'qmail'에 해당되는 글 21건

  1. 2012.05.09 [qmail] libdomainkeys 설치
  2. 2012.05.09 [qmail] rblsmtpd 설치
  3. 2012.05.09 [qmail] cdb 설치
  4. 2012.05.09 [qmail] vpopmail 설치
  5. 2012.05.09 [qmail] qmail 다운로드 & 설치
  6. 2012.05.09 [qmail] daemontools 설치
  7. 2012.05.09 [qmail] ucspi-tcp 설치
  8. 2012.04.20 Qmail, pop3, imap 관련.
  9. 2012.04.19 Qmail 라우팅
  10. 2012.04.18 Life With Qmail - from KLDP

[qmail] libdomainkeys 설치

ITWeb/서버관리 2012. 5. 9. 14:49

[원본링크]

http://domainkeys.sourceforge.net/
http://jeremy.kister.net/howto/dk.html
http://sourceforge.net/projects/domainkeys/

[원본글]


qmail-1.03 & Netqmail-1.06 / DomainKeys Integration Howto v20081001.02

Some documentation stolen from the qmail-dk patch itself
This document assumes example.com is the domain in the From: field that you'll be dk_signing for.
Text in bold are unique to each installation. (although you can choose to keep the keyword 'default').


1. install qmail as per www.lifewithqmail.org (skip this if you have an existing/compatible qmail installation).
    any qmail install based off LWQ should be compatible - including netqmailqmail-isp, and even qmail-aio.

2. install OpenSSL as per the INSTALL file of the latest stable tarball (skip if you already have an existing/compatible OpenSSL)

3. Set it all up
  cd /usr/local/src/
  wget http://cr.yp.to/software/qmail-1.03.tar.gz
  wget http://superb-east.dl.sourceforge.net/sourceforge/domainkeys/libdomainkeys-0.68.tar.gz
  wget http://www.qmail.org/qmail-1.03-dk-0.54.patch
  wget http://jeremy.kister.net/code/qmail-dk-0.54-auth.patch # optional, for smtp-auth
  tar -zxvf libdomainkeys-0.68.tar.gz
  cd libdomainkeys-0.68
  make
  tar -zxvf /usr/local/src/qmail-1.03.tar.gz
  echo 'gcc -O2 -include /usr/include/errno.h' > qmail-1.03/conf-cc
  patch -d qmail-1.03/ < ../qmail-1.03-dk-0.54.patch
  patch -d qmail-1.03/ < ../qmail-dk-0.54-auth.patch   # optional, for smtp-auth
  cd qmail-1.03
  make qmail-dk
  cp qmail-dk /var/qmail/bin/
  cp qmail-dk.8 /var/qmail/man/man8/
  chown qmailq /var/qmail/bin/qmail-dk
  chmod 4711 /var/qmail/bin/qmail-dk
4. Next, we set up a RSA key pair, as according to http://domainkeys.sourceforge.net/keygen.html.
  mkdir -p /etc/domainkeys/example.com/
  cd /etc/domainkeys/example.com/
  /usr/local/ssl/bin/openssl genrsa -out rsa.private 768
  /usr/local/ssl/bin/openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM
  mv rsa.private default
  chown -R qmailq /etc/domainkeys
  chmod 0600 default
5. Make your public DomainKey:
  grep -v ^- rsa.public | perl -e 'while(<>){chop;$l.=$_;}print "k=rsa; t=y; p=$l;\n";'
6. Create a TXT record in your DNS as per http://domainkeys.sourceforge.net/dist.html:
For tinydns (djbdns):
'_domainkey.example.com.:k=rsa; t=y; o=-;
'default._domainkey.example.com.:DomainKey_from_step_5

or for BIND:
_domainkey.example.com. IN TXT "k=rsa; t=y; o=-;"
default._domainkey.example.com. IN TXT "DomainKey_from_step_5"
7. Next, modify your /etc/tcp.smtp:
  • If you control who relays through your machine via RELAYCLIENT:

    • 10.0.0.2:allow,RELAYCLIENT="",DKSIGN="/etc/domainkeys/example.com/default",QMAILQUEUE="bin/qmail-dk"
    :allow,DKVERIFY="DEGIJKfh",QMAILQUEUE="bin/qmail-dk"

  • Or, if you use SMTP AUTH to control who relays through your machine,
        and you've patched with the above qmail-0.54-dk-auth.patch,
        you don't have to worry about setting DKSIGN:

    • :allow,DKVERIFY="DEGIJKfh",QMAILQUEUE="bin/qmail-dk"

    8. Rebuild your cdb file:
      qmailctl cdb
    9. Be sure to watch your /var/log/qmail/smtpd/current for problems involving
    not having enough memory. You may need to increase the softlimit memory
    size in /service/qmail-smtpd/run.

    10. If you want qmail-dk to sign messages that you send from the command line,
    you have to set up some environment variables.

    You can choose to modify your .profile:
    QMAILQUEUE=/var/qmail/bin/qmail-dk
    DKSIGN=/etc/domainkeys/example.com/default
    export QMAILQUEUE DKSIGN

    Or, as Kyle Wheeler suggested, you can put a wrapper around sendmail:
    #!/bin/sh
    export QMAILQUEUE=/var/qmail/bin/qmail-dk
    export DKSIGN=/etc/domainkeys/example.com/default
    exec /var/qmail/bin/sendmail "$@"

    11. And finally, test your installation:
    send mail to dktest@temporary.com. You should get a reply within a few minutes.

    When you're satisfied with your installation:
    change the "t=y" in your DNS TXT RRs to "t=n": this takes your DomainKey out of "test mode".
    To be a bit more aggressive, add a "B" to your DKVERIFY string. man qmail-dk for more info.



    Portability Notes

    On Solaris 2.7 and 2.9, before the make in libdomainkeys-0.68, I had to:
  • use GNU patch

  • in the libdomainkeys-0.68/Makefile:

    • INCS=-I. -I/usr/local/ssl/include
    LIBS=-L. -L/usr/local/ssl/lib -ldomainkeys -lcrypto

    And then, before the make qmail-dk in qmail-1.03, I had to:
  • echo 'gcc -O2 -I/usr/local/ssl/include' > conf-cc

  • echo 'gcc -s -L/usr/local/ssl/lib' > conf-ld

  • export LD_RUN_PATH=/usr/local/ssl/lib:$LD_RUN_PATH



    • On FreeBSD 5.2.1-R, before the make in libdomainkeys-0.68, I had to:
  • in the libdomainkeys-0.68/Makefile, comment out lines 8-15 (UNAME := ... endif)



    • On Slackware, it is reported that you have to:
  • in the Makefile:

    • LIBS=-L. -ldomainkeys -lcrypto -lresolv


    On Gentoo, it is reported that you have to:
  • During step 3:

    • tar -zxvf libdomainkeys-0.68.tar.gz
    cd libdomainkeys-0.68
    echo '-lresolv' > dns.lib
    make

    -- 

Jeremy Kister
http://jeremy.kister.net./
http://kister.net/cgi-bin/contact.pl?addr=info


    libdomainkeys-0.69.tar.gz




    :

    [qmail] rblsmtpd 설치

    ITWeb/서버관리 2012. 5. 9. 13:00

    [원본링크]

    http://cr.yp.to/rblsmtpd.html
    http://cr.yp.to/software/rblsmtpd-0.70.tar.gz
    http://cr.yp.to/ucspi-tcp/rblsmtpd.html
    http://ladro.com/docs/dns/rblsmtpd.html

    [원본글]

    D. J. Bernstein 

    Internet mail

    rblsmtpd

    The latest published rblsmtpd package is rblsmtpd-0.70.tar.gz.

    The features of rblsmtpd have been incorporated into ucspi-tcp 0.86; there will be no more rblsmtpd releases.

    What is it?

    rblsmtpd is a generic tool to block mail from RBL-listed sites.
    D. J. Bernstein 
    TCP/IP 
    ucspi-tcp

    The rblsmtpd program

    rblsmtpd blocks mail from RBL-listed sites. It works with any SMTP server that can run under tcpserver.

    Interface

         rblsmtpd opts prog
    opts is a series of getopt-style options. prog consists of one or more arguments.

    Normally rblsmtpd runs progprog is expected to carry out an SMTP conversation to receive incoming mail messages.

    However, rblsmtpd does not invoke prog if it is told to block mail from this client. Instead it carries out its own limited SMTP conversation, temporarily rejecting all attempts to send a message. Meanwhile it prints one line on descriptor 2 to log its activity.

    rblsmtpd drops the limited SMTP conversation after 60 seconds, even if the client has not quit by then.

