--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/FAQ.txt Wed Jan 16 22:39:43 2008 +0100
@@ -0,0 +1,396 @@
+ VMailMgr FAQ
+ Bruce Guenter <mailto:bruceg@em.ca>, Dan Kuykendall
+ <mailto:dan@kuykendall.org>
+ v1.0, 23 April 2000
+
+ VMailMgr Frequently Asked Questions.
+ ______________________________________________________________________
+
+ Table of Contents
+
+
+ 1. Building and Installing
+
+ 1.1 What compiler and libraries do I need to build vmailmgr?
+ 1.2 Does vmailmgr work with shadow passwords?
+ 1.3 Does vmailmgr support IMAP?
+
+ 2. Setup and Configuration
+
+ 2.1 What other software is needed to run vmailmgr?
+ 2.2 How do I record the output of vmailmgrd with syslog?
+ 2.3 How do I record the output of vmailmgrd with multilog?
+ 2.4 How do I setup VMmailMgr IMAP support?
+ 2.5 Upgrading from Previous Versions
+ 2.6 How do I configure qmail+patches to use vmailmgr for POP?
+ 2.7 How do I allow clients to relay SMTP through me?
+
+ 3. Usage
+
+ 3.1 I can only use one IP address. How do I log in as a virtual user?
+ 3.2 How do I get all misdirected mail sent to me?
+
+ 4. Troubleshooting
+
+ 4.1 Bind error message from vmailmgrd.
+ 4.2 Error sending to an alias: qmail-queue exited with an error!
+ 4.3 Running vmailmgrd fails.
+ 4.4 POP3 or IMAP logins take 30 seconds or longer.
+
+ 5. Miscellaneous
+
+ 5.1 How do I get in contact with other users?
+ 5.2 Are development version of vmailmgr available anywhere?
+ 5.3 How does incoming email get handled?
+ 5.4 How does outgoing email get handled?
+ 5.5 What about security of CGI and PHP functions?
+ 5.6 What are the differences between vmailmgr and vpopmail?
+
+
+ ______________________________________________________________________
+
+ 1�1.�. B�Bu�ui�il�ld�di�in�ng�g a�an�nd�d I�In�ns�st�ta�al�ll�li�in�ng�g
+
+ 1�1.�.1�1.�. W�Wh�ha�at�t c�co�om�mp�pi�il�le�er�r a�an�nd�d l�li�ib�br�ra�ar�ri�ie�es�s d�do�o I�I n�ne�ee�ed�d t�to�o b�bu�ui�il�ld�d v�vm�ma�ai�il�lm�mg�gr�r?�?
+
+ You will need a working C and C++ compiler and linker. You will not
+ need any C++ libraries. The package is being developed under Linux
+ using egcs and glibc version 2, and may rely on some gcc/g++
+ extensions.
+
+ 1�1.�.2�2.�. D�Do�oe�es�s v�vm�ma�ai�il�lm�mg�gr�r w�wo�or�rk�k w�wi�it�th�h s�sh�ha�ad�do�ow�w p�pa�as�ss�sw�wo�or�rd�ds�s?�?
+
+ This package should work without changes both with and without shadow
+ passwords as long as the shadow password libraries are present when
+ this package is built. The `configure' script will detect what method
+ of shadow passwords are being used and the programs will be built
+ accordingly.
+
+ 1�1.�.3�3.�. D�Do�oe�es�s v�vm�ma�ai�il�lm�mg�gr�r s�su�up�pp�po�or�rt�t I�IM�MA�AP�P?�?
+
+ Yes, vmailmgr supports Courier-IMAP. Some minor steps are needed to
+ make them work, the steps are in the next section of this file.
+
+ 2�2.�. S�Se�et�tu�up�p a�an�nd�d C�Co�on�nf�fi�ig�gu�ur�ra�at�ti�io�on�n
+
+ 2�2.�.1�1.�. W�Wh�ha�at�t o�ot�th�he�er�r s�so�of�ft�tw�wa�ar�re�e i�is�s n�ne�ee�ed�de�ed�d t�to�o r�ru�un�n v�vm�ma�ai�il�lm�mg�gr�r?�?
