Vpopmail

From Qmailwiki
Jump to: navigation, search

Contents

About

vpopmail is a set of API that manages virtual user accounts on a qmail system, and handles delivery for these virtual users. The command-line utilities, and Qmailadmin all use the vpopmail API, provided by the vpopmail library to manage the system.


Please note that this document does not yet cover the 5.5 branch of vpopmail.

Features

Roaming Users

Roaming users provides a non-SMTP_AUTH authentication system for allowing users with dynamic IPs to send mail through the server without allowing relay from non-authenticated users. After a user has authenticated via POP3, IMAP, etc, their IP is set allowed to relay for the next three hours. This provides them plenty of time to read and respond to all their email. Successive authentications during this time extend the time limit.

SMTP authentication is preferred over roaming users.

Where do I get vpopmail?

vpopmail is available for download at sourceforge http://sourceforge.net/projects/vpopmail/. vpopmail is also available at our website http://www.inter7.com/.

Installing vpopmail

Getting started

This documentation assumes qmail is already installed. If you know what you're doing, you can install vpopmail before qmail, which can be useful when patching qmail with patches that require vpopmail. Run these commands only if you do not have qmail installed:

 mkdir /var/qmail/
 mkdir /var/qmail/bin
 touch /var/qmail/bin/qmail-inject
 touch /var/qmail/bin/qmail-newu
 touch /var/qmail/bin/qmail-newmrh

Before you can configure and install vpopmail, you must create a vpopmail user, and a vpopmail group. An old practice, that most people still follow today, is to name the group vchkpw, and the user vpopmail. The vpopmail tarball will recognize any group name, however, the username must be vpopmail unless you specify an alternative username while configuring.

 groupadd vchkpw
 useradd -g vchkpw vpopmail

If you plan to use roaming users (POP-before-SMTP), you will need to create a tcpserver rules file that vpopmail can update.

 mkdir -p /home/vpopmail/etc
 echo '127.0.0.1:allow,RELAYCLIENT=""' > /home/vpopmail/etc/tcp.smtp
 tcprules /home/vpopmail/etc/tcp.smtp.cdb /home/vpopmail/etc/tcp.smtp.tmp < /home/vpopmail/etc/tcp.smtp

Configuring vpopmail

vpopmail comes packaged with a configure script which will enable the package with the features you want, and disable the ones you don't. To configure vpopmail, while in the vpopmail source directory, run the following command:

