VMailMgr FAQ
Bruce Guenter <mailto:bruceg@em.ca>, Dan Kuykendall
<mailto:dan@kuykendall.org>
v1.0, 23 April 2000
VMailMgr Frequently Asked Questions.
______________________________________________________________________
Table of Contents
1. Building and Installing
1.1 What compiler and libraries do I need to build vmailmgr?
1.2 Does vmailmgr work with shadow passwords?
1.3 Does vmailmgr support IMAP?
2. Setup and Configuration
2.1 What other software is needed to run vmailmgr?
2.2 How do I record the output of vmailmgrd with syslog?
2.3 How do I record the output of vmailmgrd with multilog?
2.4 How do I setup VMmailMgr IMAP support?
2.5 Upgrading from Previous Versions
2.6 How do I configure qmail+patches to use vmailmgr for POP?
2.7 How do I allow clients to relay SMTP through me?
3. Usage
3.1 I can only use one IP address. How do I log in as a virtual user?
3.2 How do I get all misdirected mail sent to me?
4. Troubleshooting
4.1 Bind error message from vmailmgrd.
4.2 Error sending to an alias: qmail-queue exited with an error!
4.3 Running vmailmgrd fails.
4.4 POP3 or IMAP logins take 30 seconds or longer.
5. Miscellaneous
5.1 How do I get in contact with other users?
5.2 Are development version of vmailmgr available anywhere?
5.3 How does incoming email get handled?
5.4 How does outgoing email get handled?
5.5 What about security of CGI and PHP functions?
5.6 What are the differences between vmailmgr and vpopmail?
______________________________________________________________________
1�1.�. B�Bu�ui�il�ld�di�in�ng�g a�an�nd�d I�In�ns�st�ta�al�ll�li�in�ng�g
1�1.�.1�1.�. W�Wh�ha�at�t c�co�om�mp�pi�il�le�er�r a�an�nd�d l�li�ib�br�ra�ar�ri�ie�es�s d�do�o I�I n�ne�ee�ed�d t�to�o b�bu�ui�il�ld�d v�vm�ma�ai�il�lm�mg�gr�r?�?
You will need a working C and C++ compiler and linker. You will not
need any C++ libraries. The package is being developed under Linux
using egcs and glibc version 2, and may rely on some gcc/g++
extensions.
1�1.�.2�2.�. D�Do�oe�es�s v�vm�ma�ai�il�lm�mg�gr�r w�wo�or�rk�k w�wi�it�th�h s�sh�ha�ad�do�ow�w p�pa�as�ss�sw�wo�or�rd�ds�s?�?
This package should work without changes both with and without shadow
passwords as long as the shadow password libraries are present when
this package is built. The `configure' script will detect what method
of shadow passwords are being used and the programs will be built
accordingly.
1�1.�.3�3.�. D�Do�oe�es�s v�vm�ma�ai�il�lm�mg�gr�r s�su�up�pp�po�or�rt�t I�IM�MA�AP�P?�?
Yes, vmailmgr supports Courier-IMAP. Some minor steps are needed to
make them work, the steps are in the next section of this file.
2�2.�. S�Se�et�tu�up�p a�an�nd�d C�Co�on�nf�fi�ig�gu�ur�ra�at�ti�io�on�n
2�2.�.1�1.�. W�Wh�ha�at�t o�ot�th�he�er�r s�so�of�ft�tw�wa�ar�re�e i�is�s n�ne�ee�ed�de�ed�d t�to�o r�ru�un�n v�vm�ma�ai�il�lm�mg�gr�r?�?
VMailMgr is based around qmail's handling of virtual users, and as
such requires qmail for its operation. If you wish to use the `init'
file to start/stop vmailmgrd or are installing the RPM package,
supervise-scripts version 2.2 (or later, available at
<http://em.ca/~bruceg/supervise-scripts/>) and daemontools 0.60 (or
later, available at <http://em.ca/~bruceg/rpms/daemontools/>)
packages are required. If you need to use the vmailmgrd daemon, you
will also need the unixserver program, from the ucspi-unix package,
available at <http://em.ca/~bruceg/ucspi-unix/>.
