vmailmgr: comparison doc/FAQ.html

equal deleted inserted replaced

--1:000000000000
+:6f7a81934006
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<HTML>
+<HEAD>
+<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
+<TITLE>  VMailMgr FAQ</TITLE>
+</HEAD>
+<BODY>
+<H1>  VMailMgr FAQ</H1>
+<H2>Bruce Guenter
+<A HREF="mailto:bruceg@em.ca">mailto:bruceg@em.ca</A>,
+Dan Kuykendall
+<A HREF="mailto:dan@kuykendall.org">mailto:dan@kuykendall.org</A></H2>  v1.0, 23 April 2000
+<P><HR>
+<EM>  VMailMgr Frequently Asked Questions.</EM>
+<HR>
+<H2><A NAME="s1">1. Building and Installing</A></H2>
+<H2>1.1 What compiler and libraries do I need to build vmailmgr?</H2>
+<P>You will need a working C and C++ compiler and linker. You will not
+need any C++ libraries.  The package is being developed under Linux
+using egcs and glibc version 2, and may rely on some gcc/g++
+extensions.
+<H2>1.2 Does vmailmgr work with shadow passwords?</H2>
+<P>This package should work without changes both with and without
+shadow passwords as long as the shadow password libraries are
+present when this package is built. The `configure' script will
+detect what method of shadow passwords are being used and the
+programs will be built accordingly.
+<H2>1.3 Does vmailmgr support IMAP?</H2>
+<P>Yes, vmailmgr supports Courier-IMAP.  Some minor steps are needed to
+make them work, the steps are in the next section of this file.
+<H2><A NAME="s2">2. Setup and Configuration</A></H2>
+<H2>2.1 What other software is needed to run vmailmgr?</H2>
+<P>VMailMgr is based around qmail's handling of virtual users, and as
+such requires qmail for its operation. If you wish to use the `init'
+file to start/stop vmailmgrd or are installing the RPM package,
+supervise-scripts version 2.2 (or later, available at
+<A HREF="http://em.ca/~bruceg/supervise-scripts/">http://em.ca/~bruceg/supervise-scripts/</A>) and daemontools 0.60
+(or later, available at
+<A HREF="http://em.ca/~bruceg/rpms/daemontools/">http://em.ca/~bruceg/rpms/daemontools/</A>) packages are
+required.  If you need to use the <CODE>vmailmgrd</CODE> daemon, you
+will also need the <CODE>unixserver</CODE> program, from the ucspi-unix
+package, available at
+<A HREF="http://em.ca/~bruceg/ucspi-unix/">http://em.ca/~bruceg/ucspi-unix/</A>.
+<P>If you want to use the autoresponse feature, I recommend the use of
+my own autoresponder program, <CODE>qmail-autoresponder</CODE> available
+at
+<A HREF="http://em.ca/~bruceg/qmail-autoresponder/">http://em.ca/~bruceg/qmail-autoresponder/</A>.
+<H2>2.2 How do I record the output of vmailmgrd with syslog?</H2>
+<P>Output from vmailmgrd can be recorded by either splogger (part of
+qmail) or with the logger that comes with several flavours of
+UNIX. To use splogger, pipe the output of vmailmgrd into the command
+`splogger vmailmgrd'. This will timestamp each entry and tag them
+with the word `vmailmgrd'. By default, splogger logs to facility 2
+(mail). To use logger, pipe the output of vmailmgrd into the
+comamand `<CODE>logger -t vmailmgrd -p mail.notice</CODE>'. See the
+respective man pages of these two programs for more information.
+<P>Note: The use of syslog for logging messages is strongly discouraged
+due to problems with inefficent and buggy implementation of syslog.
+<H2>2.3 How do I record the output of vmailmgrd with multilog?</H2>
+<P>Make a directory into which the output will go, for example
+`<CODE>/var/log/vmailmgrd</CODE>'. Pipe the output of vmailmgrd into the
+command `<CODE>multilog t /var/log/vmailmgrd</CODE>'. See the
+documentation for multilog for more information on how to adjust its
+output.