+
+ VMailMgr is based around qmail's handling of virtual users, and as
+ such requires qmail for its operation. If you wish to use the `init'
+ file to start/stop vmailmgrd or are installing the RPM package,
+ supervise-scripts version 2.2 (or later, available at
+ <http://em.ca/~bruceg/supervise-scripts/>) and daemontools 0.60 (or
+ later, available at <http://em.ca/~bruceg/rpms/daemontools/>)
+ packages are required. If you need to use the vmailmgrd daemon, you
+ will also need the unixserver program, from the ucspi-unix package,
+ available at <http://em.ca/~bruceg/ucspi-unix/>.
+
+ If you want to use the autoresponse feature, I recommend the use of my
+ own autoresponder program, qmail-autoresponder available at
+ <http://em.ca/~bruceg/qmail-autoresponder/>.
+
+ 2�2.�.2�2.�. H�Ho�ow�w d�do�o I�I r�re�ec�co�or�rd�d t�th�he�e o�ou�ut�tp�pu�ut�t o�of�f v�vm�ma�ai�il�lm�mg�gr�rd�d w�wi�it�th�h s�sy�ys�sl�lo�og�g?�?
+
+ Output from vmailmgrd can be recorded by either splogger (part of
+ qmail) or with the logger that comes with several flavours of UNIX. To
+ use splogger, pipe the output of vmailmgrd into the command `splogger
+ vmailmgrd'. This will timestamp each entry and tag them with the word
+ `vmailmgrd'. By default, splogger logs to facility 2 (mail). To use
+ logger, pipe the output of vmailmgrd into the comamand `logger -t
+ vmailmgrd -p mail.notice'. See the respective man pages of these two
+ programs for more information.
+
+ Note: The use of syslog for logging messages is strongly discouraged
+ due to problems with inefficent and buggy implementation of syslog.
+
+ 2�2.�.3�3.�. H�Ho�ow�w d�do�o I�I r�re�ec�co�or�rd�d t�th�he�e o�ou�ut�tp�pu�ut�t o�of�f v�vm�ma�ai�il�lm�mg�gr�rd�d w�wi�it�th�h m�mu�ul�lt�ti�il�lo�og�g?�?
+
+ Make a directory into which the output will go, for example
+ `/var/log/vmailmgrd'. Pipe the output of vmailmgrd into the command
+ `multilog t /var/log/vmailmgrd'. See the documentation for multilog
+ for more information on how to adjust its output.
+
+ 2�2.�.4�4.�. H�Ho�ow�w d�do�o I�I s�se�et�tu�up�p V�VM�Mm�ma�ai�il�lM�Mg�gr�r I�IM�MA�AP�P s�su�up�pp�po�or�rt�t?�?
+
+ VMailMgr supports Courier-IMAP, but Courier-IMAP does not auto detect
+ VMailMgr. This means that some minor work is required for making the
+ two work together.
+
+ +�o You must copy `/usr/local/bin/authvmailmgr` to `/usr/lib/courier-
+ imap/libexec/authlib/authvmailmgr`.
+
+ +�o Then modify the `AUTHMODULES` statement in `/usr/lib/courier-
+ imap/etc/imapd.config` and add `authvmailmgr` as the first
+ authentication module.
+
+ 2�2.�.5�5.�. U�Up�pg�gr�ra�ad�di�in�ng�g f�fr�ro�om�m P�Pr�re�ev�vi�io�ou�us�s V�Ve�er�rs�si�io�on�ns�s
+
+ If you are upgrading from an older version, you may need to make some
+ changes to your system before or after doing the upgrade. The
+ following table outlines the necessary changes. Note that you need to
+ follow the instructions for all later versions of the software.
+
+ If you are upgrading from version:
+
+ 0�0.�.9�96�6.�.6�6 o�or�r e�ea�ar�rl�li�ie�er�r
+ The `vmailmgrd' daemon needs to be run by unixserver, as opposed
+ to being a stand-alone program previously.
+
+ 0�0.�.9�96�6.�.2�2 o�or�r e�ea�ar�rl�li�ie�er�r
+ Make sure the `vmailmgrd' daemon and vmailmgr CGIs are disabled
+ before upgrading, and upgrade them along with the main package.
+ Changes were made to the daemon interface that will cause adding
+ users and aliases to flake out. As well, the listdomain
+ interface was completely redone.
+
+
+ 0�0.�.9�94�4 o�or�r e�ea�ar�rl�li�ie�er�r,�, u�us�si�in�ng�g t�th�he�e P�PO�OP�P b�bu�ul�ll�le�et�ti�in�n f�fa�ac�ci�il�li�it�ty�y
+ The POP bulletin facility has been moved into a stand-alone
+ program that needs to be executed through `checkvpw-postsetuid'.