    Options:

    • -t n: Change the 60-second timeout to n seconds.

    Blocked clients

    If the $RBLSMTPD environment variable is set and is nonempty, rblsmtpd blocks mail. It uses $RBLSMTPD as an error message for the client. Normally rblsmtpd runs under tcpserver; you can use tcprules to set $RBLSMTPD for selected clients.

    If $RBLSMTPD is set and is empty, rblsmtpd does not block mail.

    If $RBLSMTPD is not set, rblsmtpd looks up $TCPREMOTEIP in the RBL, and blocks mail if $TCPREMOTEIP is listed. tcpserver sets up $TCPREMOTEIP as the IP address of the remote host.

    Options:

    • -r base: Use base as an RBL source. An IP address a.b.c.d is listed by that source if d.c.b.a.base has a TXT record. rblsmtpd uses the contents of the TXT record as an error message for the client.
    • -a base: Use base as an anti-RBL source. An IP address a.b.c.d is anti-listed by that source if d.c.b.a.base has an A record. In this case rblsmtpd does not block mail.

    You may supply any number of -r and -a options. rblsmtpd tries each source in turn until it finds one that lists or anti-lists $TCPREMOTEIP.

    If you do not supply any -r options, rblsmtpd tries an RBL source of rbl.maps.vix.com. This will be changed in subsequent versions.

    RBL sources

    If you want to run your own RBL source or anti-RBL source for rblsmtpd, you can use rbldns from the djbdns package.

    I've heard about the following public RBL sources:

    • dev.null.dk
    • list.dsbl.org, using rbldns as of 2002-03
    • multihop.dsbl.org, using rbldns as of 2002-03
    • orbs.dorkslayers.com
    • orbz.gst-group.co.uk
    • relays.osirusoft.com
    • unconfirmed.dsbl.org, using rbldns as of 2002-03
    • dnsbl.sorbs.net
    • cbl.abuseat.org
    I've given up on the following RBL sources for various reasons:
    • blackholes.mail-abuse.org, demanding money for access as of 2001-07
    • dialups.mail-abuse.org, demanding money for access as of 2001-07
    • dul.maps.vix.com, renamed dialups.mail-abuse.org
    • inputs.orbz.org, disabled as of 2002-03
    • outputs.orbs.org, disabled in 2001-06
    • outputs.orbz.org, disabled as of 2002-03
    • rbl.maps.vix.com, renamed blackholes.mail-abuse.org
    • relays.mail-abuse.org, TXT records eliminated in 2000-08, demanding money for access as of 2001-07
    • relays.msci.memphis.edu, a copy of relays.mail-abuse.org with TXT records, disabled in 2001-01 because mail-abuse.org started demanding money
    • rss.maps.vix.com, renamed relays.mail-abuse.org
    • or.orbl.org, down as of 2001-10
    • relays.ordb.org, no longer in operation
    • bl.spamcop.net, fails to interoperate with deferred-delivery ISPs
    relays.mail-abuse.org stopped working with rblsmtpd in August 2000, because all the TXT records were removed. ``They were eliminated because the zone file is growing rather large,'' the maintainers said. This problem wouldn't occur with rbldns, because rbldnsdatabases are much smaller than zone files. However, the people who run MAPS also have financial interests in BIND, and they refuse to use rbldns.

    Temporary errors

    Normally, if $RBLSMTPD is set, rblsmtpd uses a 451 error code in its limited SMTP conversation. This tells legitimate clients to try again later. It gives innocent relay operators a chance to see the problem, prohibit relaying, get off the RBL, and get the mail delivered.

    However, if $RBLSMTPD begins with a hyphen, rblsmtpd removes the hyphen and uses a 553 error code. This tells legitimate clients to bounce the message immediately.

    There are several error-handling options for RBL lookups:

    • -B: (Default.) Use a 451 error code for IP addresses listed in the RBL.
    • -b: Use a 553 error code for IP addresses listed in the RBL.
    • -C: (Default.) Handle RBL lookups in a ``fail-open'' mode. If an RBL lookup fails temporarily, assume that the address is not listed; if an anti-RBL lookup fails temporarily, assume that the address is anti-listed. Unfortunately, a knowledgeable attacker can force an RBL lookup or an anti-RBL lookup to fail temporarily, so that his mail is not blocked.
    • -c: Handle RBL lookups in a ``fail-closed'' mode. If an RBL lookup fails temporarily, assume that the address is listed (but use a 451 error code even with -b). If an anti-RBL lookup fails temporarily, assume that the address is not anti-listed (but use a 451 error code even if a subsequent RBL lookup succeeds with -b). Unfortunately, this sometimes delays legitimate mail.

    Acknowledgments

    Thanks to Andrew Richards for his comments on this documentation.

    [Howto 관련글]


    rblsmtpd-0.70.tar.gz


    :

    [qmail] cdb 설치

    ITWeb/서버관리 2012. 5. 9. 12:54

    [원본링크]

    http://cr.yp.to/cdb.html
    http://cr.yp.to/cdb/install.html
    http://cr.yp.to/cdb/cdb-0.75.tar.gz

    [원본글]

    D. J. Bernstein 
    Data structures and program structures

    cdb

    How to install cdb 
    The cdbget program 
    The cdbmake and cdbdump programs 
    The cdbstats and cdbtest programs

    The cdb format specification 
    The cdb-reading library interface

    cdb is discussed on the cdb mailing list.

    What is it?

    cdb is a fast, reliable, simple package for creating and reading constant databases. Its database structure provides several features:
    • Fast lookups: A successful lookup in a large database normally takes just two disk accesses. An unsuccessful lookup takes only one.
    • Low overhead: A database uses 2048 bytes, plus 24 bytes per record, plus the space for keys and data.
    • No random limits: cdb can handle any database up to 4 gigabytes. There are no other restrictions; records don't even have to fit into memory. Databases are stored in a machine-independent format.
    • Fast atomic database replacement: cdbmake can rewrite an entire database two orders of magnitude faster than other hashing packages.
    • Fast database dumps: cdbdump prints the contents of a database in cdbmake-compatible format.
    cdb is designed to be used in mission-critical applications like e-mail. Database replacement is safe against system crashes. Readers don't have to pause during a rewrite.

    Information for distributors

    You may distribute unmodified copies of the cdb package.

    Packages that need to read cdb files should incorporate the necessary portions of the cdb library rather than relying on an external cdb library.

    Related packages

    Tim Goodwin's CDB_File is a Perl interface to cdb.

    M. J. Pomraning's python-cdb is a Python interface to cdb.

    Kazuteru Okahashi's ruby-cdb is a Ruby interface to cdb.

    Michael Alyn Miller's sg-cdb is a Java library to read cdb files.

    Taj Khattra's luacdb is a Lua interface to cdb.

    Felix von Leitner's rdbm combines cdb with a separate journal of database updates.

    David Wilson's python-pure-cdb is a Python reimplementation of cdb.

    cdb is used in my djbdns, fastforward, mess822, qmail, and ucspi-tcp packages.

    D. J. Bernstein 
    Data structures and program structures 
    cdb

    How to install cdb

    Like any other piece of software (and information generally), cdb comes with NO WARRANTY.

    System requirements

    cdb works only under UNIX.

    Installation

    Download the cdb package. The latest published cdb package is cdb-0.75.tar.gz.

    Unpack the cdb package:

         gunzip cdb-0.75.tar
     tar -xf cdb-0.75.tar
     cd cdb-0.75

    Compile the cdb programs:

         make

    As root, install the cdb programs under /usr/local:

         make setup check

    Automatic tests

    You need the softlimit program for these tests:
         make rts
     ./rts > rts.out
     cmp rts.out rts.exp
    Normally this prints nothing.

    Beware that, starting with version 0.75, rts takes some time to run: e.g., 155 seconds on a Pentium II-350. (It writes three 4GB databases to /dev/null.)

    Manual tests

    Create a database from /etc/services:
         ./cdbmake-sv test.cdb test.tmp < /etc/services
    Use cdbtest to test the database:
         ./cdbtest < test.cdb
    The bad length and not found tallies should be 0. The different record tally should be 0 unless you have the same service listed on several lines in /etc/services.

    Try retrieving particular records from the database:

         ./cdbget smtp/tcp < test.cdb && echo ''
     ./cdbget @25/tcp < test.cdb && echo ''
    Try printing some database statistics:
         ./cdbstats < test.cdb
    The numbers should decrease rapidly past d0.