If you want to use the autoresponse feature, I recommend the use of my
own autoresponder program, qmail-autoresponder available at
<http://em.ca/~bruceg/qmail-autoresponder/>.
2�2.�.2�2.�. H�Ho�ow�w d�do�o I�I r�re�ec�co�or�rd�d t�th�he�e o�ou�ut�tp�pu�ut�t o�of�f v�vm�ma�ai�il�lm�mg�gr�rd�d w�wi�it�th�h s�sy�ys�sl�lo�og�g?�?
Output from vmailmgrd can be recorded by either splogger (part of
qmail) or with the logger that comes with several flavours of UNIX. To
use splogger, pipe the output of vmailmgrd into the command `splogger
vmailmgrd'. This will timestamp each entry and tag them with the word
`vmailmgrd'. By default, splogger logs to facility 2 (mail). To use
logger, pipe the output of vmailmgrd into the comamand `logger -t
vmailmgrd -p mail.notice'. See the respective man pages of these two
programs for more information.
Note: The use of syslog for logging messages is strongly discouraged
due to problems with inefficent and buggy implementation of syslog.
2�2.�.3�3.�. H�Ho�ow�w d�do�o I�I r�re�ec�co�or�rd�d t�th�he�e o�ou�ut�tp�pu�ut�t o�of�f v�vm�ma�ai�il�lm�mg�gr�rd�d w�wi�it�th�h m�mu�ul�lt�ti�il�lo�og�g?�?
Make a directory into which the output will go, for example
`/var/log/vmailmgrd'. Pipe the output of vmailmgrd into the command
`multilog t /var/log/vmailmgrd'. See the documentation for multilog
for more information on how to adjust its output.
2�2.�.4�4.�. H�Ho�ow�w d�do�o I�I s�se�et�tu�up�p V�VM�Mm�ma�ai�il�lM�Mg�gr�r I�IM�MA�AP�P s�su�up�pp�po�or�rt�t?�?
VMailMgr supports Courier-IMAP, but Courier-IMAP does not auto detect
VMailMgr. This means that some minor work is required for making the
two work together.
+�o You must copy `/usr/local/bin/authvmailmgr` to `/usr/lib/courier-
imap/libexec/authlib/authvmailmgr`.
+�o Then modify the `AUTHMODULES` statement in `/usr/lib/courier-
imap/etc/imapd.config` and add `authvmailmgr` as the first
authentication module.
2�2.�.5�5.�. U�Up�pg�gr�ra�ad�di�in�ng�g f�fr�ro�om�m P�Pr�re�ev�vi�io�ou�us�s V�Ve�er�rs�si�io�on�ns�s
If you are upgrading from an older version, you may need to make some
changes to your system before or after doing the upgrade. The
following table outlines the necessary changes. Note that you need to
follow the instructions for all later versions of the software.
If you are upgrading from version:
0�0.�.9�96�6.�.6�6 o�or�r e�ea�ar�rl�li�ie�er�r
The `vmailmgrd' daemon needs to be run by unixserver, as opposed
to being a stand-alone program previously.
0�0.�.9�96�6.�.2�2 o�or�r e�ea�ar�rl�li�ie�er�r
Make sure the `vmailmgrd' daemon and vmailmgr CGIs are disabled
before upgrading, and upgrade them along with the main package.
Changes were made to the daemon interface that will cause adding
users and aliases to flake out. As well, the listdomain
interface was completely redone.
0�0.�.9�94�4 o�or�r e�ea�ar�rl�li�ie�er�r,�, u�us�si�in�ng�g t�th�he�e P�PO�OP�P b�bu�ul�ll�le�et�ti�in�n f�fa�ac�ci�il�li�it�ty�y
The POP bulletin facility has been moved into a stand-alone
program that needs to be executed through `checkvpw-postsetuid'.