+
+
+ 0�0.�.9�93�3 o�or�r e�ea�ar�rl�li�ie�er�r
+ If you do not use the CGIs, you no longer need to run the
+ `vmailmgrd' daemon.
+
+
+ 0�0.�.9�92�2.�.2�2 o�or�r e�ea�ar�rl�li�ie�er�r
+ The configuration changed from reading a single file to reading
+ a set of files in a directory. Read the configuration
+ documentation and run the program `vconf2dir'.
+
+
+ 0�0.�.9�90�0.�.2�2 o�or�r e�ea�ar�rl�li�ie�er�r
+ The name of the user to which mail to an unknown user is
+ delivered changed from `*' to `+'. If you were using this
+ feature, either change all your domains to accomodate this
+ change, or set the `default-username' config file to contain
+ `*'.
+
+
+ 0�0.�.8�88�8 o�or�r e�ea�ar�rl�li�ie�er�r
+ The file format of the virtual password tables has changed from
+ plain text files to CDB tables. You will need to suspend local
+ deliveries before upgrading, and run the program `vpasswd2cdb'
+ as each base user after upgrading, before re-enabling local
+ deliveries.
+
+ 2�2.�.6�6.�. H�Ho�ow�w d�do�o I�I c�co�on�nf�fi�ig�gu�ur�re�e q�qm�ma�ai�il�l+�+p�pa�at�tc�ch�he�es�s t�to�o u�us�se�e v�vm�ma�ai�il�lm�mg�gr�r f�fo�or�r P�PO�OP�P?�?
+
+ Put the string `checkvpw' into the file
+ `/etc/qmail/control/checkpassword' and restart pop3d by typing
+ `/etc/rc.d/init.d/pop3d restart'.
+
+ 2�2.�.7�7.�. H�Ho�ow�w d�do�o I�I a�al�ll�lo�ow�w c�cl�li�ie�en�nt�ts�s t�to�o r�re�el�la�ay�y S�SM�MT�TP�P t�th�hr�ro�ou�ug�gh�h m�me�e?�?
+
+ Download and install relay-ctrl from <http://em.ca/~bruceg/relay-
+ ctrl/>. It works with vmailmgr, for both POP3 and IMAP clients.
+
+ 3�3.�. U�Us�sa�ag�ge�e
+
+ 3�3.�.1�1.�. I�I c�ca�an�n o�on�nl�ly�y u�us�se�e o�on�ne�e I�IP�P a�ad�dd�dr�re�es�ss�s.�. H�Ho�ow�w d�do�o I�I l�lo�og�g i�in�n a�as�s a�a v�vi�ir�rt�tu�ua�al�l
+ u�us�se�er�r?�?
+
+ There are two ways to log in without using multiple IP addresses.
+
+ The first way is to log in as `userSEPvirtual.domain.org', where
+ `user' is the mailbox name of the virtual user, SEP is one of `@' or
+ `:' (by default, this is configurable in the `/etc/vmailmgr/'
+ directory), and `virtual.domain.org' is the virtual domain's name, as
+ listed in `/var/qmail/control/virtualdomains'.
+
+ The second way is to use the internal form of the mailbox name -- that
+ is, `baseuser-user', where `user' is the same as above, and `baseuser'
+ is the username of the managing user.
+
+ Example: `/var/qmail/control/virtualdomains' contains
+
+ testdomain.org:testuser
+
+
+ User `testuser' exists, and has set up a virtual mailbox with the name
+ `v'. The `separators' variable in `/etc/vmailmgr/' contains `@:'. This
+ virtual user could log in as `v@testdomain.org', `v:testdomain.org',
+ or `testuser-v'.
+
+
+
+ 3�3.�.2�2.�. H�Ho�ow�w d�do�o I�I g�ge�et�t a�al�ll�l m�mi�is�sd�di�ir�re�ec�ct�te�ed�d m�ma�ai�il�l s�se�en�nt�t t�to�o m�me�e?�?