    To report success:

         ( echo 'First M. Last'; cat `cat SYSDEPS` ) \
     | mail djb-sysdeps@cr.yp.to 

    Replace First M. Last with your name.


    cdb-0.75.tar.gz



    :

    [qmail] vpopmail 설치

    ITWeb/서버관리 2012. 5. 9. 12:51

    [원본링크]

    http://www.inter7.com/vpopmail/
    http://sourceforge.net/project/showfiles.php?group_id=85937
    http://www.inter7.com/vpopmail/install.txt
    http://www.inter7.com/vpopmail/doc/index.html

    [원본글]



    

For more information see the README files
 README	     
 README.mysql   
 README.quotas    
 README.ldap  
 README.sybase
 README.oracle  
 README.vqmaillocal

For information on upgrading please see the UPGRADE files
UPGRADE  
UPGRADE.tren


Note: If you are using any of the BSD distro's you should probably use gmake
      and not make.

VPopMail 5.0 Upgrade Instructions are in the UPGRADE File
Hints on converting an old system to a new vpopmail system
are also in the UPGRADE file

1. check for diskspace
	# df
	  or
	# df -k 

	Determine which disk partition you want to place the pop email.

2. add groups and users and home directory
	# groupadd -g 89 vchkpw
	# useradd -g vchkpw -u 89 vpopmail

We recommend you use the user and group id's of 89. The FreeBSD folks
have reserved 89 for the group and 89 for the user for vpopmail. 
if you want to place the vpopmail home dir in a different disk partition
than the default home dir location try:

	# useradd -g vchkpw -u 89 -d /path/to/where/you/want vpopmail
		

	RedHat and other linux systems place useradd and groupadd in
	the /usr/sbin directory.

NOTE: the home directory of vpopmail must exist before you contiue with
the installation.

3.  FAST default install
    $ su
    # ./configure
    # make
    # make install-strip 

If you are making vpopmail for roaming users to be able to relay
through your smtp server after the authenticate with pop do: 

    $ su
    # ./configure --enable-roaming-users=y
    # make
    # make install-strip

NOTE: To get a complete list of configure options type: ./configure --help

MySQL NOTE: if you are using --enable-mysql=y make sure you are running
the lasted stable version (Currently 3.23 as of March 5th 2001). Older
versions of mysql, such as 3.22 do not support the "unique index (domain)"
syntax when creating the dir_control table. 

3.a configure option recommendations for New Sites

If you are installing a brand new email server please make
use of the new vpopmail-5.0 features. We recommend adding
the following options to your ./configure line:

--enable-clear-passwd=y ( store a clear text copy of users password )

This option helps sysadmins and help desk people. They find it
helpful to be able to see the pasword the user should be using.

--enable-valias=y (Turn on vpopmail alias processing)

This is mainly for the mysql module. It allows aliases/forwards to
be stored in the mysql database. It also turns on the valias
command line program to maintain alias/forwards

--enable-mysql-replication=y ( requires advanced sys admin skills )

If you have a running mysql replicated site, multiple machines with
a central update mysql server and a farm of machines running read-only
mysql servers, THEN, you can make use of this feature. It allows
vpopmail to do read-only queries to a local mysql server, and send
all update transactions (add user, change password, delete domain)
to a central mysql database. A must use for clustered sites 
vpopmail to lo

4. Check your ~vpopmail/etc/tcp.smtp file 

    This file should list all the static IP's of your machines
    you want to allow to relay out to the internet.
	
    For example: If you have a whole C class named 10.1.1.X
    either edit /etc/tcp.smtp file, or use the following to appened:

	# echo "10.1.1.:allow,RELAYCLIENT=\"\"" >> ~vpopmail/etc/tcp.smtp

	you can add other ip's later, when ever you want.


5. Setup crontab for --enable-roaming-users=y (default is disabled)
	Add a line to roots crontab
	$ su
	# crontab -e

	add a line like the following:

    	40 * * * * /home-dir-of-vpopmail/bin/clearopensmtp 2>&1 > /dev/null

	replace "home-dir-of-vpopmail" with the home directory of vpopmail user. 
	To find the home dir of vpopmail:
		grep vpopmail /etc/passwd
        pick out the entry for the home dir

vpopmail:x:502:502::/home/vpopmail:/bin/bash
                    ^^^^^^^^^^^^^^

Done!

You can go on to add a virtual domain and users if you wish

6. Add a virtual domain

	For this example, we will add a domain "test.com"

	# cd /home-dir-of-vpopmail/bin

	# ./vadddomain test.com
		or
	# ./vadddomain test.com password-for-postmaster

	vadddomain will modify the following qmail files 
		(default locations used)
	/var/qmail/control/locals
	/var/qmail/control/rcpthosts
	/var/qmail/control/morercpthosts (if rcpthosts > than 50 lines)
	/var/qmail/control/virtualdomains
	/var/qmail/users/assign
	/var/qmail/users/cdb

	It will also create a domains directory 
		~vpopmail/domains/test.com
		~vpopmail/domains/test.com/postmaster/Maildir ...
		~vpopmail/domains/test.com/vpasswd
		~vpopmail/domains/test.com/vpasswd.cdb

	If you do not specify a password on the command line, it
	will prompt for a password for the postmaster.

	Then it will send a kill -HUP signal to qmail-send telling it
	to re-read the control files.

	Note: setting up DNS MX records for the virtual domain is not
	covered in this INSTALL file.

7. Add a new pop user.

	You can install qmailadmin and administer your new pop mail
	system via a web interface. Or you can use the command line
	interface.

	# cd /home-dir-of-vpopmail/bin
	# ./vadduser newuser@test.com
		or
	# ./vadduser newuser@test.com <password-for-newuser>

	In the case where the domain is specified (user@domain.com), 
	the user is added to the ~vpopmail/domains/domain.com directory.
	If you don't enter a password on the command line, it will
	prompt for a password.

8. Delete a pop user

	# cd /home-dir-of-vpopmail/bin
	# ./vdeluser newuser@test.com (for the test.com virtualdomain example)

9. Delete a virtual domain

	# cd /home-dir-of-vpopmail/bin
	# ./vdeldomain test.com

10. Changing a pop users password (new in 3.4.3)
	# cd /home-dir-of-vpopmail/bin
	# ./vpasswd user@domain.com
			or
	# ./vpasswd user@domain.com <password-for-user@domain.com>

11. Information details hiding 
	Alot of the underlying qmail details are not covered in this
	file. This is on purpose. If you want to find out the internal
	workings of vchkpw and qmail look into /var/qmail/control files
	and /var/qmail/users/assign file. 

12. How to use vchkpw with qmail-pop3d server

	Here is a sample startup line for qmail-pop3d and vchkpw

	env - PATH="/var/qmail/bin:/usr/local/bin" \
	tcpserver -H -R 0 pop-3 \
	/var/qmail/bin/qmail-popup your.domain.com \
	/home-dir-of-vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir &

	If you want to authenticate against /etc/passwd do not use the -u -g
	options, since it would need to run as root.
 
	Notice where the vchkpw program goes. 
	Some sites use pop3 instead of pop-3. /etc/services has the
        master list. grep pop /etc/services to find out.

	If you want to use inetd style startup use this:
		pop3 stream tcp nowait root \
  		/var/qmail/bin/qmail-popup \
  		qmail-popup mail.stilen.com \
  		/home/vpopmail/bin/vchkpw \
  		/var/qmail/bin/qmail-pop3d \
  		Maildir

	If you want to use xinetd style use this:
service pop3
{
    disable              = no
    socket_type       = stream
    protocol             = tcp
    wait                   = no
    user                  = root
    server                = /var/qmail/bin/qmail-popup
    server_args        = foo.bar.com /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir
    log_type             = FILE /var/log/xinetd.log
    log_on_success  = HOST
    log_on_failure      = HOST RECORD
}

13. For sites using the mysql module and --enable-roaming-users=y it
    is highly suggested to use Matt Simersons tcpserver-mysql patch.
    This removes the need for vpopmail to compile a tcp.smtp.cdb file
    for each pop authentication. Instead, tcpserver looks directly
    into the vpopmail mysql table of IP's.

14. Good luck

Please report any bugs to kbo@inter7.com.

Also visit http://www.inter7.com/vchkpw/ home page and join the
mailing list vchkpw@inter7.com by sending an email 
to vchkpw-subscribe@inter7.com

    About

    vpopmail is a set of API that manages virtual user accounts on a qmail system, and handles delivery for these virtual users. The command-line utilities, and Qmailadmin all use the vpopmail API, provided by the vpopmail library to manage the system.


    Please note that this document does not yet cover the 5.5 branch of vpopmail.

