September 30, 2019 Roberto Puzzanghera42 comments
qmailAdmin is a free software package that provides a web interface for managing a qmail system with virtual domains. It provides admin for adding/deleting users, Aliases, Forwards, Mailing lists and Autoresponders.
Before installing, you may want to patch qmailadmin
with a patch of mine which enables a check for the password strenght. This should avoid unsafe accounts created by domain administrators such as "test 123456". Since my skills on C programming are very low, I preferred to do the check via javascript
form validation. Currently only password which contains at least an uppercase character, a digit, a special character and at least eight characters are allowed. Of course we have to trust that the domain administrator will not have javascript
disabled, but there's no reason to think that he has any interest to do so. You can adjust the javascript file pw_strenght_chk.js
inside the html dir to your needs.
We will also apply an additional patch (thanks to Tony) in order to have authentication failures logged. This makes possibile to ban malicious IPs via fail2ban
. It is required to create the log file /var/log/qma-auth.log
initially and assign write priviledges to apache
.
The next patch is the ezmlm-idx 7 compatibility, which restores the compatibility with ezmlm-idx-7
(thanks to J.D. Trolinger for the advice).
Finally the fix to the catchall account (thanks to Luca Franceschini).
cd /usr/local/src wget https://notes.sagredo.eu/files/qmail/tar/qmailadmin-1.2.16.tar.gz wget https://notes.sagredo.eu/files/qmail/patches/qmailadmin/qmailadmin-1.2.16-pwd-strenght.2019.09.13.patch wget https://notes.sagredo.eu/files/qmail/patches/qmailadmin/qmailadmin-1.2.16-log.patch wget https://notes.sagredo.eu/files/qmail/patches/qmailadmin/mailinglist.c.ezmlm7.patch wget https://notes.sagredo.eu/files/qmail/patches/qmailadmin/qmailadmin-catchall.patch touch /var/log/qma-auth.log chgrp apache /var/log/qma-auth.log chmod g+w /var/log/qma-auth.log tar xzf qmailadmin-1.2.16.tar.gz cd qmailadmin-1.2.16 patch -p1 < ../qmailadmin-1.2.16-pwd-strenght.2019.09.13.patch patch < ../qmailadmin-1.2.16-log.patch patch < ../mailinglist.c.ezmlm7.patch patch < ../qmailadmin-catchall.patch chown -R root.root . ./configure \ --enable-htmldir=/usr/local/www/htdocs/qmail \ --enable-cgibindir=/usr/local/www/htdocs/qmail/cgi-bin \ --enable-cgipath=/cgi-bin/qmailadmin \ --enable-imagedir=/usr/local/www/htdocs/qmail/qmailadmin/qmailadmin_img \ --enable-imageurl=/qmailadmin_img \ --enable-htmllibdir=/usr/local/www/htdocs/qmail/qmailadmin \ --enable-qmaildir=/var/qmail \ --enable-domain-autofill \ --enable-vpopuser=vpopmail \ --enable-vpopgroup=vchkpw \ --enable-autoresponder-path=/usr/local/bin \ --enable-ezmlmdir=/usr/local/bin/ezmlm \ --enable-modify-quota \ --disable-ezmlm-mysql \ --disable-trivial-password make make install-strip
This installs qmailadmin
in /usr/local/www/htdocs/qmail
Be aware the the home graphics middleleft1.png
released with qmailadmin
has license problems as shown here (thanks to Marc for the hint).
<VirtualHost *:443> ServerName yourdomain.net DocumentRoot /usr/local/www/htdocs/qmail ScriptAlias /cgi-bin/ "/usr/local/www/htdocs/qmail/cgi-bin/" ErrorLog "/usr/local/www/logs/qmailadmin_error.log" CustomLog "/usr/local/www/logs/qmailadmin_access.log" common <Directory "/usr/local/www/htdocs/qmail"> Require all granted AllowOverride None </Directory> <Directory "/usr/local/www/htdocs/qmail/cgi-bin"> AllowOverride None Options ExecCGI Require all granted </Directory> Alias /qmailadmin_img/ "/usr/local/www/htdocs/qmail/qmailadmin/qmailadmin_img/" <Directory "/usr/local/www/htdocs/qmail/qmailadmin/qmailadmin_img"> Require all granted </Directory> </VirtualHost>
Now browse to https://yourdomain.net/cgi-bin/qmailadmin
and login as postmaster:
markasjunk skin not working
December 9, 2019 08:08
usage 2048 keys
December 8, 2019 14:06
chkuser
December 8, 2019 09:46
chkuser
December 7, 2019 23:10
usage 2048 keys
December 7, 2019 07:54
usage 2048 keys
December 7, 2019 05:33
usage 2048 keys
December 7, 2019 05:28
markasjunk skin not working
December 6, 2019 13:53
markasjunk skin not working
December 6, 2019 06:39
chkuser
December 4, 2019 01:34
Tags
apache clamav dkim dovecot ezmlm fail2ban hacks lamp letsencrypt linux linux-vserver lxc mariadb mediawiki mozilla mysql owncloud patches php proftpd qmail qmailadmin rbl roundcube rsync sieve simscan slackware spamassassin ssh ssl surbl tcprules tex ucspi-tcp vpopmail vqadmin
Comments
malformed patch?