+
+ In the `vmailmgr/' configuration directory, there is an entry called
+ `default-username'. If mail to a virtual domain does not match any
+ users or aliases in that domain, it is delivered to the name listed in
+ this configuration item if it exists (which defaults to `+'). To make
+ this deliver to you, simply type:
+
+ vaddalias + me
+
+
+
+ 4�4.�. T�Tr�ro�ou�ub�bl�le�es�sh�ho�oo�ot�ti�in�ng�g
+
+ 4�4.�.1�1.�. B�Bi�in�nd�d e�er�rr�ro�or�r m�me�es�ss�sa�ag�ge�e f�fr�ro�om�m v�vm�ma�ai�il�lm�mg�gr�rd�d.�.
+
+ If vmailmgrd reports `vmailmgrd: bind: no such file or directory' when
+ you start it up, it means that can't create its socket file. By
+ default, it will try to create the socket file `/tmp/.vmailmgrd'. You
+ must ensure that `/tmp' is writable, or that the socket is created in
+ some other place by setting `socket-file' in the configuration.
+
+ 4�4.�.2�2.�. E�Er�rr�ro�or�r s�se�en�nd�di�in�ng�g t�to�o a�an�n a�al�li�ia�as�s:�: q�qm�ma�ai�il�l-�-q�qu�ue�eu�ue�e e�ex�xi�it�te�ed�d w�wi�it�th�h a�an�n e�er�rr�ro�or�r!�!
+
+ If qmail reports "deferral: vdeliver: qmail-queue exited with an
+ error!", check where your qmail is installed. On Debian systems, you
+ will need to type "ls -s /usr/sbin /var/qmail/bin", since they've
+ installed the qmail binaries into /usr/sbin.
+
+ 4�4.�.3�3.�. R�Ru�un�nn�ni�in�ng�g v�vm�ma�ai�il�lm�mg�gr�rd�d f�fa�ai�il�ls�s.�.
+
+ When run by itself, vmailmgrd will report "Timed out waiting for
+ remote". vmailmgrd needs to be run from unixserver, part of the
+ ucspi-unix package available at <http://em.ca/~bruceg/ucspi-unix/>.
+
+ 4�4.�.4�4.�. P�PO�OP�P3�3 o�or�r I�IM�MA�AP�P l�lo�og�gi�in�ns�s t�ta�ak�ke�e 3�30�0 s�se�ec�co�on�nd�ds�s o�or�r l�lo�on�ng�ge�er�r.�.
+
+ This is almost certainly a DNS lookup problem. Make sure that DNS
+ lookups aren't timing out, that lookups on all your IP addresses
+ aren't failing, and that you can lookup remote addresses as well.
+
+ If you are using 'tcpserver' for the head end to qmail-pop3d, then you
+ may want to the following 2 switches to the command line: -R and -H.
+ The former prevents tcpserver from attempting to obtain TCPREMOTEINFO
+ from the remote host. This eliminates an "ident" lookup that may be
+ being blocked or silently dropped by a firewall. The latter prevents
+ tcpserver from doing a DNS lookup on the remote IP.
+ 5�5.�. M�Mi�is�sc�ce�el�ll�la�an�ne�eo�ou�us�s
+
+ 5�5.�.1�1.�. H�Ho�ow�w d�do�o I�I g�ge�et�t i�in�n c�co�on�nt�ta�ac�ct�t w�wi�it�th�h o�ot�th�he�er�r u�us�se�er�rs�s?�?
+
+ There is a mailing list run by the author. To subscribe, send an e-
+ mail (content and subject line is ignored) to <mailto:vmailmgr-
+ subscribe@lists.em.ca>.
+
+ Remember that if you have a problem that you want us to diagnose, we
+ need to know the following important details:
+
+ 1. The output of `qmail-showctl`
+
+ 2. The contents of the vmailmgrd log for the attempt you are trying to
+ diagnose
+
+ 3. The contents of the qmail and smtpd logs for a failed delivery
+ attempt
+
+ 4. The contents of the pop3d logs for a failed login attempt
+
+ 5. The complete command line with which vmailmgrd and qmail-pop3d was
+ invoked
+
+ Please do not contact the author directly with vmailmgr questions.
+
+ 5�5.�.2�2.�. A�Ar�re�e d�de�ev�ve�el�lo�op�pm�me�en�nt�t v�ve�er�rs�si�io�on�n o�of�f v�vm�ma�ai�il�lm�mg�gr�r a�av�va�ai�il�la�ab�bl�le�e a�an�ny�yw�wh�he�er�re�e?�?