    Features

    Roaming Users

    Roaming users provides a non-SMTP_AUTH authentication system for allowing users with dynamic IPs to send mail through the server without allowing relay from non-authenticated users. After a user has authenticated via POP3, IMAP, etc, their IP is set allowed to relay for the next three hours. This provides them plenty of time to read and respond to all their email. Successive authentications during this time extend the time limit.

    SMTP authentication is preferred over roaming users.

    Where do I get vpopmail?

    vpopmail is available for download at sourceforge http://sourceforge.net/projects/vpopmail/. vpopmail is also available at our website http://www.inter7.com/.

    Installing vpopmail

    Getting started

    This documentation assumes qmail is already installed. If you know what you're doing, you can install vpopmail before qmail, which can be useful when patching qmail with patches that require vpopmail. Run these commands only if you do not have qmail installed:

     mkdir /var/qmail/
 mkdir /var/qmail/bin
 touch /var/qmail/bin/qmail-inject
 touch /var/qmail/bin/qmail-newu
 touch /var/qmail/bin/qmail-newmrh

    Before you can configure and install vpopmail, you must create a vpopmail user, and a vpopmail group. An old practice, that most people still follow today, is to name the group vchkpw, and the user vpopmail. The vpopmail tarball will recognize any group name, however, the username must bevpopmail unless you specify an alternative username while configuring.

     groupadd vchkpw
 useradd -g vchkpw vpopmail

    If you plan to use roaming users (POP-before-SMTP), you will need to create a tcpserver rules file that vpopmail can update.

     mkdir -p /home/vpopmail/etc
 echo '127.0.0.1:allow,RELAYCLIENT=""' > /home/vpopmail/etc/tcp.smtp
 tcprules /home/vpopmail/etc/tcp.smtp.cdb /home/vpopmail/etc/tcp.smtp.tmp < /home/vpopmail/etc/tcp.smtp

    Configuring vpopmail

    vpopmail comes packaged with a configure script which will enable the package with the features you want, and disable the ones you don't. To configure vpopmail, while in the vpopmail source directory, run the following command:

    ./configure <options>

    Configure options

     --enable-qmaildir=DIR      Directory where qmail control and user directories are installed /var/qmail.
 --enable-qmail-newu=PATH   Full path to qmail-newu program.
 --enable-qmail-inject=PATH Full path to qmail-inject program.
 --enable-qmail-newmrh=PATH Full path to qmail-newmrh program.
 --enable-vpopuser=USER     User name allocated to vpopmail vpopmail.
 --enable-vpopgroup=GROUP   Group name allocated to vpopmail vchkpw.
 --enable-roaming-users     Enable POP-before-SMTP functionality.
 --enable-tcprules-prog=PATH    Full path to tcprules program /usr/{local/}bin/tcprules.
 --enable-tcpserver-file=PATH   File where tcpserver -x relay information is stored /home/vpopmail/etc/tcp.smtp.
 --disable-rebuild-tcpserver-file  Disable rebuilding of tcpserver relay control file.
 --enable-relay-clear-minutes=#    Expire time for roaming users after pop authentication [180].
 --enable-learn-passwords   If no password is stored for a user, learn it the first time they authenticate.
 --disable-md5-passwords    Use DES crypt() instead of MD5 encryption for passwords.
 --disable-file-locking     Don't use file locking.
 --enable-file-sync         Enable file sync after each message is delivered.
 --disable-make-seekable    Don't try to make input to vdelivermail seekable.
 --disable-clear-passwd     Don't store a cleartext version of the password in addition to the encrypted version.
 --disable-users-big-dir    Disable hashing of user directories.
 --enable-sqwebmail-pass    Store a copy of the user's password in the the user's maildir for use by pre-v3 sqwebmail.
 --enable-qmail-ext         Enable qmail email address extension support.
 --enable-ip-alias-domains  Enable mapping of default domain via reverse ip lookup table.
 --enable-spamassassin      Enable spamassassin. See  README.spamassassin for more info.
 --enable-spamc-prog=PATH   Full path to spamc program /usr/{local/}bin/tcprules.
 --enable-domains-dir=TEXT  Set domains directory name for ~vpopmail/domains/user/.
 --enable-incdir=DIR        Your MySQL/Oracle 'include' directory.
 --enable-libdir=DIR        Your MySQL/Oracle 'lib' directory.
 --enable-auth-module=MOD   Nominate how to store the vpopmail account information (cdb (default), mysql, pgsql, 
                            ldap, oracle, sybase, or activedir).
 --enable-passwd            Enable /etc/passwd (or shadow) accounts in addition to virtual domains.
 --enable-logging=OPT       Log to syslog: n=nothing, e=errors only (default), y=all attempts, 
                            p=errors with passwords, v=verbose (all attempts, withpasswords).
 --enable-log-name=TEXT     Set syslog name vpopmail.
 --disable-auth-logging     Don't record time and ip of last auth attempt. 
                            Valid only for CDB, MySQL, PGSQL, LDAP, ActiveDir.
 --enable-sql-logging       Enable authentication logging to MySQL/Postgres.
 --enable-mysql-limits      Use MySQL to store limits instead of .qmailadmin-limits files.
 --enable-mysql-replication Enable support for replicated MySQL auth servers.
 --enable-valias            Store email aliases in MySQL.
 --disable-many-domains     Creates a table for each virtual domain instead of storing all users in a single table.
                            Only valid for MySQL and PostgreSQL
    qmail extensions

    This configuration allows users to receive mail to addresses in the format username-anything@example.com qmail extensions is enabled by adding --enable-qmail-ext to the configure line. Don't let the name fool you, this feature is maintained by vpopmail, and not qmail. Once this feature is enabled, it automatically works globally for all domains. If you want this feature to be enabled on a per-user, or per-domain basis, you will need to create dotqmail files under the domain directory to support this.

    Compiling

    Once the configure process has been completed, and there are no errors, you will see a table displaying enabled and disabled features. From here, compile:

    make

    If all goes well, and no errors occur:

    make install-strip

    vpopmail is now installed.

    Command-line utilities

    All binaries for user management are, by default, under /home/vpopmail/bin. Almost all the binaries in this directory can be executed, without arguments, to display a usage.

    vadddomain

    Adds a new domain to the mailserver

    vadddomain: usage: vadddomain [options] virtual_domain [postmaster password]
options: -v prints the version
         -q quota_in_bytes (sets the quota for postmaster account)
         -b (bounces all mail that doesn't match a user, default)
         -e email_address (forwards all non matching user to this address [*])
         -u user (sets the uid/gid based on a user in /etc/passwd)
         -d dir (sets the dir to use for this domain)
         -i uid (sets the uid to use for this domain)
         -g gid (sets the gid to use for this domain)
         -O optimize adding, for bulk adds set this for all
            except the last one
         -r[len] (generate a len (default 8) char random postmaster password)

 [*] omit @-sign to deliver directly into user's Maildir: '-e postmaster'

    vaddaliasdomain

    Aliases one domain to another. All users, forwards, autoresponders, etc are the same across the real domain, and the aliased domain.

    vaddaliasdomain: usage: [options] real_domain alias_domain
options: -v (print version number)
note: for backward compatability, you can swap real_domain and alias_domain.

    Notes

    This command creates an entry in the qmail/users/assign file directing all transactions for the new, alias domain name, to the current, real domain. This eliminates needing symlinks, and other harddrive intensive operations.

    vdeldomain

    Deletes a domain from the mailserver, all users, and all mail under this domain

    vdeldomain: usage: [options] domain_name
options: -v (print version number)
         -f (force delete of virtual domains)

    vadduser

    Adds a mailbox to a domain

    vadduser: usage: [options] email_address [passwd]
options: -v (print the version)
         -q quota_in_bytes (sets the users quota, use NOQUOTA for unlimited)
         -c comment (sets the gecos comment field)
         -e standard_encrypted_password
         -n no_password
         -r[len] (generate a len (default 8) char random password)

    vdeluser

    Deletes a mailbox from a domain, including all mail for that user

    vdeluser: usage: [options] email_address
options: -v (print version number)

    vdominfo

    Return basic information about one or all domains hosted on the server

    vdominfo: usage: [options] [domain]
options: -v (print version number)
         -a (display all fields, this is the default)
         -n (display domain name)
         -u (display uid field)
         -g (display gid field)
         -d (display domain directory)
         -t (display total users)