./configure <options>

Configure options

 --enable-qmaildir=DIR      Directory where qmail control and user directories are installed /var/qmail.
 --enable-qmail-newu=PATH   Full path to qmail-newu program.
 --enable-qmail-inject=PATH Full path to qmail-inject program.
 --enable-qmail-newmrh=PATH Full path to qmail-newmrh program.
 --enable-vpopuser=USER     User name allocated to vpopmail vpopmail.
 --enable-vpopgroup=GROUP   Group name allocated to vpopmail vchkpw.
 --enable-roaming-users     Enable POP-before-SMTP functionality.
 --enable-tcprules-prog=PATH    Full path to tcprules program /usr/{local/}bin/tcprules.
 --enable-tcpserver-file=PATH   File where tcpserver -x relay information is stored /home/vpopmail/etc/tcp.smtp.
 --disable-rebuild-tcpserver-file  Disable rebuilding of tcpserver relay control file.
 --enable-relay-clear-minutes=#    Expire time for roaming users after pop authentication [180].
 --enable-learn-passwords   If no password is stored for a user, learn it the first time they authenticate.
 --disable-md5-passwords    Use DES crypt() instead of MD5 encryption for passwords.
 --disable-file-locking     Don't use file locking.
 --enable-file-sync         Enable file sync after each message is delivered.
 --disable-make-seekable    Don't try to make input to vdelivermail seekable.
 --disable-clear-passwd     Don't store a cleartext version of the password in addition to the encrypted version.
 --disable-users-big-dir    Disable hashing of user directories.
 --enable-sqwebmail-pass    Store a copy of the user's password in the the user's maildir for use by pre-v3 sqwebmail.
 --enable-qmail-ext         Enable qmail email address extension support.
 --enable-ip-alias-domains  Enable mapping of default domain via reverse ip lookup table.
 --enable-spamassassin      Enable spamassassin. See  README.spamassassin for more info.
 --enable-spamc-prog=PATH   Full path to spamc program /usr/{local/}bin/tcprules.
 --enable-domains-dir=TEXT  Set domains directory name for ~vpopmail/domains/user/.
 --enable-incdir=DIR        Your MySQL/Oracle 'include' directory.
 --enable-libdir=DIR        Your MySQL/Oracle 'lib' directory.
 --enable-auth-module=MOD   Nominate how to store the vpopmail account information (cdb (default), mysql, pgsql, 
                            ldap, oracle, sybase, or activedir).
 --enable-passwd            Enable /etc/passwd (or shadow) accounts in addition to virtual domains.
 --enable-logging=OPT       Log to syslog: n=nothing, e=errors only (default), y=all attempts, 
                            p=errors with passwords, v=verbose (all attempts, withpasswords).
 --enable-log-name=TEXT     Set syslog name vpopmail.
 --disable-auth-logging     Don't record time and ip of last auth attempt. 
                            Valid only for CDB, MySQL, PGSQL, LDAP, ActiveDir.
 --enable-sql-logging       Enable authentication logging to MySQL/Postgres.
 --enable-mysql-limits      Use MySQL to store limits instead of .qmailadmin-limits files.
 --enable-mysql-replication Enable support for replicated MySQL auth servers.
 --enable-valias            Store email aliases in MySQL.
 --disable-many-domains     Creates a table for each virtual domain instead of storing all users in a single table.
                            Only valid for MySQL and PostgreSQL
qmail extensions

This configuration allows users to receive mail to addresses in the format username-anything@example.com qmail extensions is enabled by adding --enable-qmail-ext to the configure line. Don't let the name fool you, this feature is maintained by vpopmail, and not qmail. Once this feature is enabled, it automatically works globally for all domains. If you want this feature to be enabled on a per-user, or per-domain basis, you will need to create dotqmail files under the domain directory to support this.

Compiling

Once the configure process has been completed, and there are no errors, you will see a table displaying enabled and disabled features. From here, compile:

make

If all goes well, and no errors occur:

make install-strip

vpopmail is now installed.

Command-line utilities

All binaries for user management are, by default, under /home/vpopmail/bin. Almost all the binaries in this directory can be executed, without arguments, to display a usage.

vadddomain

Adds a new domain to the mailserver

vadddomain: usage: vadddomain [options] virtual_domain [postmaster password]
options: -v prints the version
         -q quota_in_bytes (sets the quota for postmaster account)
         -b (bounces all mail that doesn't match a user, default)
         -e email_address (forwards all non matching user to this address [*])
         -u user (sets the uid/gid based on a user in /etc/passwd)
         -d dir (sets the dir to use for this domain)
         -i uid (sets the uid to use for this domain)
         -g gid (sets the gid to use for this domain)
         -O optimize adding, for bulk adds set this for all
            except the last one
         -r[len] (generate a len (default 8) char random postmaster password)

 [*] omit @-sign to deliver directly into user's Maildir: '-e postmaster'

vaddaliasdomain

Aliases one domain to another. All users, forwards, autoresponders, etc are the same across the real domain, and the aliased domain.

vaddaliasdomain: usage: [options] real_domain alias_domain
options: -v (print version number)
note: for backward compatability, you can swap real_domain and alias_domain.