0�0.�.9�93�3 o�or�r e�ea�ar�rl�li�ie�er�r
If you do not use the CGIs, you no longer need to run the
`vmailmgrd' daemon.
0�0.�.9�92�2.�.2�2 o�or�r e�ea�ar�rl�li�ie�er�r
The configuration changed from reading a single file to reading
a set of files in a directory. Read the configuration
documentation and run the program `vconf2dir'.
0�0.�.9�90�0.�.2�2 o�or�r e�ea�ar�rl�li�ie�er�r
The name of the user to which mail to an unknown user is
delivered changed from `*' to `+'. If you were using this
feature, either change all your domains to accomodate this
change, or set the `default-username' config file to contain
`*'.
0�0.�.8�88�8 o�or�r e�ea�ar�rl�li�ie�er�r
The file format of the virtual password tables has changed from
plain text files to CDB tables. You will need to suspend local
deliveries before upgrading, and run the program `vpasswd2cdb'
as each base user after upgrading, before re-enabling local
deliveries.
2�2.�.6�6.�. H�Ho�ow�w d�do�o I�I c�co�on�nf�fi�ig�gu�ur�re�e q�qm�ma�ai�il�l+�+p�pa�at�tc�ch�he�es�s t�to�o u�us�se�e v�vm�ma�ai�il�lm�mg�gr�r f�fo�or�r P�PO�OP�P?�?
Put the string `checkvpw' into the file
`/etc/qmail/control/checkpassword' and restart pop3d by typing
`/etc/rc.d/init.d/pop3d restart'.
2�2.�.7�7.�. H�Ho�ow�w d�do�o I�I a�al�ll�lo�ow�w c�cl�li�ie�en�nt�ts�s t�to�o r�re�el�la�ay�y S�SM�MT�TP�P t�th�hr�ro�ou�ug�gh�h m�me�e?�?
Download and install relay-ctrl from <http://em.ca/~bruceg/relay-
ctrl/>. It works with vmailmgr, for both POP3 and IMAP clients.
3�3.�. U�Us�sa�ag�ge�e
3�3.�.1�1.�. I�I c�ca�an�n o�on�nl�ly�y u�us�se�e o�on�ne�e I�IP�P a�ad�dd�dr�re�es�ss�s.�. H�Ho�ow�w d�do�o I�I l�lo�og�g i�in�n a�as�s a�a v�vi�ir�rt�tu�ua�al�l
u�us�se�er�r?�?
There are two ways to log in without using multiple IP addresses.
The first way is to log in as `userSEPvirtual.domain.org', where
`user' is the mailbox name of the virtual user, SEP is one of `@' or
`:' (by default, this is configurable in the `/etc/vmailmgr/'
directory), and `virtual.domain.org' is the virtual domain's name, as
listed in `/var/qmail/control/virtualdomains'.
The second way is to use the internal form of the mailbox name -- that
is, `baseuser-user', where `user' is the same as above, and `baseuser'
is the username of the managing user.
Example: `/var/qmail/control/virtualdomains' contains
testdomain.org:testuser
User `testuser' exists, and has set up a virtual mailbox with the name
`v'. The `separators' variable in `/etc/vmailmgr/' contains `@:'. This
virtual user could log in as `v@testdomain.org', `v:testdomain.org',
or `testuser-v'.
3�3.�.2�2.�. H�Ho�ow�w d�do�o I�I g�ge�et�t a�al�ll�l m�mi�is�sd�di�ir�re�ec�ct�te�ed�d m�ma�ai�il�l s�se�en�nt�t t�to�o m�me�e?�?