+<H2>2.4 How do I setup VMmailMgr IMAP support?</H2>
+<P>VMailMgr supports Courier-IMAP, but Courier-IMAP does not auto
+detect VMailMgr.  This means that some minor work is required for
+making the two work together.
+<UL>
+<LI>You must copy `<CODE>/usr/local/bin/authvmailmgr</CODE>` to
+`<CODE>/usr/lib/courier-imap/libexec/authlib/authvmailmgr</CODE>`.</LI>
+<LI>Then modify the `<CODE>AUTHMODULES</CODE>` statement in
+`<CODE>/usr/lib/courier-imap/etc/imapd.config</CODE>` and add
+`<CODE>authvmailmgr</CODE>` as the first authentication module.</LI>
+</UL>
+<H2>2.5 Upgrading from Previous Versions</H2>
+<P>If you are upgrading from an older version, you may need to make
+some changes to your system before or after doing the upgrade. The
+following table outlines the necessary changes. Note that you need
+to follow the instructions for all later versions of the software.
+<P>If you are upgrading from version:
+<DL>
+<DT><B>0.96.6 or earlier</B><DD><P>The `vmailmgrd' daemon needs to be run by unixserver, as opposed
+to being a stand-alone program previously.
+<DT><B>0.96.2 or earlier</B><DD><P>Make sure the `vmailmgrd' daemon and vmailmgr CGIs are disabled
+before upgrading, and upgrade them along with the main
+package. Changes were made to the daemon interface that will
+cause adding users and aliases to flake out. As well, the
+listdomain interface was completely redone.
+<P>
+<DT><B>0.94 or earlier, using the POP bulletin facility</B><DD><P>The POP bulletin facility has been moved into a stand-alone
+program that needs to be executed through `checkvpw-postsetuid'.
+<P>
+<DT><B>0.93 or earlier</B><DD><P>If you do not use the CGIs, you no longer need to run the
+`vmailmgrd' daemon.
+<P>
+<DT><B>0.92.2 or earlier</B><DD><P>The configuration changed from reading a single file to reading a
+set of files in a directory. Read the configuration documentation
+and run the program `vconf2dir'.
+<P>
+<DT><B>0.90.2 or earlier</B><DD><P>The name of the user to which mail to an unknown user is
+delivered changed from `*' to `+'. If you were using this
+feature, either change all your domains to accomodate this
+change, or set the `default-username' config file to contain `*'.
+<P>
+<DT><B>0.88 or earlier</B><DD><P>The file format of the virtual password tables has changed from
+plain text files to CDB tables. You will need to suspend local
+deliveries before upgrading, and run the program `vpasswd2cdb' as
+each base user after upgrading, before re-enabling local
+deliveries.
+</DL>
+<H2>2.6 How do I configure qmail+patches to use vmailmgr for POP?</H2>
+<P>Put the string `<CODE>checkvpw</CODE>' into the file
+`<CODE>/etc/qmail/control/checkpassword</CODE>' and restart pop3d by
+typing `<CODE>/etc/rc.d/init.d/pop3d restart</CODE>'.
+<H2>2.7 How do I allow clients to relay SMTP through me?</H2>
+<P>Download and install relay-ctrl from
+<A HREF="http://em.ca/~bruceg/relay-ctrl/">http://em.ca/~bruceg/relay-ctrl/</A>.
+It works with vmailmgr, for both POP3 and IMAP clients.
+<H2><A NAME="s3">3. Usage</A></H2>
+<H2>3.1 I can only use one IP address. How do I log in as a virtual user?</H2>
+<P>There are two ways to log in without using multiple IP addresses.
+<P>The first way is to log in as `userSEPvirtual.domain.org', where
+`user' is the mailbox name of the virtual user, SEP is one of `@' or
+`:' (by default, this is configurable in the
+`<CODE>/etc/vmailmgr/</CODE>' directory), and
+`<CODE>virtual.domain.org</CODE>' is the virtual domain's name, as
+listed in `<CODE>/var/qmail/control/virtualdomains</CODE>'.
+<P>The second way is to use the internal form of the mailbox name --
+that is, `<CODE>baseuser-user</CODE>', where `<CODE>user</CODE>' is the same
+as above, and `<CODE>baseuser</CODE>' is the username of the managing
+user.