Notes

This command creates an entry in the qmail/users/assign file directing all transactions for the new, alias domain name, to the current, real domain. This eliminates needing symlinks, and other harddrive intensive operations.

vdeldomain

Deletes a domain from the mailserver, all users, and all mail under this domain

vdeldomain: usage: [options] domain_name
options: -v (print version number)
         -f (force delete of virtual domains)

vadduser

Adds a mailbox to a domain

vadduser: usage: [options] email_address [passwd]
options: -v (print the version)
         -q quota_in_bytes (sets the users quota, use NOQUOTA for unlimited)
         -c comment (sets the gecos comment field)
         -e standard_encrypted_password
         -n no_password
         -r[len] (generate a len (default 8) char random password)

vdeluser

Deletes a mailbox from a domain, including all mail for that user

vdeluser: usage: [options] email_address
options: -v (print version number)

vdominfo

Return basic information about one or all domains hosted on the server

vdominfo: usage: [options] [domain]
options: -v (print version number)
         -a (display all fields, this is the default)
         -n (display domain name)
         -u (display uid field)
         -g (display gid field)
         -d (display domain directory)
         -t (display total users)

Note that to return the usage with vdominfo, you must type

vdominfo -h

vuserinfo

Return information about user accounts

vuserinfo: usage: [options] email_address
options: -v (print version number)
         -a (display all fields, this is the default)
         -n (display name field)
         -p (display crypted password)
         -u (display uid field)
         -g (display gid field)
         -c (display comment field)
         -d (display directory)
         -q (display quota field)
         -Q (display quota usage)
         -C (display clear text password)
         -l (display last authentication time)
         -D domainname (show all users on this domain)

vmoduser

Modify user settings and flags

vmoduser: usage: [options] email_addr or domain (for each user in domain)
options: -v ( display the vpopmail version number )
         -n ( don't rebuild the vpasswd.cdb file )
         -q quota ( set quota )
         -c comment (set the comment/gecos field )
         -e encrypted_passwd (set the password field )
         -C clear_text_passwd (set the password field )
the following options are bit flags in the gid int field
         -x ( clear all flags )
         -d ( don't allow user to change password )
         -p ( disable POP access )
         -s ( disable SMTP AUTH access )
         -w ( disable webmail [IMAP from localhost*] access )
            ( * full list of webmail server IPs in vchkpw.c )
         -i ( disable non-webmail IMAP access )
         -b ( bounce all mail )
         -o ( user is not subject to domain limits )
         -r ( disable roaming user/pop-before-smtp )
         -a ( grant qmailadmin administrator privileges )
         -S ( grant system administrator privileges - access all domains )
         -E ( grant expert privileges - edit .qmail files )
         -f ( disable spamassassin)
         -F ( delete spam)
  [The following flags aren't used directly by vpopmail but are]
  [included for other programs that share the user database.]
         -u ( set no dialup flag )
         -0 ( set V_USER0 flag )
         -1 ( set V_USER1 flag )
         -2 ( set V_USER2 flag )
         -3 ( set V_USER3 flag )

Notes

The vmoduser command is very useful for more advanced user options. Each user has a set of flags that can be set on them. For instance, 'No webmail' will disallow them to use a webmail interface, and 'No POP3' will not allow them to download mail via POP. Generally people use these flags to nudge customers who haven't paid, or to provide specific services to users who are paying for specific services (ie: webmail or pop3, etc). You can also set a flag which disallows them to send mail. Other than user flags, one can also set quotas with this command.

  • -s ( no smtp access ) if you have qmail-smtpd patched to support smtp authentication using the vchkpw program, then this option will cause the smtp connection to be dropped. Which in effect makes it impossible for the user to send email.
  • -r ( no external relay flag ) With this option turned on, the user will be able to only send email to local accounts. They will not be able to send email out to the internet. For example: A company can create internal email only accounts.

vpopbull

Short for vpopmail bulletin, vpopbull mass-mails local users an email.

usage: vpopbull [options] -f [email_file] [virtual_domain] [...]
       -v (print version number)
       -V (verbose)
       -f email_file (file with message contents)
       -e exclude_email_addr_file (list of addresses to exclude)
       -n (don't mail. Use with -V to list accounts)
       -c (default, copy file)
       -h (use hard links)
       -s (use symbolic links)

Notes

The vpopbull command solves a number of problems with trying to mail all your users. Firstly, you dont need to maintain a list of all your user accounts to email to. Secondly, emailing users through the actual qmail server would be inefficient. vpopbull drops messages directly into their Maildir directories where they can be picked up by POP3, webmail, etc, making the operation a simple copy operation instead of an actual mailing operation.