In the `vmailmgr/' configuration directory, there is an entry called
`default-username'. If mail to a virtual domain does not match any
users or aliases in that domain, it is delivered to the name listed in
this configuration item if it exists (which defaults to `+'). To make
this deliver to you, simply type:
vaddalias + me
4�4.�. T�Tr�ro�ou�ub�bl�le�es�sh�ho�oo�ot�ti�in�ng�g
4�4.�.1�1.�. B�Bi�in�nd�d e�er�rr�ro�or�r m�me�es�ss�sa�ag�ge�e f�fr�ro�om�m v�vm�ma�ai�il�lm�mg�gr�rd�d.�.
If vmailmgrd reports `vmailmgrd: bind: no such file or directory' when
you start it up, it means that can't create its socket file. By
default, it will try to create the socket file `/tmp/.vmailmgrd'. You
must ensure that `/tmp' is writable, or that the socket is created in
some other place by setting `socket-file' in the configuration.
4�4.�.2�2.�. E�Er�rr�ro�or�r s�se�en�nd�di�in�ng�g t�to�o a�an�n a�al�li�ia�as�s:�: q�qm�ma�ai�il�l-�-q�qu�ue�eu�ue�e e�ex�xi�it�te�ed�d w�wi�it�th�h a�an�n e�er�rr�ro�or�r!�!
If qmail reports "deferral: vdeliver: qmail-queue exited with an
error!", check where your qmail is installed. On Debian systems, you
will need to type "ls -s /usr/sbin /var/qmail/bin", since they've
installed the qmail binaries into /usr/sbin.
4�4.�.3�3.�. R�Ru�un�nn�ni�in�ng�g v�vm�ma�ai�il�lm�mg�gr�rd�d f�fa�ai�il�ls�s.�.
When run by itself, vmailmgrd will report "Timed out waiting for
remote". vmailmgrd needs to be run from unixserver, part of the
ucspi-unix package available at <http://em.ca/~bruceg/ucspi-unix/>.
4�4.�.4�4.�. P�PO�OP�P3�3 o�or�r I�IM�MA�AP�P l�lo�og�gi�in�ns�s t�ta�ak�ke�e 3�30�0 s�se�ec�co�on�nd�ds�s o�or�r l�lo�on�ng�ge�er�r.�.
This is almost certainly a DNS lookup problem. Make sure that DNS
lookups aren't timing out, that lookups on all your IP addresses
aren't failing, and that you can lookup remote addresses as well.
If you are using 'tcpserver' for the head end to qmail-pop3d, then you
may want to the following 2 switches to the command line: -R and -H.
The former prevents tcpserver from attempting to obtain TCPREMOTEINFO
from the remote host. This eliminates an "ident" lookup that may be
being blocked or silently dropped by a firewall. The latter prevents
tcpserver from doing a DNS lookup on the remote IP.
5�5.�. M�Mi�is�sc�ce�el�ll�la�an�ne�eo�ou�us�s
5�5.�.1�1.�. H�Ho�ow�w d�do�o I�I g�ge�et�t i�in�n c�co�on�nt�ta�ac�ct�t w�wi�it�th�h o�ot�th�he�er�r u�us�se�er�rs�s?�?
There is a mailing list run by the author. To subscribe, send an e-
mail (content and subject line is ignored) to <mailto:vmailmgr-
subscribe@lists.em.ca>.
Remember that if you have a problem that you want us to diagnose, we
need to know the following important details:
1. The output of `qmail-showctl`
2. The contents of the vmailmgrd log for the attempt you are trying to
diagnose
3. The contents of the qmail and smtpd logs for a failed delivery
attempt
4. The contents of the pop3d logs for a failed login attempt
5. The complete command line with which vmailmgrd and qmail-pop3d was
invoked
Please do not contact the author directly with vmailmgr questions.
5�5.�.2�2.�. A�Ar�re�e d�de�ev�ve�el�lo�op�pm�me�en�nt�t v�ve�er�rs�si�io�on�n o�of�f v�vm�ma�ai�il�lm�mg�gr�r a�av�va�ai�il�la�ab�bl�le�e a�an�ny�yw�wh�he�er�re�e?�?