    Note that to return the usage with vdominfo, you must type

    vdominfo -h

    vuserinfo

    Return information about user accounts

    vuserinfo: usage: [options] email_address
options: -v (print version number)
         -a (display all fields, this is the default)
         -n (display name field)
         -p (display crypted password)
         -u (display uid field)
         -g (display gid field)
         -c (display comment field)
         -d (display directory)
         -q (display quota field)
         -Q (display quota usage)
         -C (display clear text password)
         -l (display last authentication time)
         -D domainname (show all users on this domain)

    vmoduser

    Modify user settings and flags

    vmoduser: usage: [options] email_addr or domain (for each user in domain)
options: -v ( display the vpopmail version number )
         -n ( don't rebuild the vpasswd.cdb file )
         -q quota ( set quota )
         -c comment (set the comment/gecos field )
         -e encrypted_passwd (set the password field )
         -C clear_text_passwd (set the password field )
the following options are bit flags in the gid int field
         -x ( clear all flags )
         -d ( don't allow user to change password )
         -p ( disable POP access )
         -s ( disable SMTP AUTH access )
         -w ( disable webmail [IMAP from localhost*] access )
            ( * full list of webmail server IPs in vchkpw.c )
         -i ( disable non-webmail IMAP access )
         -b ( bounce all mail )
         -o ( user is not subject to domain limits )
         -r ( disable roaming user/pop-before-smtp )
         -a ( grant qmailadmin administrator privileges )
         -S ( grant system administrator privileges - access all domains )
         -E ( grant expert privileges - edit .qmail files )
         -f ( disable spamassassin)
         -F ( delete spam)
  [The following flags aren't used directly by vpopmail but are]
  [included for other programs that share the user database.]
         -u ( set no dialup flag )
         -0 ( set V_USER0 flag )
         -1 ( set V_USER1 flag )
         -2 ( set V_USER2 flag )
         -3 ( set V_USER3 flag )

    Notes

    The vmoduser command is very useful for more advanced user options. Each user has a set of flags that can be set on them. For instance, 'No webmail' will disallow them to use a webmail interface, and 'No POP3' will not allow them to download mail via POP. Generally people use these flags to nudge customers who haven't paid, or to provide specific services to users who are paying for specific services (ie: webmail or pop3, etc). You can also set a flag which disallows them to send mail. Other than user flags, one can also set quotas with this command.

    • -s ( no smtp access ) if you have qmail-smtpd patched to support smtp authentication using the vchkpw program, then this option will cause the smtp connection to be dropped. Which in effect makes it impossible for the user to send email.
    • -r ( no external relay flag ) With this option turned on, the user will be able to only send email to local accounts. They will not be able to send email out to the internet. For example: A company can create internal email only accounts.

    vpopbull

    Short for vpopmail bulletin, vpopbull mass-mails local users an email.

    usage: vpopbull [options] -f [email_file] [virtual_domain] [...]
       -v (print version number)
       -V (verbose)
       -f email_file (file with message contents)
       -e exclude_email_addr_file (list of addresses to exclude)
       -n (don't mail. Use with -V to list accounts)
       -c (default, copy file)
       -h (use hard links)
       -s (use symbolic links)

    Notes

    The vpopbull command solves a number of problems with trying to mail all your users. Firstly, you dont need to maintain a list of all your user accounts to email to. Secondly, emailing users through the actual qmail server would be inefficient. vpopbull drops messages directly into their Maildir directories where they can be picked up by POP3, webmail, etc, making the operation a simple copy operation instead of an actual mailing operation.

    The email sent must be a fully valid email message, including From, and Subject headers, followed by a blank line, followed by the message. The one exception is that a To header should not be included.

    From: <example@example.com>
Subject: Server maintenance

Dear example.com users,

   We will be performing maintenance on the mail server tomorrow morning.
The maintence window will be between 3am and 5am, and the server will be
down turning this time.

Thank you for your patience,
The example.com Staff

    More complicated messages, including ones with attachments, etc, can also be made, however the specifics of generating a multipart message is out of the scope of this document.

    vpasswd

    vpasswd is used to change passwords for users on the system.

    vpasswd: usage: [options] email_address [password]
options: -v (print version number)
         -r generate a random password

    vchangepw

    vchangepw allows changing of passwords for email addresses hosted on the system. This differs from vpasswd in that it requires you to know the current password for the email address. Note that there is no usage for this binary.

    Tom Collins submitted a patch to the vpopmail tree including this binary

    vsetuserquota

    vsetuserquota is used to modify quotas for a single user, or on all users on a domain. See Vpopmail#Quotas for details on quotas.

    vsetuserquota: [options] email_address|domain_name quota
options:
-v (print version number)

If you specify a domain name rather than an email address,
the quota will be applied to all users in that domain

    Other binaries

    You will probably notice that there are binaries in the bin directory that aren't listed above. These binaries are either used by vpopmail to handle delivery or other aspects of the mail system management, or they are used by more advanced users or users who are migrating data between databases.

    clearopensmtp

    When vpopmail has been compiled with the --enable-roaming-users=y flag enabled, this binary is run out of the crontab every 5 minutes to update the list of IPs that are no longer allowed to send mail. This is a binary used by the Roaming Users feature of vpopmail.

    dotqmail2valias

    When vpopmail has been compiled with the --enable-valias=y flag, this binary will find all dotqmail files under vpopmail and convert them to valias entries in the database.

    valias

    When configured with --enable-valias=y, the valias command can be used to add, edit, and delete valiases from the database.

    vchkpw

    vchkpw is the authentication mechanism used by qmail to check passwords required for downloading mail, and in the case of SMTP_AUTH, sending mail.

    vconvert

    vconvert is used during conversions and migrations between different database methods. Specifically, vconvert can convert to and from several databases, all information about the users on a vpopmail system.

    vconvert: usage
 The first option sets which format to convert FROM,
 the second option sets which format to convert TO.
 -e = etc format
 -c = cdb format
 -m = sql format
 -S = set sqwebmail passwords
 -v = version
 -d = debug info

    vdelivermail

    vdelivermail is vpopmail's delivery agent. It handles delivery of messages, bouncing, catch-alls, etc. You will find calls to vdelivermail in the .qmail-default file under each domain.

    As this is a binary internal to vpopmail's operation, there is no usage provided by the binary. vdelivermail can be called with the following syntax:

     vdelivermail  <default action>

    The 'default action' may be one of the following:

       bounce-no-mailbox
 
   All mail to non-existing recipients on this domain will be bounced.  Additionally,
   if the chkuser patch is installed, the recipient will be rejected during the SMTP
   session as a failed RCPT TO response message.

       delete
 
   All mail to non-existing recipients will be accepted and silently dropped for this
   domain

       /path/to/Maildir/
 
   All mail to non-existing recipients will be accepted and delivered into the Maildir

    It should be noted that in the current climate of mail abuse via spammers and viruses, that all settings other than bounce-no-mailbox with the chkuser patch installed, are considered a potential problem. Dictionary attacks can take a server to its knees.

    vdeloldusers

    vdeloldusers compares the last authentication time for all users against an age in days provided on the command-line, and removes all users which match.

    vdeloldusers: usage: [options]
options: -a age_in_days (will delete accounts older than this date)
                        (default is 6 months or 180 days)
         -v (print version number and exit)
         -d [domain] (process only [domain])
         -e (process every domain)
         -D (actually delete users. no users are deleted without this option)
         -V (verbose -- print old users that will be deleted)

    vipmap

    vipmap stands for Vpopmail IP Map. It maps connections on specific IPs, to a particular domain, enabling users to provide just their username for authentication as opposed to the standard user@domain syntax, providing they have connected to a mapped IP.

    vipmap: usage: [options] ip domain
options: -d delete mapping
         -a add mapping
         -p print mapping
         -v show version

    vkill

    vkill is used internally by vpopmail to kill its own processes.

    vmkpasswd

    vmkpasswd generates the vpasswd.cdb files seen under each of your domain directories. The CDB format allows for faster lookups of information by providing a disk-based hashtable database.