The email sent must be a fully valid email message, including From, and Subject headers, followed by a blank line, followed by the message. The one exception is that a To header should not be included.

From: <example@example.com>
Subject: Server maintenance

Dear example.com users,

   We will be performing maintenance on the mail server tomorrow morning.
The maintence window will be between 3am and 5am, and the server will be
down turning this time.

Thank you for your patience,
The example.com Staff

More complicated messages, including ones with attachments, etc, can also be made, however the specifics of generating a multipart message is out of the scope of this document.

vpasswd

vpasswd is used to change passwords for users on the system.

vpasswd: usage: [options] email_address [password]
options: -v (print version number)
         -r generate a random password

vchangepw

vchangepw allows changing of passwords for email addresses hosted on the system. This differs from vpasswd in that it requires you to know the current password for the email address. Note that there is no usage for this binary.

Tom Collins submitted a patch to the vpopmail tree including this binary

vsetuserquota

vsetuserquota is used to modify quotas for a single user, or on all users on a domain. See Vpopmail#Quotas for details on quotas.

vsetuserquota: [options] email_address|domain_name quota
options:
-v (print version number)

If you specify a domain name rather than an email address,
the quota will be applied to all users in that domain

Other binaries

You will probably notice that there are binaries in the bin directory that aren't listed above. These binaries are either used by vpopmail to handle delivery or other aspects of the mail system management, or they are used by more advanced users or users who are migrating data between databases.

clearopensmtp

When vpopmail has been compiled with the --enable-roaming-users=y flag enabled, this binary is run out of the crontab every 5 minutes to update the list of IPs that are no longer allowed to send mail. This is a binary used by the Roaming Users feature of vpopmail.

dotqmail2valias

When vpopmail has been compiled with the --enable-valias=y flag, this binary will find all dotqmail files under vpopmail and convert them to valias entries in the database.

valias

When configured with --enable-valias=y, the valias command can be used to add, edit, and delete valiases from the database.

vchkpw

vchkpw is the authentication mechanism used by qmail to check passwords required for downloading mail, and in the case of SMTP_AUTH, sending mail.

vconvert

vconvert is used during conversions and migrations between different database methods. Specifically, vconvert can convert to and from several databases, all information about the users on a vpopmail system.

vconvert: usage
 The first option sets which format to convert FROM,
 the second option sets which format to convert TO.
 -e = etc format
 -c = cdb format
 -m = sql format
 -S = set sqwebmail passwords
 -v = version
 -d = debug info

vdelivermail

vdelivermail is vpopmail's delivery agent. It handles delivery of messages, bouncing, catch-alls, etc. You will find calls to vdelivermail in the .qmail-default file under each domain.

As this is a binary internal to vpopmail's operation, there is no usage provided by the binary. vdelivermail can be called with the following syntax:

 vdelivermail  <default action>

The 'default action' may be one of the following:

   bounce-no-mailbox
 
   All mail to non-existing recipients on this domain will be bounced.  Additionally,
   if the chkuser patch is installed, the recipient will be rejected during the SMTP
   session as a failed RCPT TO response message.
   delete
 
   All mail to non-existing recipients will be accepted and silently dropped for this
   domain
   /path/to/Maildir/
 
   All mail to non-existing recipients will be accepted and delivered into the Maildir

It should be noted that in the current climate of mail abuse via spammers and viruses, that all settings other than bounce-no-mailbox with the chkuser patch installed, are considered a potential problem. Dictionary attacks can take a server to its knees.

vdeloldusers

vdeloldusers compares the last authentication time for all users against an age in days provided on the command-line, and removes all users which match.