Yes, they are available through anonymous CVS. To access the CVS
server, set your CVSROOT to :pserver:cvs@bruce-
guenter.dyndns.org:/CVS, log in with an empty password, and check out
the vmailmgr module.
5�5.�.3�3.�. H�Ho�ow�w d�do�oe�es�s i�in�nc�co�om�mi�in�ng�g e�em�ma�ai�il�l g�ge�et�t h�ha�an�nd�dl�le�ed�d?�?
Incoming email is first received by the qmail SMTP daemon and inserted
into the qmail queue. Then `qmail-send' examines the email envelope
(which details the recipient address or addresses) to determine how to
dispatch the message. It looks up the domain name of each recipient in
`/var/qmail/control/virtualdomains', and prefixes the user name with
the string that it finds. It then looks up the resulting user name in
the system password table (or in `/var/qmail/users/cdb' if it exists)
to find the base user name and home directory (which I will call
`$HOME'). It then looks for the file `$HOME/.qmail-VIRTUAL'. If that's
not found, it looks for the file `$HOME/.qmail-default', which will
contain an instruction to pipe the message to `vdeliver'.
This is where vmailmgr first enters the picture. The virtual user name
is sent to `vdeliver' through environment variables. It looks in the
configuration files (in `$HOME/.vmailmgr' and then in `/etc/vmailmgr')
to determine the location of the password table, and looks up the
virtual user name in the table to determine delivery instructions. If
the name is not found, the message is bounced and delivery ends.
Otherwise, it then looks for the `vdeliver-predeliver' script in the
configuration directories (in reverse order) and executes any that are
found. It then delivers the message to all the listed destinations --
an optional mailbox directory and zero or more forwarding addresses.
Finally, it looks for the `vdeliver-postdeliver' script and executes
any that are found.
5�5.�.4�4.�. H�Ho�ow�w d�do�oe�es�s o�ou�ut�tg�go�oi�in�ng�g e�em�ma�ai�il�l g�ge�et�t h�ha�an�nd�dl�le�ed�d?�?
Outgoing email is not handled by vmailmgr. For details on outgoing
email handling, check the qmail documentation.
5�5.�.5�5.�. W�Wh�ha�at�t a�ab�bo�ou�ut�t s�se�ec�cu�ur�ri�it�ty�y o�of�f C�CG�GI�I a�an�nd�d P�PH�HP�P f�fu�un�nc�ct�ti�io�on�ns�s?�?
The socket used by the daemon is a UNIX-domain socket (as opposed to
Internet-domain), meaning you need local access on the computer to
open up a connection. The path for this socket is run-time
configurable.
The daemon forks a new connection for each connection, up to a
configurable maximum (at which point it stops listening, IIRC, I
should verify this). The idea of threading has been completely
discarded to avoid a bug in a command creeping in and makeing the
whole server break.
The protocol spoken over the socket is explicitly bounded to at most
64kB of data, and all data is prefixed by a size. Static-sized
buffers are only used with static-sized reads, and therefore can't be
overflowed with stack-smashing tricks.
The daemon commands setuid to the appropriate user as soon as the base
user has been verified, to avoid doing any more than necessary as
root, as well as to avoid the possibility of tricking the daemon into
reading a file another user wouldn't normally have access to.
To help avoid DoS on the local computer, a 1-second alarm is set as
soon as the connection is received, and is only cleared once all the
data has been read. If it takes longer than 1 second to read the data
from the socket, the server process exits.
5�5.�.6�6.�. W�Wh�ha�at�t a�ar�re�e t�th�he�e d�di�if�ff�fe�er�re�en�nc�ce�es�s b�be�et�tw�we�ee�en�n v�vm�ma�ai�il�lm�mg�gr�r a�an�nd�d v�vp�po�op�pm�ma�ai�il�l?�?
The primary difference between vmailmgr and vpopmail is the use of
base users. With vmailmgr there is one base user for each virtual
domain. With vpopmail, there is one base user for the entire virtual
domain system.