Richard Chen October 31, 2019 01:50
I got this output:
This is on a centos 7.7 host. Can you confirm if the patch file is corrupted or not?
Thanks
Richard
Reply | Permalink
malformed patch?
Roberto Puzzanghera Richard Chen October 31, 2019 08:41
thanks for the advise. Corrected
Reply | Permalink
Autoresponder not working with patch for the password strenght
jmecherie September 13, 2019 18:46
With patch for password strenght applied autoresponse can't be set the error is: "The password must be at least 8 caracthers long!"
The password box is indeed empty because i don't want to change password I want to sent vacation auto response.
Reply | Permalink
Autoresponder not working with patch for the password strenght
Roberto Puzzanghera jmecherie September 13, 2019 18:53
Yes you are right, I will improve that patch when I'll find the time.
I created that patch to solve the big problem of the pwd strenght and didn't pay attention to autoresponder because I use sieve for the purpose and don't let users manage the account via qmailadmin.
In the meantime you can reverse the patch or type the pwd when setting autoresponse
Reply | Permalink
Autoresponder not working with patch for the password strenght
jmecherie Roberto Puzzanghera September 13, 2019 19:37
To bypas I added a new line to check if password is 0 lenght.
And thank you very much for your site.
Very helpful !
Reply | Permalink
Autoresponder not working with patch for the password strenght
Roberto Puzzanghera jmecherie September 13, 2019 21:40
you missed a double == here
btw I think that in this way you could set a blank pwd if you submit the form without setting the vacation.
Take a look at this new version of the patch
This what I changed with respect to the previous
There is a modification in mod_user.html as well
Reply | Permalink
compiler error 1.2.16
Loz January 7, 2019 12:48
I get compiler errors if I try to compile 1.2.16 with or without your patches -
user.c:173:11: error: unknown type name ‘storage_t’; did you mean ‘stack_t’?
Is there a working version of 1.2.16? I can manually fix this by copying over missing files from 1.12.15, but surely 1.2.16 should compile without errors out the box?
Reply | Permalink
compiler error 1.2.16
Roberto Puzzanghera Loz January 7, 2019 16:36
the compilation is ok with gcc-8.2 as well here
(the problem is qmail-tls, which is not compatible with openssl-1.1 :-(
Reply | Permalink
compiler error 1.2.16
Roberto Puzzanghera Loz January 7, 2019 16:13
which version of gcc? both versions work here (gcc-5.5)
Reply | Permalink
Blank screen after login to Qmailadmin
Lodex March 29, 2017 17:35
I have followed your guide and I am at the point of logging into Qmailadmin.
The page comes up perfectly but after entering postmaster, domain and password, it gives a blank screen.
I checked all the error logs and there are no entries pointing to a reason for this behaviour.
Using the following versions:
qmailadmin 1.2.16
vpopmail 5.4.33
Reply | Permalink
Blank screen after login to Qmailadmin
jmecherie Lodex September 13, 2019 18:17
When there is a blank screen after you put password on qmailadmin page, check permision for qm-auth.log file
It should be the permission of webserver. On debian/ubuntu usualy is www-data (not apache as in Roberto guide)
Reply | Permalink
did you check the syslog to
roberto puzzanghera Lodex March 31, 2017 09:20
did you check the syslog to look for a segfault? Anyway.. I would try to recompile qmailadmin
Reply | Permalink
Ezmlm-idx patch for qmailadmin
John August 5, 2016 21:10
The qmailadmin-1.2.16 with ezmlm-idx-7.2.2 needs a patch in order to manage the mailing lists. I had had to add this patch to my src directory then re-compile.
patch < ../mailinglist.c.ezmlm7.patch
I also use your qmailadmin-1.2.16-pwd-strenght.patch-2015.04.25 and qmailadmin-1.2.16-log.patch with this patch.