vdeloldusers: usage: [options]
options: -a age_in_days (will delete accounts older than this date)
                        (default is 6 months or 180 days)
         -v (print version number and exit)
         -d [domain] (process only [domain])
         -e (process every domain)
         -D (actually delete users. no users are deleted without this option)
         -V (verbose -- print old users that will be deleted)

vipmap

vipmap stands for Vpopmail IP Map. It maps connections on specific IPs, to a particular domain, enabling users to provide just their username for authentication as opposed to the standard user@domain syntax, providing they have connected to a mapped IP.

vipmap: usage: [options] ip domain
options: -d delete mapping
         -a add mapping
         -p print mapping
         -v show version

vkill

vkill is used internally by vpopmail to kill its own processes.

vmkpasswd

vmkpasswd generates the vpasswd.cdb files seen under each of your domain directories. The CDB format allows for faster lookups of information by providing a disk-based hashtable database.

This could be handful for people who are copying one domain to another server. Here is a list of things you have to finish to make it all work again:
- Find directory of domain with vuserinfo on server A
- Add this domain to server B, with the same password as it was on server A
- Find out where the domain is located at server B and change to this directory
- Use rsync to download the entire directory from server A like this, make sure you are in the example.com at server B:
rsync -avz serverA:/dirofvpopmail/domains/example.com/ .
- Make also sure that all the files have vpopmail as its user and vchkpw as its group
- Now check vpasswd in the domain directory. It could have happened that your domain directory has been changed, if so, edit the directory value and run vmkpasswd example.com.

vmoddomlimits

vmoddomlimits provides a command-line interface for modifying the .qmailadmin-limits files that may appear under your domains' directories. This file specifies how many users, forwards, mailing lists, etc that a user with the postmaster password may create with Qmailadmin.

vmoddomlimits: usage: [options] domain
options: -v ( display the vpopmail version number )
         -d ( use the vlimits.default file, instead of domain )
         -S ( show current settings )
         -D ( delete limits for this domain, i.e. switch to default limits)
         -Q quota-in-megabytes ( set domain disk quota, '100' = 100 MB )
         -q quota-in-bytes ( set default user quota, '10M' = 10 MB )
         -M count ( set domain max msg count )
         -m count ( set default user max msg count )
         -P count ( set max amount of pop accounts )
         -A count ( set max amount of aliases )
         -F count ( set max amount of forwards )
         -R count ( set max amount of autoresponders )
         -L count ( set max amount of mailing lists )
the following options are bit flags in the gid int field
          -g "flags"  (set flags, see below)
          gid flags:
            u ( set no dialup flag )
            d ( set no password changing flag )
            p ( set no pop access flag )
            s ( set no smtp access flag )
            w ( set no web mail access flag )
            i ( set no imap access flag )
            r ( set no external relay flag )
            c ( set no spamassasssin flag )
           x ( set delete spam flag )
the following options are bit flags for non postmaster admins
         -p "flags"  (set pop account flags)
         -a "flags"  (set alias flags)
         -f "flags"  (set forward flags)
         -r "flags"  (set autoresponder flags)
         -l "flags"  (set mailinglist flags)
         -u "flags"  (set mailinglist users flags)
         -o "flags"  (set mailinglist moderators flags)
         -x "flags"  (set quota flags)
         -z "flags"  (set default quota flags)
         perm flags:
            a ( set deny all flag )
            c ( set deny create flag )
            m ( set deny modify flag )
            d ( set deny delete flag )

vpopmaild

vpopmaild is a daemon, still under development, which provides a network-based interface to the vpopmail API. There is no further support yet available for this part of vpopmail.

For more information see vpopmaild

vqmaillocal

vqmaillocal is a development testing program, and has no impact on a vpopmail system.

Other Features

Here is a list of features that are not so commonly used, but definately have their place.

valias

valias provides use of special delivery instructions normally found in dotqmail, from a database. Depending upon systems, this may or may not increase efficiency. Careful thought as to system size, and scalability must be taken into account when enabling and using this feature.