+<P>Example: `<CODE>/var/qmail/control/virtualdomains</CODE>' contains
+<PRE>
+testdomain.org:testuser
+</PRE>
+User `<CODE>testuser</CODE>' exists, and has set up a virtual mailbox
+with the name `<CODE>v</CODE>'. The `<CODE>separators</CODE>' variable in
+`<CODE>/etc/vmailmgr/</CODE>' contains `<CODE>@:</CODE>'. This virtual user
+could log in as `<CODE>v@testdomain.org</CODE>',
+`<CODE>v:testdomain.org</CODE>', or `<CODE>testuser-v</CODE>'.
+<P>
+<P>
+<H2>3.2 How do I get all misdirected mail sent to me?</H2>
+<P>In the `<CODE>vmailmgr/</CODE>' configuration directory, there is an
+entry called `<CODE>default-username</CODE>'. If mail to a virtual
+domain does not match any users or aliases in that domain, it is
+delivered to the name listed in this configuration item if it exists
+(which defaults to `<CODE>+</CODE>'). To make this deliver to you,
+simply type:
+<PRE>
+vaddalias + me
+</PRE>
+<H2><A NAME="s4">4. Troubleshooting</A></H2>
+<H2>4.1 Bind error message from vmailmgrd.</H2>
+<P>If vmailmgrd reports `<CODE>vmailmgrd: bind: no such file or
+directory</CODE>' when you start it up, it means that can't create its
+socket file.  By default, it will try to create the socket file
+`<CODE>/tmp/.vmailmgrd</CODE>'. You must ensure that `<CODE>/tmp</CODE>' is
+writable, or that the socket is created in some other place by
+setting `<CODE>socket-file</CODE>' in the configuration.
+<H2>4.2 Error sending to an alias: qmail-queue exited with an error!</H2>
+<P>If qmail reports "deferral: vdeliver: qmail-queue exited with an
+error!", check where your qmail is installed.  On Debian systems,
+you will need to type "<CODE>ls -s /usr/sbin /var/qmail/bin</CODE>",
+since they've installed the qmail binaries into /usr/sbin.
+<H2>4.3 Running vmailmgrd fails.</H2>
+<P>When run by itself, vmailmgrd will report "<CODE>Timed out waiting for
+remote</CODE>".  vmailmgrd needs to be run from unixserver, part of
+the ucspi-unix package available at
+<A HREF="http://em.ca/~bruceg/ucspi-unix/">http://em.ca/~bruceg/ucspi-unix/</A>.
+<H2>4.4 POP3 or IMAP logins take 30 seconds or longer.</H2>
+<P>This is almost certainly a DNS lookup problem.  Make sure that DNS
+lookups aren't timing out, that lookups on all your IP addresses
+aren't failing, and that you can lookup remote addresses as well.
+<P>If you are using 'tcpserver' for the head end to qmail-pop3d, then you
+may want to the following 2 switches to the command line: <CODE>-R</CODE>
+and <CODE>-H</CODE>.  The former prevents tcpserver from attempting to
+obtain TCPREMOTEINFO from the remote host.  This eliminates an "ident"
+lookup that may be being blocked or silently dropped by a firewall.
+The latter prevents tcpserver from doing a DNS lookup on the remote
+IP.
+<H2><A NAME="s5">5. Miscellaneous</A></H2>
+<H2>5.1 How do I get in contact with other users?</H2>
+<P>There is a mailing list run by the author. To subscribe, send an
+e-mail (content and subject line is ignored) to
+<A HREF="mailto:vmailmgr-subscribe@lists.em.ca">mailto:vmailmgr-subscribe@lists.em.ca</A>.
+<P>Remember that if you have a problem that you want us to diagnose, we
+need to know the following important details:
+<OL>
+<LI>The output of `<CODE>qmail-showctl</CODE>` </LI>
+<LI>The contents of the vmailmgrd log for the attempt you are
+trying to diagnose</LI>
+<LI>The contents of the qmail and smtpd logs for a failed delivery
+attempt</LI>
+<LI>The contents of the pop3d logs for a failed login attempt</LI>
+<LI>The complete command line with which vmailmgrd and qmail-pop3d
+was invoked</LI>
+</OL>
+Please do not contact the author directly with vmailmgr questions.
