Installing and configuring vpopmail

• More info here: http://www.inter7.com/?page=vpopmail
• The qmail newbie's guide to relaying
• README.vdelivermail
• vpopmail version: 5.4.33

Vpopmail provides an easy way to manage virtual email domains and non /etc/passwd email accounts on your mail servers.

The purpose of this note is to show how to use Mysql as the authentication system. Having a users database also offers the advantage of communicating with the database via PHP, and creating web-based user interfaces to manage accounts.

Setup

Create vpopmail user and group:

groupadd -g 89 vchkpw
useradd -g vchkpw -u 89 -d /home/vpopmail vpopmail

Download the source from here: http://sourceforge.net/projects/vpopmail/files/ and configure. I tested the following with vpopmail-5.4.30 - 32 - 33

cd /usr/local/src
tar xzf vpopmail-5.4.33.tar.gz
cd vpopmail-5.4.33
chown -R root.root .
./configure \
        --enable-qmaildir=/var/qmail/ \
        --enable-qmail-newu=/var/qmail/bin/qmail-newu \
        --enable-qmail-inject=/var/qmail/bin/qmail-inject \
        --enable-qmail-newmrh=/var/qmail/bin/qmail-newmrh \
        --disable-roaming-users \
        --enable-auth-module=mysql \
        --enable-incdir=/usr/include/mysql \
        --enable-libdir=/usr/lib64 \
        --enable-logging=p \
        --disable-clear-passwd \
        --enable-auth-logging \
        --enable-sql-logging \
        --disable-valias \
        --disable-mysql-limits \
        --disable-passwd \
        --enable-qmail-ext \
        --enable-learn-passwords

--disable-roaming-users roaming users will be disabled, since we don't want to use POP before SMTP authorization. We will patch qmail with smtp-auth instead.

--enable-auth-module=mysql builds mysql support and  stores virtual users accounts into a mysql database.

--enable-incdir=/usr/include/mysql Your MySQL include dir (use just in case you installed mysql from binaries or source in a non standard location. Mount mysql dir somewhere if it is installed in a different machine).

--enable-libdir=/usr/lib64 Your MySQL lib dir. Obviously it might be /usr/lib on 32b systems

--disable-valias Do not store aliases in MySQL, but as dot-qmail files.
Note: it appears that dovecot-lda continues to look for .qmail-alias files also when you enable this. So this option is useless if you deliver via dovecot-lda

--disable-passwd Don't include /etc/passwd support. I don't want to manage real users, this is just a web server.

--disable-clear-passwd Clear password will be not be saved on DB. If you don't want to have problems when users forget their passwords and you want to recover them quickly switch this to --enable-clear-passwd. I also noticed that using the --disable-clear-passwd flag the change password mechanism is broken at least on version 5.4.33 (comments are welcome)

--enable-sql-logging Maintain the vlog table in MySQL (shows failed authentication requests).

--enable-auth-logging Maintain a lastauth table in MySQL (shows when / how a user last accessed their email)

--disable-mysql-limits MySQL doesn't store limits instead of .qmailadmin-limits files.

--enable-qmail-ext Enable qmail email address extension support (emails containing dots).

Compile and install:

make install-strip

vusaged

vusaged looks up every vpopmail user and tracks how much storage space they’re using. It requires libev.

Installing libev

• Download latest version from http://dist.schmorp.de/libev/

cd /usr/local/src
wget http://dist.schmorp.de/libev/libev-4.22.tar.gz
tar xzvf libev-4.22.tar.gz
cd libev-4.22
chown -R root.root .
./configure
make
make install
ldconfig

Installing and configuring vusaged

cd /usr/local/src/vpopmail-5.4.33/vusaged
./configure
make
cp -f vusaged /home/vpopmail/bin
cp -f etc/vusaged.conf /home/vpopmail/etc

Now copy the startup script ro /etc/rc.d (Slackware) or init.d and run it. This is a Slackware example:

cp contrib/rc.vusaged /etc/rc.d/
/etc/rc.d/rc.vusaged start

Configuring

Check your ~vpopmail/etc/tcp.smtp file This file should list all the static IPs of your machines that you want to allow to relay out to the internet. For example: to allow relaying for localhost and the localnet 10.0.0.x edit your ~vpopmail/etc/tcp.smtp as follows:

10.0.0.:allow,RELAYCLIENT=""
127.:allow,RELAYCLIENT=""

add any other IP later, whenever you want. To give a client relay access, add an entry to ~vpopmail/etc/tcp.smtp like:

IP address of client:allow,RELAYCLIENT=""

Now build the tcp.smtp.db. This command must be run every time you modify tcp.smtp

cd ~vpopmail/etc
tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp

Now setup a quota warning that will be delivered to users when they are at 90% quota

# nano ~vpopmail/domains/quotawarn.msg

From: SomeCompany Postmaster <postmaster@yourdomain.com>
Reply-To: postmaster@yourdomain.com
To: SomeCompany User:;
Subject: Mail quota warning
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

Your mailbox on the server is now more than 90% full.

So that you can continue to receive mail,
you need to remove some messages from your mailbox.

If you require assistance with this,
please contact our support department :

  email : support@yourdomain.com
  Tel   : xx xxxx xx

chmod 600 ~vpopmail/domains/quotawarn.msg
chown vpopmail.vchkpw ~vpopmail/domains/quotawarn.msg

Now adjust ~vpopmail/etc/vlimits.default. I use to limit the default user quota to 100MB (in bytes):

default_quota           104857600

Fixing vusaged bug (only vpopmail 5.4.30)

This bug appears to have been fixed in version 5.4.32. So skip this section if you’re installing 5.4.32.

Setting the default quota seems to cause this error when creating new domains:

client_connect: warning: config_begin failed
Segmentation fault

I saw the same error when creating new users via qmailadmin. This appears to be a bug in the 5.4.30 version: http://www.mail-archive.com/vchkpw@inter7.com/msg27383.html So, even if you're not using vusaged it'll be necessary  to configure vusaged.conf as by Matt Brookings suggests, in order to avoid this bug:

cat > ~vpopmail/etc/vusagec.conf << __EOF__
Server:
  Disable = True;
__EOF__

If you’re interested in reading more about this, see http://comments.gmane.org/gmane.mail.qmail.admin/4761, where Matt says that vusaged isn’t needed (for quotas to work) in vpopmail version 5.4.30.

Configuring mysql back end

Create the vpopmail user and database. Grant all privileges to the vpopmail user. Then quit out of MySQL and save the authentication information for the vpopmail account into the vpopmail.mysql config file:

> /usr/local/mysql/bin/mysql [-h mysql-IP] -u root -p 

CREATE USER 'vpopmail'@'mailserver-IP' IDENTIFIED BY 'vpopmailpwd'; 

GRANT USAGE ON * . * TO 'vpopmail'@'mailserver-IP' IDENTIFIED BY 'vpopmailpwd' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE DATABASE IF NOT EXISTS `vpopmail` ;
GRANT ALL PRIVILEGES ON `vpopmail` . * TO 'vpopmail'@'mailserver-IP';

> echo "mysql-IP|0|vpopmail|vpopmailpwd|vpopmail" > ~vpopmail/etc/vpopmail.mysql

where mysql-IP is the IP of the server which runs mysqld, and mailserver-IP is the IP address where qmail is running. Usually you can specify ‘localhost’ or 0.0.0.0 for both.

Creating virtual domains and virtual users

cd ~vpopmail/bin/

To add/delete a virtual domain

./vadddomain yourdomain.net [./vdeldomain yourdomain.net]

To add/delete a virtual user

./vadduser user@yourdomain.net [./vdeluser user@yourdomain.net]

To view information about user email accounts:

./vuserinfo user@yourdomain.net

name:   user
passwd: xxxxxxxxxxxx
clear passwd: xxxxxxxxx
comment/gecos: Name Surname
uid:    0
gid:    0
flags:  0
gecos: Name Surname
limits: No user limits set.
dir:       /home/vpopmail/domains/yourdomain.net/user
quota:     104857600S

These commands can be useful. But it will be much easier to manage domains and accounts when we install the vqadmin and qmailadmin web interfaces later.

You may be interested to take a look to this page concerning vpopmail testing.