API

The vpopmail API gives developers access to vpopmail functions such as adding domains, adding users, and updating user passwords. vpopmail, in general, does not make any of its API private, but this document will cover high-level functions; the functions command-line utilities call. vpopmail has a set of standard error codes that all functions can return. To properly utilize vpopmail's API, return code checking should be done after all calls. High-level function calls, as they are refered to as in this document, are prefixed with a v. Care, and a good understanding of vpopmail's API should be used when calling other functions.

This documentation is current as of vpopmail version 5.4.15

Return codes

vpopmail's return codes are for the most part self-explanitory. Further documentation is not really needed. This list is taken from vpopmail.h. All high-level vpopmail API functions return VA_SUCCESS on successful calls, and one of the below error codes on failure.

#define VA_SUCCES                         0
#define VA_ILLEGAL_USERNAME              -1
#define VA_USERNAME_EXISTS               -2
#define VA_BAD_DIR                       -3
#define VA_BAD_U_DIR                     -4
#define VA_BAD_D_DIR                     -5
#define VA_BAD_V_DIR                     -6
#define VA_EXIST_U_DIR                   -7
#define VA_BAD_U_DIR2                    -8
#define VA_SUBDIR_CREATION               -9
#define VA_USER_DOES_NOT_EXIST          -10
#define VA_DOMAIN_DOES_NOT_EXIST        -11
#define VA_INVALID_DOMAIN_NAME          -12
#define VA_DOMAIN_ALREADY_EXISTS        -13
#define VA_COULD_NOT_MAKE_DOMAIN_DIR    -14
#define VA_COULD_NOT_OPEN_QMAIL_DEFAULT -15
#define VA_CAN_NOT_MAKE_DOMAINS_DIR     -16
#define VA_COULD_NOT_UPDATE_FILE        -17
#define VA_CRYPT_FAILED                 -18
#define VA_COULD_NOT_OPEN_DOT_QMAIL     -19
#define VA_BAD_CHAR                     -20
#define VA_SQWEBMAIL_PASS_FAIL          -21
#define VA_BAD_UID                      -22
#define VA_NO_AUTH_CONNECTION           -23
#define VA_MEMORY_ALLOC_ERR             -24
#define VA_USER_NAME_TOO_LONG           -25
#define VA_DOMAIN_NAME_TOO_LONG         -26
#define VA_PASSWD_TOO_LONG              -27
#define VA_GECOS_TOO_LONG               -28
#define VA_QUOTA_TOO_LONG               -29
#define VA_DIR_TOO_LONG                 -30
#define VA_CLEAR_PASSWD_TOO_LONG        -31
#define VA_ALIAS_LINE_TOO_LONG          -32
#define VA_NULL_POINTER                 -33
#define VA_INVALID_EMAIL_CHAR           -34
#define VA_PARSE_ERROR                  -35
#define VA_CANNOT_READ_LIMITS           -36
#define VA_CANNOT_READ_ASSIGN           -37
#define VA_CANNOT_OPEN_DATABASE         -38
#define VA_INVALID_IP_ADDRESS           -39
#define VA_QUERY_FAILED                 -40
#define VA_STORE_RESULT_FAILED          -41
#define VA_INVALID_OPEN_MODE            -42
#define VA_CANNOT_CREATE_DATABASE       -43
#define VA_CANNOT_CREATE_TABLE          -44

Functions

Add domain - vadddomain()

Add support for a domain to the vpopmail+qmail system.

Declaration

int vadddomain( char *domain, char *dir, uid_t uid, gid_t gid )

Usage

The domain argument is the domain to be added to the system. Your qmail control/rcpthosts, control/virtualdomains, and users/assign will be updated, and the vpopmail authentication module will be updated with the proper details. The dir parameter sets the directory where the domain will be added under. In most cases, this will be the vpopmail/domains directory.

Notes

This API function does not add a postmaster account.

Delete domain - vdeldomain()

Remove a domain from the vpopmail+qmail system.