    This could be handful for people who are copying one domain to another server. Here is a list of things you have to finish to make it all work again:
    - Find directory of domain with vuserinfo on server A
    - Add this domain to server B, with the same password as it was on server A
    - Find out where the domain is located at server B and change to this directory
    - Use rsync to download the entire directory from server A like this, make sure you are in the example.com at server B:
    rsync -avz serverA:/dirofvpopmail/domains/example.com/ .
    - Make also sure that all the files have vpopmail as its user and vchkpw as its group
    - Now check vpasswd in the domain directory. It could have happened that your domain directory has been changed, if so, edit the directory value and run vmkpasswd example.com.

    vmoddomlimits

    vmoddomlimits provides a command-line interface for modifying the .qmailadmin-limits files that may appear under your domains' directories. This file specifies how many users, forwards, mailing lists, etc that a user with the postmaster password may create with Qmailadmin.

    vmoddomlimits: usage: [options] domain
options: -v ( display the vpopmail version number )
         -d ( use the vlimits.default file, instead of domain )
         -S ( show current settings )
         -D ( delete limits for this domain, i.e. switch to default limits)
         -Q quota-in-megabytes ( set domain disk quota, '100' = 100 MB )
         -q quota-in-bytes ( set default user quota, '10M' = 10 MB )
         -M count ( set domain max msg count )
         -m count ( set default user max msg count )
         -P count ( set max amount of pop accounts )
         -A count ( set max amount of aliases )
         -F count ( set max amount of forwards )
         -R count ( set max amount of autoresponders )
         -L count ( set max amount of mailing lists )
the following options are bit flags in the gid int field
          -g "flags"  (set flags, see below)
          gid flags:
            u ( set no dialup flag )
            d ( set no password changing flag )
            p ( set no pop access flag )
            s ( set no smtp access flag )
            w ( set no web mail access flag )
            i ( set no imap access flag )
            r ( set no external relay flag )
            c ( set no spamassasssin flag )
           x ( set delete spam flag )
the following options are bit flags for non postmaster admins
         -p "flags"  (set pop account flags)
         -a "flags"  (set alias flags)
         -f "flags"  (set forward flags)
         -r "flags"  (set autoresponder flags)
         -l "flags"  (set mailinglist flags)
         -u "flags"  (set mailinglist users flags)
         -o "flags"  (set mailinglist moderators flags)
         -x "flags"  (set quota flags)
         -z "flags"  (set default quota flags)
         perm flags:
            a ( set deny all flag )
            c ( set deny create flag )
            m ( set deny modify flag )
            d ( set deny delete flag )

    vpopmaild

    vpopmaild is a daemon, still under development, which provides a network-based interface to the vpopmail API. There is no further support yet available for this part of vpopmail.

    For more information see vpopmaild

    vqmaillocal

    vqmaillocal is a development testing program, and has no impact on a vpopmail system.

    Other Features

    Here is a list of features that are not so commonly used, but definately have their place.

    valias

    valias provides use of special delivery instructions normally found in dotqmail, from a database. Depending upon systems, this may or may not increase efficiency. Careful thought as to system size, and scalability must be taken into account when enabling and using this feature.

    API

    The vpopmail API gives developers access to vpopmail functions such as adding domains, adding users, and updating user passwords. vpopmail, in general, does not make any of its API private, but this document will cover high-level functions; the functions command-line utilities call. vpopmail has a set of standard error codes that all functions can return. To properly utilize vpopmail's API, return code checking should be done after all calls. High-level function calls, as they are refered to as in this document, are prefixed with a v. Care, and a good understanding of vpopmail's API should be used when calling other functions.

    This documentation is current as of vpopmail version 5.4.15

    Return codes

    vpopmail's return codes are for the most part self-explanitory. Further documentation is not really needed. This list is taken from vpopmail.h. All high-level vpopmail API functions return VA_SUCCESS on successful calls, and one of the below error codes on failure.

    #define VA_SUCCES                         0
#define VA_ILLEGAL_USERNAME              -1
#define VA_USERNAME_EXISTS               -2
#define VA_BAD_DIR                       -3
#define VA_BAD_U_DIR                     -4
#define VA_BAD_D_DIR                     -5
#define VA_BAD_V_DIR                     -6
#define VA_EXIST_U_DIR                   -7
#define VA_BAD_U_DIR2                    -8
#define VA_SUBDIR_CREATION               -9
#define VA_USER_DOES_NOT_EXIST          -10
#define VA_DOMAIN_DOES_NOT_EXIST        -11
#define VA_INVALID_DOMAIN_NAME          -12
#define VA_DOMAIN_ALREADY_EXISTS        -13
#define VA_COULD_NOT_MAKE_DOMAIN_DIR    -14
#define VA_COULD_NOT_OPEN_QMAIL_DEFAULT -15
#define VA_CAN_NOT_MAKE_DOMAINS_DIR     -16
#define VA_COULD_NOT_UPDATE_FILE        -17
#define VA_CRYPT_FAILED                 -18
#define VA_COULD_NOT_OPEN_DOT_QMAIL     -19
#define VA_BAD_CHAR                     -20
#define VA_SQWEBMAIL_PASS_FAIL          -21
#define VA_BAD_UID                      -22
#define VA_NO_AUTH_CONNECTION           -23
#define VA_MEMORY_ALLOC_ERR             -24
#define VA_USER_NAME_TOO_LONG           -25
#define VA_DOMAIN_NAME_TOO_LONG         -26
#define VA_PASSWD_TOO_LONG              -27
#define VA_GECOS_TOO_LONG               -28
#define VA_QUOTA_TOO_LONG               -29
#define VA_DIR_TOO_LONG                 -30
#define VA_CLEAR_PASSWD_TOO_LONG        -31
#define VA_ALIAS_LINE_TOO_LONG          -32
#define VA_NULL_POINTER                 -33
#define VA_INVALID_EMAIL_CHAR           -34
#define VA_PARSE_ERROR                  -35
#define VA_CANNOT_READ_LIMITS           -36
#define VA_CANNOT_READ_ASSIGN           -37
#define VA_CANNOT_OPEN_DATABASE         -38
#define VA_INVALID_IP_ADDRESS           -39
#define VA_QUERY_FAILED                 -40
#define VA_STORE_RESULT_FAILED          -41
#define VA_INVALID_OPEN_MODE            -42
#define VA_CANNOT_CREATE_DATABASE       -43
#define VA_CANNOT_CREATE_TABLE          -44

    Functions

    Add domain - vadddomain()

    Add support for a domain to the vpopmail+qmail system.

    Declaration

    int vadddomain( char *domain, char *dir, uid_t uid, gid_t gid )

    Usage

    The domain argument is the domain to be added to the system. Your qmail control/rcpthostscontrol/virtualdomains, and users/assign will be updated, and the vpopmail authentication module will be updated with the proper details. The dir parameter sets the directory where the domain will be added under. In most cases, this will be the vpopmail/domains directory.

    Notes

    This API function does not add a postmaster account.

    Delete domain - vdeldomain()

    Remove a domain from the vpopmail+qmail system.

    Declaration
    int vdeldomain( char *domain )
    Usage

    Passing the domain option will update the qmail control/rcpthostscontrol/virtualdomainsusers/assign, as well as updating the authentication module.

    Notes

    All mail storage, and user authentication information will be removed for this domain. When in doubt, make backups.

    Add user - vadduser()

    Add a user to a domain on a vpopmail system.

    Declaration
    int vadduser( char *username, char *domain, char *password, char *gecos, int apop )
    Usage

    The username will be added under domain with a password of password, and a GECOS of gecos via the authentication module. Any directory hashing will be handled by vpopmail internally. If apop is set to 1, the apop secrets file will be updated.

    Delete user - vdeluser()

    Remove a user from the vpopmail system.

    Declaration

    int vdeluser( char *user, char *domain )

    Usage

    Removes an entry from the authentication module's database, and removes all user data.

    Notes

    All user authentication information, and mailstore data associated with this user will be deleted. Make backups where appropriate.

    Change user password - vpasswd()

    Update a user's password.

    Declaration

    int vpasswd( char *username, char *domain, char *password, int apop )

    Usage

    vpasswd updates a user authentication entry in the authentication module's database where username is the user portion of the email address, domain is the domain portion of the email address, and password is a clear-text version of the user's password. The apop flag is not used.

    Set user quota - vsetuserquota()

    Declare a user's mailstore quota.

    Declaration

    int vsetuserquota( char *username, char *domain, char *quota )

    Usage

    Updates the authentication module's database with a Maildir-quota-style quota as defined by quota for username@domain. The user's mailstore usage is also re-calculated.

    Troubleshooting

    How to troubleshoot vpopmail

    vpopmail is relatively easy to troubleshoot, given a little background knowledge on how it processes authentication information, and message delivery information. Before you head down below for specific information about a problem you might be having, get aquainted with how vpopmail handles your day-to-day mail activities.

    Authentication

    In order to authenticate users, there's a series of steps that is taken. We will be examining vchkpw, the standard binary used for authentication with POP3.

    • Firstly, vchkpw expects a valid username.

    Because vpopmail is a virtual domain package, it also needs to know what domain they're on. Depending upon the system configuration, the username will sometimes be simply 'username', with a domain mapped either to an IP, or as a default domain, but generally the username will be 'user@domain'. Does the username contain entirely valid characters? Does the domain contain valid characters?

