Hi Guys, I've been a Qmail users since Peter Samuel at SLUG.org.au did his talk a long long time ago.
Now down to business. I have an issue with vpopmail failing with virtualmin, a webmin spin off.. http://www.virtualmin.com/node/22970 Basically what happening is this, virtualmin is configuring |/var/vpopmail/bin/vdelivermail user@domain for aliases and it's breaking. Why it's breaking I don't exactly know why, because according to the valias code pipes are supported. I seek confirmation on the mysql implementation of vmail aliases. * multiple aliases for the same domain are supported (true) * if qmail extensions are used (user-ext@domain) in aliases they will be used INSTEAD of the user's alias (?) * qmail extensions are supported on aliases if there is not a better match (see above) ? how do qmail extensions on aliases flow through to the user accounts ? * pipes are supported (true) (see caveat) * &forwarding is supported - in order to support non-standard email naming conventions i.e. dot qmail compliancy (true?) * mbox delivery is not supported (true) * if no hostname is provided on alias it will use /var/qmail/control/defaultdelivery (true? seems to be using /var/qmail/bin/qmail-inject at some point noenvhost is ignored) * aliases are processed before users (true) * if the database is down, a soft delivery delay occurs (true) * mail loops for valiases only are detected (true) (not for user accounts bouncing back to a valias??) * delivery to maildir folders are supported if the full path is specified (true) * delivery to maildir folders are supported for relative paths in relation to vpopmail's home directory defined in /etc/passwd (true?) i.e. ./domains/ hiled.biz/user/.maildir/ is prepended by vpopmail's home directory * a maildir folder needs a ./ or a / at the beginning of the line to be processed (true/false?) * anything else that should go into the readme file thats not there.... I do hope some people can look at that virtualmin ticket to theorize why vdelivermail doesn't like calling itself to do another delivery. The issue doesn't affect me, it's just that some other setup's and indeed virtualmin's non-sql-backend setups are all doing it this way. It did take day to hunt down, but finally my pain is over (i never thought of checking the valias database) I'm also petitioning virtualmin to be fixed fixed to work with gentoo's defacto .maildir defaultdelivery standard for qmail. They had hardcoded ./Maildir in their source. Speaking of the maildrop patch for virtualmin, I don't like it in it's current form. It's messy. I think that vpopmail should support this setup instead. 1) If a domain is not owned by vpopmail:vckpwd/vpopmail still configure /var/qmail/users/assign to use uid/gid 89 (vpopmail) - see below, this should be configured by a #ifdef MAILDROP 2) Add maildrop to your system as SUID with it set up that vpopmail is a trusted user. --configure-trusted-users=x,y,z,vpopmail in maildrop configure script. [ Due to the amount of personal information vpopmail system could release, it should be pretty locked down anyway if any system administrator is worth his salt.] 3) I patched vdelivermail to spawn vpopmail in LDA mode. --- vdelivermail.c.orig 2012-08-03 06:51:43.397294158 +0000 +++ vdelivermail.c 2012-08-03 07:56:38.802799846 +0000 @@ -409,7 +409,7 @@ #ifdef MAILDROP if ( limits.disable_maildrop==0 && vpw!=NULL && !(vpw->pw_gid & NO_MAILDROP) ) { - sprintf(maildrop_command, "| preline %s", MAILDROP_PROG); + sprintf(maildrop_command, "| preline %s -a -d %s@%s", MAILDROP_PROG, TheUser, TheDomain); run_command(maildrop_command); DeleteMail = 1; return(0); This way maildrop sets up the home directory, the maildir directory and the appropriate user ID tself. You can still have site-wide configuration by /etc/maildroprc 4) To make point #3 working you need courier-authlib working. They have just recently the removed vpopmail authentication backend. However SQL / LDAP or whatever vpopmail uses can be queried. Here is an an example for mysql. /etc/courier/authlib/authmysqlrc: #address of mysql server MYSQL_SERVER localhost #login for mysql MYSQL_USERNAME vpopmail #password for mysql MYSQL_PASSWORD secret # of course i don't use the default password ^%% #path to mysql socket MYSQL_SOCKET /var/run/mysqld/mysqld.sock #mysql port #MYSQL_PORT 3306 #mysql options (leave alone) MYSQL_OPT 0 #name of mysql database MYSQL_DATABASE vpopmail MYSQL_USER_TABLE vpopmail #mysql charset to use MYSQL_CHARACTER_SET utf8 #default domain to use, when no domain is supplied by user DEFAULT_DOMAIN hiled.biz #MYSQL_CRYPT_PWFIELD pw_passwd #MYSQL_CLEAR_PWFIELD pw_clear_passwsd #MYSQL_LOGIN_FIELD CONCAT(pw_name, '@', pw_domain) #MYSQL_NAME_FIELD pw_gecos #MYSQL_HOME_FIELD pw_dir #MYSQL_QUOTA_FIELD pw_shell #MYSQL_UID_FIELD #ISNUMERIC(pw_shell) AS quota, MYSQL_SELECT_CLAUSE SELECT CONCAT(pw_name, '@', pw_domain) AS username, \ pw_passwd AS cryptpw, \ pw_clear_passwd AS clearpw, \ if (pw_uid = '0','89',pw_uid) AS uid, \ if (pw_uid = '0','89',pw_gid) AS gid, \ pw_dir AS home, \ CONCAT(pw_dir, '/.maildir/') AS maildir, \ if (pw_shell = 'NOQUOTA', '', pw_shell) AS quota, \ pw_gecos AS fullname, \ 'disablewebmail=0,disablepop3=0,disableimap=0' AS options \ FROM vpopmail WHERE \ pw_name = '$(local_part)' AND pw_domain = '$(domain)'; MYSQL_ENUMERATE_CLAUSE SELECT CONCAT(pw_name, '@', pw_domain) AS username, \ pw_passwd AS cryptpw, \ pw_clear_passwd AS clearpw, \ if (pw_uid = '0','89',pw_uid) AS uid, \ if (pw_uid = '0','89',pw_gid) AS gid, \ pw_dir AS home, \ CONCAT(pw_dir, '/.maildir/') AS maildir, \ if (pw_shell = 'NOQUOTA', '', pw_shell) AS quota, \ pw_gecos AS fullname, \ 'disablewebmail=0,disablepop3=0,disableimap=0' AS options \ FROM vpopmail; MYSQL_CHPASS_CLAUSE UPDATE vpopmail \ SET pw_clear_passwd='$(newpass)', \ pw_passwd='$(newpass_crypt)' \ WHERE pw_name='$(local_part)' \ AND pw_domain = '$(domain)' ; I think pw_gid should be hardcoded as 89, though it shouldn't matter as all mail is umasked 007 anyway. As you can see it works. crm authlib # authtest u...@hiled.biz Authentication succeeded. Authenticated: u...@hiled.biz (uid 89, gid 89) Home Directory: /var/vpopmail/domains/hiled.biz/user Maildir: /var/vpopmail/domains/hiled.biz/user/.maildir/ Quota: 536870912S Should I have a / on the end of the .maildir in maildrop? I've seen examples of it not there. Now I can have some scripting (per site and per user) before the real LDA - from dovecot gets called. No messy configuration in vpopmail either. What do you think? Can the maildrop patch be updated to be less of a hack and more of a real LDA, to have it called the same way it is from courier / postfix? Cheers, Luke !DSPAM:501eb7cd34211465312824!