I am not sure if this is in your patch list Roberto. There are a few sources and I am not sure which one to post.
Thanks,
John D. Trolinger
Reply | Permalink
Thanks for the advise, John.
roberto puzzanghera John August 5, 2016 22:29
Thanks for the advise, John. I was not aware of this patch, but I found it in the qmailrocks site. Tomorrow I'm going to study the idea behind it and eventually I'll add it to my qmailadmin.
Can you report what kind of error you get when the patch is not applyed?
Reply | Permalink
Ezmlm-idx patch for qmailadmin
John Trolinger roberto puzzanghera August 6, 2016 02:15
Before the patch I had to use the command line to add moderators. Also I could not change settings for the various mailing lists.
This may not be typical; I had migrated from another server running older versions of qmailadmin and ezmlm.
Best Regards
Reply | Permalink
I added mailinglist.c.ezmlm7
roberto puzzanghera John Trolinger August 6, 2016 14:05
I added mailinglist.c.ezmlm7.patch to the patch list
Reply | Permalink
Password patch
nic January 31, 2016 11:30
Hi,
The password qmailadmin-1.2.16-pwd-strenght.patch-2015.04.25 patch does not work for me. I am able to use simple password like 1234.
Anyone also encounter this?
thanks
nic
Reply | Permalink
and you can open the js file
roberto puzzanghera nic January 31, 2016 11:47
and you can open the js file with your browser?
Reply | Permalink
Hi Roberto,
nic roberto puzzanghera January 31, 2016 12:46
Hi Roberto,
Sadly to say, i dont know the path to it even.
Sorry and thanks
nic
Reply | Permalink
Probably you installed the
roberto puzzanghera nic January 31, 2016 14:04
Probably you installed the pwd_strenght_chk.js file in the wrong path. Just navigate to the "add new user" page, right click to look at the html code and click over the javascript file. The file must be accessible by your web server.
Reply | Permalink
Hello,
nic roberto puzzanghera January 31, 2016 14:46
Hello,
The absolute path of add user
The path of the javascript
Cgi-bin path
Configuration
Can you help me to spot any mistake.
Many thanks again
nic
Reply | Permalink
It depends on your web server
roberto puzzanghera nic January 31, 2016 16:15
It depends on your web server configuration as well. Try to check if the webserver can access that file as suggested in my previous post
Reply | Permalink
Hi,
nic roberto puzzanghera January 31, 2016 19:30
Hi,
I can see the source.
But if i goto http://domain.com/cgi-bin/qmailadmin/html/pwd_strenght_chk.js i will just be directed to http://domain.com/cgi-bin/qmailadmin/
regards
nic
Reply | Permalink
Nic, your web server looks
roberto puzzanghera nic January 31, 2016 19:43
Nic, your web server looks for the script in this path http://domain.com/qmailadmin/html/pwd_strenght_chk.js. Note that the dir is different. Try again and if it fails double check your web server config as far the qmailadmin virtual domain is concerned and also that apache can actually access that file
Reply | Permalink
Thanks Roberto.
nic roberto puzzanghera January 31, 2016 20:15
Thanks Roberto.
All the functions in /html folder are working. I even edited the footer.html and it is also reflected in qmailadmin pages. I just don't know why the js file is not called.
sigh
nic
Reply | Permalink
perhaps you have javascript
roberto puzzanghera nic January 31, 2016 20:23
perhaps you have javascript disabled in your browser?
Reply | Permalink
Hello,
nic roberto puzzanghera January 31, 2016 20:43
Hello,
I had checked. javascript.enabled is true and i did a "Do i have java" on Java.com
Thanks for leading me this far. I think its up to myself to look for the broken link.
regards
nic
Reply | Permalink
Hi,
nic nic January 31, 2016 21:50
Hi,
I cannot find where is the broken link, or how it is broken. But i copy the js file into a public folder and edit the path of add_user.html, change_password.html and mod_user.html to URL of the new js file location.
All working now.
Thanks
nic
Reply | Permalink
I guess you have
roberto puzzanghera nic February 1, 2016 11:31
I guess you have some apache permissions problems.. try to browse to that js file with your browser and look at the error you get
Reply | Permalink
qmailadmin auth log
Tony May 27, 2015 07:47
Hi,
Thanks for your great works on this guide. I would like to share the patch for qmailadmin (1.2.16) in order to have auth logging. The patch shall log the failed login in qmailadmin login page. The patch as underneath:
It is required to created the log file /var/log/qma-auth.log initially. Then we can use the log in fail2ban with the underneath filter:
Hope the patch is helpful.