    • Next vpopmail opens the qmail/users/cdb

    file to determine if the domain is valid. Here is where permissions errors come in. Can the process trying to authenticate access the cdb file? Does the cdb file exist? Is it updated with the latest information from the qmail/users/assign file? Is there an issue with the contents of the assign file causing the cdb file not to be updated? As you can see, each step can have a number of actual causes, but generally they all cause a similar symptom, which can make determining the actual cause a little difficult.

    • The next step is to determine if the username provided exists on that domain.

    Depending upon the authentication storage scheme, yet more issues can arise here. For the sake of this document, we will assume CDB, however, those of you using MySQL, or another network-based DB may wish to make sure your authentication information is correct. Can the process wishing to authenticate access the vpasswd.cdb file? All processes accessing authentication information for vpopmail must be at least SUID/SGID vpopmail. Note that files under the vpopmail directory should NEVER have their permissions changed to be read by users other than the vpopmail user. Does the vpasswd.cdb file exist? Has it been updated with the latest information from the vpasswd file? Does the vpasswd file contain entirely valid syntax?

    • Next it compares their password.

    Obviously the question here is, do they have the correct password?

    • Now user flags are checked.

    Are they allowed to access the POP server? At this point, other flags are checked for other services as well. SMTP, IMAP, etc.

    • Now we set up the environment to deal with their mailbox files.

    Are the permissions on the user's home directory and Maildir correct?

    • The next, and final step is to execute the POP handler.

    If this part fails, make sure your POP binary is there, and that it can be executed by the process.

    Specific Issues

    One of my users can't authenticate via POP3

    • Is the user using the correct login name?

    Sometimes users are simply using the wrong login name. Try verifying their login information yourself before going any further.

    • Is the user using the correct login syntax?

    Depending upon the configuration of the system, one may need to log in with different username formats. user@domain is the most common. Be sure your users know that this is the correct format for authenticating for mail.

    • Is the user using the correct password?

    Systems with clear-text passwords enabled can allow administrators and technical staff to quickly diagnose this issue.

    • Is the POP3 server running as root?

    The POP3 server must run as root so that it may change the proper UID/GID after it determines what that UID/GID is.

    • Does the qmail/users/assign file contain the domain?
    • Does the qmail/users/assign file contain proper syntax?
    • Is the qmail/users/cdb file up to date?
    • Are permissions correct on the vpopmail home directory and sub-directories?

    When using MySQL for authentication, I get the error vmysql: sql error[3] MySQL server has gone away

    This is almost always caused by permissions, or authentication problems. First, using the information from ~vpopmail/etc/vpopmail.mysql, try to access the MySQL database via the mysql client as the vpopmail system user. (Depending upon your system, you may need to use sudo)

    # su vpopmail
$ mysql -u vpopmail -p vpopmail
Enter password:

    At this point, you may have received any number of errors. If you get to a MySQL prompt, try the following:

    mysql> show tables;

    Pick a table. vpopmail is a good one to use

    mysql> select count(*) from vpopmail;

    The most common problem here is that vpopmail cant access the MySQL socket. Check the location where your MySQL server is creating the socket file, and be sure the vpopmail user can read and write to it.

    This problem can also be caused, under certian circumstances on FreeBSD 4.x and 5.x systems when MySQL is compiled with the following options:

    WITH_LINUXTHREADS=YES

    This is the default compile for many FreeBSD ports distrobutions as it solves several 'spin-locking' and other performance and latency issues. However when a system is under high load it may cause a problem with vpopmail showing the "vmysql: sql error[3] MySQL server has gone away" or no error at all. re-compiling MySQL WITH_LINUXTHREADS=NO will solve this problem.

    I've lost all my qmail control files

    This can occur because of disk corruption, or administrative mistakes. Either way this is actually solved rather easily. This will recover your domain hosting information, but not any of your other control files.

    To use this script, copy the below contents to ~vpopmail/domains/gen-hashed.sh It *must* be called gen-hashed.sh, and it must reside in ~vpopmail/domains. Then just run it. There is no output except three files are created, controls.rcpthosts, controls.virtualdomains, users.assign. These three files should be copied or moved into their respective locations inside the qmail directory.

    #!/bin/sh
#
# Generate control files from hashed
# vpopmail domain tree.  Should be run
# from ~vpopmail/domains directory,
# and script should be named gen-hashed.sh
#
# <matt@inter7.com>
#
 
SUB=""
  
rm -f users.assign control.rcpthosts control.virtualdomains

if [ $# -eq 1 ]; then
        CPWD=$PWD
        SUB=$1/
        cd $1
fi
 
for i in *; do
        if [ ! -d $i ]; then
                continue
        fi

        if [ ${#i} -eq 1 ]; then
                /home/vpopmail/domains/gen-hashed.sh $i
                continue
        fi


        if [ "$CPWD" != "" ]; then
                CPWD="${CPWD}/"
        fi

        echo "+$i-:$i:89:89:$PWD/$i:-::" >> ${CPWD}users.assign
        echo "$i:$i" >> ${CPWD}control.virtualdomains
        echo "$i" >> ${CPWD}control.rcpthosts
done

if [ "$SUB" != "" ]; then
        cd $CPWD
fi

if [ $# -eq 0 ]; then
        echo "." >> ${CPWD}users.assign
fi


    Qmail Conflicts

    If the program qmail-pw2u is run, it will delete the existing contents of /var/qmail/users/assign. If this happens, run the gen-hashed.sh script in the previous section. The qmail RPM by Bruce Guenter includes a cron job that runs qmail-pw2u hourly, you need to disable the cron job.

    Nguyen dinh thien viettelidc.com.vn

    welcome here


    vpopmail-5.4.33.tar.gz


    :

    [qmail] qmail 다운로드 & 설치

    ITWeb/서버관리 2012. 5. 9. 12:39

    [Qmail link]

    http://www.qmail.org/
    http://qmail.yongbok.net/top.html
    http://www.qmail.org/netqmail/
    http://www.qmail.org/netqmail-1.06.tar.gz
    http://www.lifewithqmail.org/
    http://cr.yp.to/qmail.html
    http://www.qmail.org/man/misc/INSTALL.txt

    qmail-1.03 에 대해 개선된 버전이 netqmail-1.06 이내요.. 

    다운로드 및 설치 시 참고하시면 되겠내요.

    Qmail Quickstarter- Install, Set Up and Run your own Email .zip


    netqmail-1.06.tar.gz


    [설치문서]

    SAVE COPIES OF YOUR OUTGOING MAIL! Like any other piece of software (and
information generally), the qmail system comes with NO WARRANTY. It's
much more secure and reliable than sendmail, but that's not saying much.


Things you have to decide before starting:

* The qmail home directory, normally /var/qmail. To change this
directory, edit conf-qmail now.

* The names of the qmail users and the qmail groups. To change these
names, edit conf-users and conf-groups now.


To create /var/qmail and configure qmail (won't interfere with sendmail):

 1. Create the qmail home directory:
       # mkdir /var/qmail

 2. Read INSTALL.ids. You must set up the qmail group and the qmail
    users before compiling the programs.

 3. Compile the programs and create the qmail directory tree:
       # make setup check

 4. Read INSTALL.ctl and FAQ. Minimal survival command:
       # ./config

 5. Read INSTALL.alias. Minimal survival command:
       # (cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root)
       # chmod 644 ~alias/.qmail*

 6. Read INSTALL.mbox and INSTALL.vsm.

 7. Read INSTALL.maildir.

 8. Copy /var/qmail/boot/home (or proc) to /var/qmail/rc.


To test qmail deliveries (won't interfere with sendmail):

 9. Enable deliveries of messages injected into qmail:
       # csh -cf '/var/qmail/rc &'

10. Read TEST.deliver.


To upgrade from sendmail to qmail:

11. Read SENDMAIL. This is what your users will want to know about the
    switch from sendmail to qmail.

12. Read REMOVE.sendmail. You must remove sendmail before installing
    qmail.

13. Read REMOVE.binmail.

14. Add
            csh -cf '/var/qmail/rc &'
    to your boot scripts, so that the qmail daemons are restarted
    whenever your system reboots. Make sure you include the &.

15. Make qmail's ``sendmail'' wrapper available to MUAs:
       # ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
       # ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
    /usr/sbin might not exist on your system.

16. Set up qmail-smtpd in /etc/inetd.conf (all on one line):
            smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env
            tcp-env /var/qmail/bin/qmail-smtpd

17. Reboot. (Or kill -HUP your inetd and make sure the qmail daemons
    are running.)

18. Read TEST.receive.



That's it! To report success:
       % ( echo 'First M. Last'; cat `cat SYSDEPS` ) | mail djb-qst@cr.yp.to
Replace First M. Last with your name.

