mysql
mysql-IP is the IP of the server which runs
mailserver-IP is the IP address where
qmail is running. Usually you can specify ‘localhost’ or 0.0.0.0 for both.
To add/delete a virtual domain
./vadddomain yourdomain.net [./vdeldomain yourdomain.net]
To add/delete a virtual user
./vadduser firstname.lastname@example.org [./vdeluser email@example.com]
To view information about user email accounts:
./vuserinfo firstname.lastname@example.org name: user passwd: xxxxxxxxxxxx clear passwd: xxxxxxxxx comment/gecos: Name Surname uid: 0 gid: 0 flags: 0 gecos: Name Surname limits: No user limits set. dir: /home/vpopmail/domains/yourdomain.net/user quota: 104857600S
These commands can be useful. But it will be much easier to manage domains and accounts when we install the
qmailadmin web interfaces later.
You may be interested to take a look to this page concerning
dovecot's sql auth driver
If you don't have domain aliases or this is a fresh installation you can skip this step.
If you already have domain aliases and want to switch to the
dovecot's sql auth driver, don't forget to read carefully the page where the
vpopmail/dovecot setup concerning domain aliases is explained, as you'll have to save your existing alias/domains pairs to
In short, you can quickly save all your domain aliases to MySQL in this way
for more options.
The database record will be saved by vpopmail for the new aliases that you will create from now on.
apache clamav dkim dovecot ezmlm fail2ban hacks lamp letsencrypt linux linux-vserver lxc mariadb mediawiki mozilla mysql openboard owncloud patches php proftpd qmail qmail-spp qmailadmin rbl roundcube rsync sieve simscan slackware solr spamassassin spf ssh ssl surbl tcprules tex ucspi-tcp vpopmail vqadmin