Declaration
int vdeldomain( char *domain )
Usage

Passing the domain option will update the qmail control/rcpthosts, control/virtualdomains, users/assign, as well as updating the authentication module.

Notes

All mail storage, and user authentication information will be removed for this domain. When in doubt, make backups.

Add user - vadduser()

Add a user to a domain on a vpopmail system.

Declaration
int vadduser( char *username, char *domain, char *password, char *gecos, int apop )
Usage

The username will be added under domain with a password of password, and a GECOS of gecos via the authentication module. Any directory hashing will be handled by vpopmail internally. If apop is set to 1, the apop secrets file will be updated.

Delete user - vdeluser()

Remove a user from the vpopmail system.

Declaration

int vdeluser( char *user, char *domain )

Usage

Removes an entry from the authentication module's database, and removes all user data.

Notes

All user authentication information, and mailstore data associated with this user will be deleted. Make backups where appropriate.

Change user password - vpasswd()

Update a user's password.

Declaration

int vpasswd( char *username, char *domain, char *password, int apop )

Usage

vpasswd updates a user authentication entry in the authentication module's database where username is the user portion of the email address, domain is the domain portion of the email address, and password is a clear-text version of the user's password. The apop flag is not used.

Set user quota - vsetuserquota()

Declare a user's mailstore quota.

Declaration

int vsetuserquota( char *username, char *domain, char *quota )

Usage

Updates the authentication module's database with a Maildir-quota-style quota as defined by quota for username@domain. The user's mailstore usage is also re-calculated.

Troubleshooting

How to troubleshoot vpopmail

vpopmail is relatively easy to troubleshoot, given a little background knowledge on how it processes authentication information, and message delivery information. Before you head down below for specific information about a problem you might be having, get aquainted with how vpopmail handles your day-to-day mail activities.

Authentication

In order to authenticate users, there's a series of steps that is taken. We will be examining vchkpw, the standard binary used for authentication with POP3.

  • Firstly, vchkpw expects a valid username.

Because vpopmail is a virtual domain package, it also needs to know what domain they're on. Depending upon the system configuration, the username will sometimes be simply 'username', with a domain mapped either to an IP, or as a default domain, but generally the username will be 'user@domain'. Does the username contain entirely valid characters? Does the domain contain valid characters?

  • Next vpopmail opens the qmail/users/cdb

file to determine if the domain is valid. Here is where permissions errors come in. Can the process trying to authenticate access the cdb file? Does the cdb file exist? Is it updated with the latest information from the qmail/users/assign file? Is there an issue with the contents of the assign file causing the cdb file not to be updated? As you can see, each step can have a number of actual causes, but generally they all cause a similar symptom, which can make determining the actual cause a little difficult.

  • The next step is to determine if the username provided exists on that domain.

Depending upon the authentication storage scheme, yet more issues can arise here. For the sake of this document, we will assume CDB, however, those of you using MySQL, or another network-based DB may wish to make sure your authentication information is correct. Can the process wishing to authenticate access the vpasswd.cdb file? All processes accessing authentication information for vpopmail must be at least SUID/SGID vpopmail. Note that files under the vpopmail directory should NEVER have their permissions changed to be read by users other than the vpopmail user. Does the vpasswd.cdb file exist? Has it been updated with the latest information from the vpasswd file? Does the vpasswd file contain entirely valid syntax?

  • Next it compares their password.

Obviously the question here is, do they have the correct password?

  • Now user flags are checked.

Are they allowed to access the POP server? At this point, other flags are checked for other services as well. SMTP, IMAP, etc.

  • Now we set up the environment to deal with their mailbox files.

Are the permissions on the user's home directory and Maildir correct?

  • The next, and final step is to execute the POP handler.

If this part fails, make sure your POP binary is there, and that it can be executed by the process.

Specific Issues

One of my users can't authenticate via POP3

  • Is the user using the correct login name?

Sometimes users are simply using the wrong login name. Try verifying their login information yourself before going any further.