If you have questions about qmail, join the qmail mailing list; see 

    http://pobox.com/~djb/qmail.html.


    :

    [qmail] daemontools 설치

    ITWeb/서버관리 2012. 5. 9. 11:56

    [원본링크]

    http://cr.yp.to/daemontools.html
    http://cr.yp.to/daemontools/install.html
    http://cr.yp.to/daemontools/daemontools-0.76.tar.gz


    [원본글]

    D. J. Bernstein 

    UNIX

    daemontools

    How to install daemontools 
    Upgrading from previous versions of daemontools 
    Frequently asked questions

    How to start daemontools 
    The svscanboot program 
    The svscan program 
    The supervise program 
    The svc program 
    The svok program 
    The svstat program 
    The fghack program 
    The pgrphack program

    The readproctitle program 
    The multilog program 
    The tai64n program 
    The tai64nlocal program

    The setuidgid program 
    The envuidgid program 
    The envdir program 
    The softlimit program 
    The setlock program

    The logging utilities in daemontools are discussed on the log mailing list.

    What is it?

    daemontools is a collection of tools for managing UNIX services.

    supervise monitors a service. It starts the service and restarts the service if it dies. Setting up a new service is easy: all supervise needs is a directory with a run script that runs the service.

    multilog saves error messages to one or more logs. It optionally timestamps each line and, for each log, includes or excludes lines matching specified patterns. It automatically rotates logs to limit the amount of disk space used. If the disk fills up, it pauses and tries again, without losing any data.

    D. J. Bernstein 
    UNIX 
    daemontools

    How to install daemontools

    Like any other piece of software (and information generally), daemontools comes with NO WARRANTY.

    System requirements

    daemontools works only under UNIX.

    Installation

    Create a /package directory:
         mkdir -p /package
     chmod 1755 /package
     cd /package
    Download daemontools-0.76.tar.gz into /package. Unpack the daemontools package:
         gunzip daemontools-0.76.tar
     tar -xpf daemontools-0.76.tar
     rm -f daemontools-0.76.tar
     cd admin/daemontools-0.76
    Compile and set up the daemontools programs:
         package/install
    On BSD systems, reboot to start svscan.

    To report success:

         mail djb-sysdeps@cr.yp.to < /package/admin/daemontools/compile/sysdeps


    daemontools-0.76.tar.gz



    :

    [qmail] ucspi-tcp 설치

    ITWeb/서버관리 2012. 5. 9. 11:51

    [원본링크]

    http://cr.yp.to/ucspi-tcp.html
    http://cr.yp.to/ucspi-tcp/install.html
    http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz


    [원본글]

    D. J. Bernstein 
    TCP/IP

    ucspi-tcp

    How to install ucspi-tcp 
    Upgrading from previous versions of ucspi-tcp

    The tcpserver program 
    The tcprules program 
    The tcprulescheck program 
    The argv0 program 
    The fixcrio program 
    The recordio program 
    The rblsmtpd program

    The tcpclient program 
    The who@ program 
    The date@ program 
    The finger@ program 
    The http@ program 
    The tcpcat program 
    The mconnect program 
    The addcr and delcr programs

    TCP environment variables

    What is it?

    tcpserver and tcpclient are easy-to-use command-line tools for building TCP client-server applications.

    tcpserver waits for incoming connections and, for each connection, runs a program of your choice. Your program receives environment variables showing the local and remote host names, IP addresses, and port numbers.

    tcpserver offers a concurrency limit to protect you from running out of processes and memory. When you are handling 40 (by default) simultaneous connections, tcpserver smoothly defers acceptance of new connections.

    tcpserver also provides TCP access control features, similar to tcp-wrappers/tcpd's hosts.allow but much faster. Its access control rules are compiled into a hashed format with cdb, so it can easily deal with thousands of different hosts.

    This package includes a recordio tool that monitors all the input and output of a server.

    tcpclient makes a TCP connection and runs a program of your choice. It sets up the same environment variables as tcpserver.

    This package includes several sample clients built on top of tcpclient: who@, date@, finger@, http@, tcpcat, and mconnect.

    tcpserver and tcpclient conform to UCSPI, the UNIX Client-Server Program Interface, using the TCP protocol. UCSPI tools are available for several different networks.

    Other command-line TCP tools

    The current ucspi-tcp interface is a refinement of the tcpserver/tcpclient interface in my 1991 clientserver package, which replaced the attachport/authtcp interface in my 1989 auth package.

    ucspi-tcp now competes with several other programs:

    • inetd, a root-only TCP server supplied by all UNIX vendors;
    • xinetd, a replacement for inetd;
    • the mconnect client supplied as part of SunOS;
    • the socket program;
    • faucet and hose, part of the netpipes package; and
    • the netcat program, which also supports UDP.

    Many sites are replacing inetd with tcpserver, for several reasons:

    • inetd is unreliable under high loads. It cuts off service for 10 minutes if it receives ``too many'' connections in 1 minute.
    • inetd does not provide effective resource management. It will happily use up all your memory if you are running a popular service.
    • inetd has trouble with sudden bursts of activity. Its listen() backlog is typically only 5 or 10 and cannot be raised.


    D. J. Bernstein 
    TCP/IP 
    ucspi-tcp

    How to install ucspi-tcp

    Like any other piece of software (and information generally), ucspi-tcp comes with NO WARRANTY.

    System requirements

    ucspi-tcp works only under UNIX.

    Installation

    Download the ucspi-tcp package. The latest published ucspi-tcp package is ucspi-tcp-0.88.tar.gz.

    Unpack the ucspi-tcp package:

         gunzip ucspi-tcp-0.88.tar
     tar -xf ucspi-tcp-0.88.tar
     cd ucspi-tcp-0.88

    Compile the ucspi-tcp programs:

         make

    As root, install the ucspi-tcp programs under /usr/local:

         make setup check

    To report success:

         ( echo 'First M. Last'; cat `cat SYSDEPS` ) \
     | mail djb-sysdeps@cr.yp.to 

    Replace First M. Last with your name.


    ucspi-tcp-0.88.tar.gz


    :

    Qmail, pop3, imap 관련.

    ITWeb/서버관리 2012. 4. 20. 10:44


    MTA : SMTP 지원 서버 sendmail , qmail 등 ...
    MUA : outlook 등
    MDA : MTA 가 메일을 수신받아 메일함에 저장하는 agent ex) vpopmail , qmail-local....
    MRA : 리모트 서버에 있는 우편함으로부터 사용자의 MUA로 메시지를 가져오는 프로그램 ex) dovecot , courier-imap , qmail-pop3d ....

    1. qmail에서 pop3 는 기본 패키지

    http://www.nrg4u.com/qmail/the-big-qmail-picture-103-a4.pdf

    여기서 보통 qmail 사용시 vpopmail 을 함께 연동해서 가상도메인(/etc/passwd에 계정 생성하지 않아도됨)을 사용해서
    계정/도메인을 관리할수 있음
    vpopmail 용도는? http://qmail.kldp.net/phpbb/viewtopic.php?f=2&t=4502&start=0

    vpopmail을 사용하게 되면 qmail 기본 패키지 checkpassword 대신 vchkpw 사용하게됨

    결론적으로 pop3는 기본 qmail 패키지 이용하는게 일반적임

    2. imap 경우 기본 qmail 에서 제공하지 않고 여러 오픈소스가 있음 구글링해보면 주로 qmail + dovecot 와 qmail+ courier-imap 을 많이 검색됨

       (꼭 imap 뿐아니라 설정에 따라 pop3 도 지원함)

     
    dovecot를 설치 : http://community.365managed.com/?document_srl=191, http://www.dovecot.org/download.html

    :

    Qmail 라우팅

    ITWeb/서버관리 2012. 4. 19. 15:51

    Qmail smtproutes 설정 글들 링크 두개 추가 합니다.


    [원본링크]

    http://community.365managed.com/?document_srl=843&mid=server

    [원본글]


    [원본링크]

    http://community.365managed.com/?document_srl=857

    [원본글]


    :

    Life With Qmail - from KLDP

    ITWeb/서버관리 2012. 4. 18. 22:48

    메일서비스 개발을 해야 하다 보니.. 봐야 할게 많내요.. 
    일단 필요하다 싶은건 다 모아봅시다... 


    [원본글]

    http://wiki.kldp.org/Translations/Life_With_Qmail-KLDP


    [번역글]


    :
    ◀ PREV : [1] : [2] : [3] : NEXT ▶

    티스토리툴바