+<H2>5.2 Are development version of vmailmgr available anywhere?</H2>
+<P>Yes, they are available through anonymous CVS.
+To access the CVS server, set your <CODE>CVSROOT</CODE> to
+<CODE>:pserver:cvs@bruce-guenter.dyndns.org:/CVS</CODE>, log in with an
+empty password, and check out the <CODE>vmailmgr</CODE> module.
+<H2>5.3 How does incoming email get handled?</H2>
+<P>Incoming email is first received by the qmail SMTP daemon and
+inserted into the qmail queue. Then `<CODE>qmail-send</CODE>' examines
+the email envelope (which details the recipient address or
+addresses) to determine how to dispatch the message. It looks up the
+domain name of each recipient in
+`<CODE>/var/qmail/control/virtualdomains</CODE>', and prefixes the user
+name with the string that it finds. It then looks up the resulting
+user name in the system password table (or in
+`<CODE>/var/qmail/users/cdb</CODE>' if it exists) to find the base user
+name and home directory (which I will call `<CODE>$HOME</CODE>'). It
+then looks for the file `<CODE>$HOME/.qmail-VIRTUAL</CODE>'. If that's
+not found, it looks for the file `<CODE>$HOME/.qmail-default</CODE>',
+which will contain an instruction to pipe the message to
+`<CODE>vdeliver</CODE>'.
+<P>This is where vmailmgr first enters the picture. The virtual user
+name is sent to `vdeliver' through environment variables. It looks
+in the configuration files (in `<CODE>$HOME/.vmailmgr</CODE>' and then
+in `<CODE>/etc/vmailmgr</CODE>') to determine the location of the
+password table, and looks up the virtual user name in the table to
+determine delivery instructions. If the name is not found, the
+message is bounced and delivery ends. Otherwise, it then looks for
+the `<CODE>vdeliver-predeliver</CODE>' script in the configuration
+directories (in reverse order) and executes any that are found. It
+then delivers the message to all the listed destinations -- an
+optional mailbox directory and zero or more forwarding
+addresses. Finally, it looks for the `<CODE>vdeliver-postdeliver</CODE>'
+script and executes any that are found.
+<H2>5.4 How does outgoing email get handled?</H2>
+<P>Outgoing email is not handled by vmailmgr. For details on outgoing
+email handling, check the qmail documentation.
+<H2>5.5 What about security of CGI and PHP functions?</H2>
+<P>The socket used by the daemon is a UNIX-domain socket (as opposed to
+Internet-domain), meaning you need local access on the computer to
+open up a connection.  The path for this socket is run-time
+configurable.
+<P>The daemon forks a new connection for each connection, up to a
+configurable maximum (at which point it stops listening, IIRC, I
+should verify this).  The idea of threading has been completely
+discarded to avoid a bug in a command creeping in and makeing the
+whole server break.
+<P>The protocol spoken over the socket is explicitly bounded to at most
+64kB of data, and all data is prefixed by a size.  Static-sized
+buffers are only used with static-sized reads, and therefore can't be
+overflowed with stack-smashing tricks.
+<P>The daemon commands setuid to the appropriate user as soon as the base
+user has been verified, to avoid doing any more than necessary as
+root, as well as to avoid the possibility of tricking the daemon into
+reading a file another user wouldn't normally have access to.
+<P>To help avoid DoS on the local computer, a 1-second alarm is set as
+soon as the connection is received, and is only cleared once all the
+data has been read.  If it takes longer than 1 second to read the data
+from the socket, the server process exits.
+<H2>5.6 What are the differences between vmailmgr and vpopmail?</H2>
+<P>The primary difference between vmailmgr and vpopmail is the use of
+base users.  With vmailmgr there is one base user for each virtual
+domain.  With vpopmail, there is one base user for the entire
+virtual domain system.
+</BODY>
+</HTML>

changeset 0	6f7a81934006
child 2	b3afb9f1e801