  • Is the user using the correct login syntax?

Depending upon the configuration of the system, one may need to log in with different username formats. user@domain is the most common. Be sure your users know that this is the correct format for authenticating for mail.

  • Is the user using the correct password?

Systems with clear-text passwords enabled can allow administrators and technical staff to quickly diagnose this issue.

  • Is the POP3 server running as root?

The POP3 server must run as root so that it may change the proper UID/GID after it determines what that UID/GID is.

  • Does the qmail/users/assign file contain the domain?
  • Does the qmail/users/assign file contain proper syntax?
  • Is the qmail/users/cdb file up to date?
  • Are permissions correct on the vpopmail home directory and sub-directories?

When using MySQL for authentication, I get the error vmysql: sql error[3] MySQL server has gone away

This is almost always caused by permissions, or authentication problems. First, using the information from ~vpopmail/etc/vpopmail.mysql, try to access the MySQL database via the mysql client as the vpopmail system user. (Depending upon your system, you may need to use sudo)

# su vpopmail
$ mysql -u vpopmail -p vpopmail
Enter password:

At this point, you may have received any number of errors. If you get to a MySQL prompt, try the following:

mysql> show tables;

Pick a table. vpopmail is a good one to use

mysql> select count(*) from vpopmail;

The most common problem here is that vpopmail cant access the MySQL socket. Check the location where your MySQL server is creating the socket file, and be sure the vpopmail user can read and write to it.

This problem can also be caused, under certian circumstances on FreeBSD 4.x and 5.x systems when MySQL is compiled with the following options:

WITH_LINUXTHREADS=YES

This is the default compile for many FreeBSD ports distrobutions as it solves several 'spin-locking' and other performance and latency issues. However when a system is under high load it may cause a problem with vpopmail showing the "vmysql: sql error[3] MySQL server has gone away" or no error at all. re-compiling MySQL WITH_LINUXTHREADS=NO will solve this problem.

I've lost all my qmail control files

This can occur because of disk corruption, or administrative mistakes. Either way this is actually solved rather easily. This will recover your domain hosting information, but not any of your other control files.

To use this script, copy the below contents to ~vpopmail/domains/gen-hashed.sh It *must* be called gen-hashed.sh, and it must reside in ~vpopmail/domains. Then just run it. There is no output except three files are created, controls.rcpthosts, controls.virtualdomains, users.assign. These three files should be copied or moved into their respective locations inside the qmail directory.

#!/bin/sh
#
# Generate control files from hashed
# vpopmail domain tree.  Should be run
# from ~vpopmail/domains directory,
# and script should be named gen-hashed.sh
#
# <matt@inter7.com>
#
 
SUB=""
  
rm -f users.assign control.rcpthosts control.virtualdomains

if [ $# -eq 1 ]; then
        CPWD=$PWD
        SUB=$1/
        cd $1
fi
 
for i in *; do
        if [ ! -d $i ]; then
                continue
        fi

        if [ ${#i} -eq 1 ]; then
                /home/vpopmail/domains/gen-hashed.sh $i
                continue
        fi


        if [ "$CPWD" != "" ]; then
                CPWD="${CPWD}/"
        fi

        echo "+$i-:$i:89:89:$PWD/$i:-::" >> ${CPWD}users.assign
        echo "$i:$i" >> ${CPWD}control.virtualdomains
        echo "$i" >> ${CPWD}control.rcpthosts
done

if [ "$SUB" != "" ]; then
        cd $CPWD
fi

if [ $# -eq 0 ]; then
        echo "." >> ${CPWD}users.assign
fi


Qmail Conflicts

If the program qmail-pw2u is run, it will delete the existing contents of /var/qmail/users/assign. If this happens, run the gen-hashed.sh script in the previous section. The qmail RPM by Bruce Guenter includes a cron job that runs qmail-pw2u hourly, you need to disable the cron job.

Nguyen dinh thien viettelidc.com.vn

welcome here

Personal tools