+
+ Yes, they are available through anonymous CVS. To access the CVS
+ server, set your CVSROOT to :pserver:cvs@bruce-
+ guenter.dyndns.org:/CVS, log in with an empty password, and check out
+ the vmailmgr module.
+
+ 5�5.�.3�3.�. H�Ho�ow�w d�do�oe�es�s i�in�nc�co�om�mi�in�ng�g e�em�ma�ai�il�l g�ge�et�t h�ha�an�nd�dl�le�ed�d?�?
+
+ Incoming email is first received by the qmail SMTP daemon and inserted
+ into the qmail queue. Then `qmail-send' examines the email envelope
+ (which details the recipient address or addresses) to determine how to
+ dispatch the message. It looks up the domain name of each recipient in
+ `/var/qmail/control/virtualdomains', and prefixes the user name with
+ the string that it finds. It then looks up the resulting user name in
+ the system password table (or in `/var/qmail/users/cdb' if it exists)
+ to find the base user name and home directory (which I will call
+ `$HOME'). It then looks for the file `$HOME/.qmail-VIRTUAL'. If that's
+ not found, it looks for the file `$HOME/.qmail-default', which will
+ contain an instruction to pipe the message to `vdeliver'.
+
+ This is where vmailmgr first enters the picture. The virtual user name
+ is sent to `vdeliver' through environment variables. It looks in the
+ configuration files (in `$HOME/.vmailmgr' and then in `/etc/vmailmgr')
+ to determine the location of the password table, and looks up the
+ virtual user name in the table to determine delivery instructions. If
+ the name is not found, the message is bounced and delivery ends.
+ Otherwise, it then looks for the `vdeliver-predeliver' script in the
+ configuration directories (in reverse order) and executes any that are
+ found. It then delivers the message to all the listed destinations --
+ an optional mailbox directory and zero or more forwarding addresses.
+ Finally, it looks for the `vdeliver-postdeliver' script and executes
+ any that are found.
+
+ 5�5.�.4�4.�. H�Ho�ow�w d�do�oe�es�s o�ou�ut�tg�go�oi�in�ng�g e�em�ma�ai�il�l g�ge�et�t h�ha�an�nd�dl�le�ed�d?�?
+
+ Outgoing email is not handled by vmailmgr. For details on outgoing
+ email handling, check the qmail documentation.
+
+
+ 5�5.�.5�5.�. W�Wh�ha�at�t a�ab�bo�ou�ut�t s�se�ec�cu�ur�ri�it�ty�y o�of�f C�CG�GI�I a�an�nd�d P�PH�HP�P f�fu�un�nc�ct�ti�io�on�ns�s?�?
+
+ The socket used by the daemon is a UNIX-domain socket (as opposed to
+ Internet-domain), meaning you need local access on the computer to
+ open up a connection. The path for this socket is run-time
+ configurable.
+
+ The daemon forks a new connection for each connection, up to a
+ configurable maximum (at which point it stops listening, IIRC, I
+ should verify this). The idea of threading has been completely
+ discarded to avoid a bug in a command creeping in and makeing the
+ whole server break.
+
+ The protocol spoken over the socket is explicitly bounded to at most
+ 64kB of data, and all data is prefixed by a size. Static-sized
+ buffers are only used with static-sized reads, and therefore can't be
+ overflowed with stack-smashing tricks.
+
+ The daemon commands setuid to the appropriate user as soon as the base
+ user has been verified, to avoid doing any more than necessary as
+ root, as well as to avoid the possibility of tricking the daemon into
+ reading a file another user wouldn't normally have access to.
+
+ To help avoid DoS on the local computer, a 1-second alarm is set as
+ soon as the connection is received, and is only cleared once all the
+ data has been read. If it takes longer than 1 second to read the data
+ from the socket, the server process exits.
+
+ 5�5.�.6�6.�. W�Wh�ha�at�t a�ar�re�e t�th�he�e d�di�if�ff�fe�er�re�en�nc�ce�es�s b�be�et�tw�we�ee�en�n v�vm�ma�ai�il�lm�mg�gr�r a�an�nd�d v�vp�po�op�pm�ma�ai�il�l?�?
+
+ The primary difference between vmailmgr and vpopmail is the use of
+ base users. With vmailmgr there is one base user for each virtual
+ domain. With vpopmail, there is one base user for the entire virtual
+ domain system.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+