Tony
Reply | Permalink
Tony, I added your patch to
roberto puzzanghera Tony May 27, 2015 15:42
Tony, I added your patch to the present guide. Thanks a lot
Reply | Permalink
verrry much apreciated, as
roberto puzzanghera Tony May 27, 2015 13:21
verrry much appreciated, as this is one thing I was looking for. At the moment I have an apache authentication before the web page is displayed, just to record the failures in the apache log.
Reply | Permalink
Warning of using the login picture from qmailadmin
Marc February 25, 2015 10:20
Hello Roberto,
i want to warn you about the risks of using the login picture from qmailadmin. Seriously this is no joke and i couldn't believe it the first time but using qmailadmin with this picture (middleleft1.png ) had cost me a fine of several hundreds Euro. This has happened: A few weeks ago i've got a letter from the company Getty Images, that i'm using illegal the picture provided in the login form from qmailadmin. Getty Images says that they has the legal rights of this image an i didn't have a license to use the picture and i have to pay this amount of money as an compensation for violating the copy right of this picture and of course i have to remove the picture immediatelly. I googled this thing and found out that this is true and even the guys from inter7 are aware of this thing, that happend to other qmailadmin users too (see the full thread of this post: http://article.gmane.org/gmane.mail.qmail.admin/4804). I contacted a lawyer and he said that under german and EU copyright laws this is true and i violated the copy right because i have to make sure that when i publish on a website a picture i'm responsible to make sure that i don't violate any copyright rules, even when the picture is part of an open source software. Another lawyer told me that i can try to go against it but the uncertain of succes and the costs of an lawyer for this put me to the decision to pay the fine.
So be warned when using the picture and check the copyright laws of your country.
Cheers
Reply | Permalink
Thanks for the hint Mark. I'm
roberto puzzanghera Marc February 25, 2015 12:26
Thanks for the hint Mark. I'm going to write a note asap
I suppose that this is the reason why that image is not shown anymore in the latest version. I thought that it was a bug, but I think this is an explanation.
Reply | Permalink
qmailadmin set catchall blank screen
george September 19, 2014 18:08
Hi Roberto,
I'm trying to setup email server based on your blog on Centos 6.5 x64
I manage to get everything to work until Qmailadmin part, when i test the menu "Set catchall email deleted" "Set catchall bounced" and "Set remote catch all account" , the page just show blank screen, even when i refresh (F5) , other menu seems ok.
Do you have any hint about this problem ?
Thanks.
Reply | Permalink
qmailadmin-catchall fix
roberto puzzanghera george December 2, 2016 21:27
this issue is fixed (thanks to Luca Franceschini). Patch
Reply | Permalink
downgrading vpopmail solved qmailadmin's catch-all account break
roberto puzzanghera george October 3, 2014 18:42
Dear all,
after some testing I found out that it works when downgrading vpopmail to v. 5.4.32 and qmailadmin to 1.2.15.
I also noticed that the compilation of qmailadmin breaks when compiling 1.2.16 over vpopmail 5.4.32, or 1.2.15 over vpopmail 5.4.33.
Summarizing:
Reply | Permalink
Hi George, I have the same
roberto puzzanghera george September 19, 2014 18:17
Hi George,
I have the same issue here. It worked in the past. I think it could be a bug... let me know if you solve
Reply | Permalink
same issue: qmailadmin set catchall blank screen
Anonymous roberto puzzanghera October 3, 2014 08:14
it was working before, must be some upgrade to apache, php, bash(?), or who knows what broke this.
Reply | Permalink
surely it does not depend on
roberto puzzanghera Anonymous October 3, 2014 11:20
surely it does not depend on php because it's not written in php.
I would try to downgrade qmailadmin to see if it's broken only in the latest version
Reply | Permalink
Qmailadmin logging Invalid attempts
Boatner roberto puzzanghera February 18, 2015 00:53
Hi Roberto,
I cannot find where qmailadmin logs failed login attempts or failed change password attempts. I'd like to work with fail2ban to ban those who attempt too many logins.
Thank you,
Boatner
Reply | Permalink
Hi Boatner, I know. This is a
roberto puzzanghera Boatner February 18, 2015 13:02
Hi Boatner, I know. This is a problem. It doesn't log anything nor to /var/log/maillog nor to mysql
Reply | Permalink