+ VMailMgr FAQ +

+ + VMailMgr FAQ + + + Bruce Guenter , + Dan Kuykendall + + + v1.0, 23 April 2000 + + + VMailMgr Frequently Asked Questions. + + + + +Building and Installing + +What compiler and libraries do I need to build vmailmgr? +

+ You will need a working C and C++ compiler and linker. You will not + need any C++ libraries. The package is being developed under Linux + using egcs and glibc version 2, and may rely on some gcc/g++ + extensions. +

+ +Does vmailmgr work with shadow passwords? +

+ This package should work without changes both with and without + shadow passwords as long as the shadow password libraries are + present when this package is built. The `configure' script will + detect what method of shadow passwords are being used and the + programs will be built accordingly. +

+ +Does vmailmgr support IMAP? +

+ Yes, vmailmgr supports Courier-IMAP. Some minor steps are needed to + make them work, the steps are in the next section of this file. +

+ +Setup and Configuration + +What other software is needed to run vmailmgr? +

+ VMailMgr is based around qmail's handling of virtual users, and as + such requires qmail for its operation. If you wish to use the `init' + file to start/stop vmailmgrd or are installing the RPM package, + supervise-scripts version 2.2 (or later, available at ) and daemontools 0.60 + (or later, available at ) packages are + required. If you need to use the vmailmgrd daemon, you + will also need the unixserver program, from the ucspi-unix + package, available at . +

+ +

+ If you want to use the autoresponse feature, I recommend the use of + my own autoresponder program, qmail-autoresponder available + at . +

+ +How do I record the output of vmailmgrd with syslog? +

+ Output from vmailmgrd can be recorded by either splogger (part of + qmail) or with the logger that comes with several flavours of + UNIX. To use splogger, pipe the output of vmailmgrd into the command + `splogger vmailmgrd'. This will timestamp each entry and tag them + with the word `vmailmgrd'. By default, splogger logs to facility 2 + (mail). To use logger, pipe the output of vmailmgrd into the + comamand `logger -t vmailmgrd -p mail.notice'. See the + respective man pages of these two programs for more information. +

+ Note: The use of syslog for logging messages is strongly discouraged + due to problems with inefficent and buggy implementation of syslog. +

+ +How do I record the output of vmailmgrd with multilog? +

+ Make a directory into which the output will go, for example + `/var/log/vmailmgrd'. Pipe the output of vmailmgrd into the + command `multilog t /var/log/vmailmgrd'. See the + documentation for multilog for more information on how to adjust its + output. +

+ +How do I setup VMmailMgr IMAP support? +

+ VMailMgr supports Courier-IMAP, but Courier-IMAP does not auto + detect VMailMgr. This means that some minor work is required for + making the two work together. + + You must copy `/usr/local/bin/authvmailmgr` to + `/usr/lib/courier-imap/libexec/authlib/authvmailmgr`. + Then modify the `AUTHMODULES` statement in + `/usr/lib/courier-imap/etc/imapd.config` and add + `authvmailmgr` as the first authentication module. + +

+ +Upgrading from Previous Versions +

+ If you are upgrading from an older version, you may need to make + some changes to your system before or after doing the upgrade. The + following table outlines the necessary changes. Note that you need + to follow the instructions for all later versions of the software. +

+ If you are upgrading from version: + +0.96.6 or earlier +

+ The `vmailmgrd' daemon needs to be run by unixserver, as opposed + to being a stand-alone program previously. +

+0.96.2 or earlier +

+ Make sure the `vmailmgrd' daemon and vmailmgr CGIs are disabled + before upgrading, and upgrade them along with the main + package. Changes were made to the daemon interface that will + cause adding users and aliases to flake out. As well, the + listdomain interface was completely redone. +

+0.94 or earlier, using the POP bulletin facility +

+ The POP bulletin facility has been moved into a stand-alone + program that needs to be executed through `checkvpw-postsetuid'. +

+0.93 or earlier +

+ If you do not use the CGIs, you no longer need to run the + `vmailmgrd' daemon. +

+0.92.2 or earlier +

+ The configuration changed from reading a single file to reading a + set of files in a directory. Read the configuration documentation + and run the program `vconf2dir'. +

+0.90.2 or earlier +

+ The name of the user to which mail to an unknown user is + delivered changed from `*' to `+'. If you were using this + feature, either change all your domains to accomodate this + change, or set the `default-username' config file to contain `*'. +

+0.88 or earlier +

+ The file format of the virtual password tables has changed from + plain text files to CDB tables. You will need to suspend local + deliveries before upgrading, and run the program `vpasswd2cdb' as + each base user after upgrading, before re-enabling local + deliveries. + +

+ +How do I configure qmail+patches to use vmailmgr for POP? +

+Put the string `checkvpw' into the file +`/etc/qmail/control/checkpassword' and restart pop3d by +typing `/etc/rc.d/init.d/pop3d restart'. +

+ +How do I allow clients to relay SMTP through me? +

+ Download and install relay-ctrl from . + It works with vmailmgr, for both POP3 and IMAP clients. +

+ +Usage + +I can only use one IP address. How do I log in as a virtual user? +

+ There are two ways to log in without using multiple IP addresses. +

+ The first way is to log in as `userSEPvirtual.domain.org', where + `user' is the mailbox name of the virtual user, SEP is one of `@' or + `:' (by default, this is configurable in the + `/etc/vmailmgr/' directory), and + `virtual.domain.org' is the virtual domain's name, as + listed in `/var/qmail/control/virtualdomains'. +

+ The second way is to use the internal form of the mailbox name -- + that is, `baseuser-user', where `user' is the same + as above, and `baseuser' is the username of the managing + user. + + Example: `/var/qmail/control/virtualdomains' contains + + testdomain.org:testuser + + User `testuser' exists, and has set up a virtual mailbox + with the name `v'. The `separators' variable in + `/etc/vmailmgr/' contains `@:'. This virtual user + could log in as `v@testdomain.org', + `v:testdomain.org', or `testuser-v'. +

+ +How do I get all misdirected mail sent to me? +

+ In the `vmailmgr/' configuration directory, there is an + entry called `default-username'. If mail to a virtual + domain does not match any users or aliases in that domain, it is + delivered to the name listed in this configuration item if it exists + (which defaults to `+'). To make this deliver to you, + simply type: + + vaddalias + me + +

+ +Troubleshooting + +Bind error message from vmailmgrd. +

+ If vmailmgrd reports `vmailmgrd: bind: no such file or + directory' when you start it up, it means that can't create its + socket file. By default, it will try to create the socket file + `/tmp/.vmailmgrd'. You must ensure that `/tmp' is + writable, or that the socket is created in some other place by + setting `socket-file' in the configuration. +

+ +Error sending to an alias: qmail-queue exited with an error! +

+ If qmail reports "deferral: vdeliver: qmail-queue exited with an + error!", check where your qmail is installed. On Debian systems, + you will need to type "ls -s /usr/sbin /var/qmail/bin", + since they've installed the qmail binaries into /usr/sbin. +

+ +Running vmailmgrd fails. +

+ When run by itself, vmailmgrd will report "Timed out waiting for + remote". vmailmgrd needs to be run from unixserver, part of + the ucspi-unix package available at . +

+ +POP3 or IMAP logins take 30 seconds or longer. +

+ This is almost certainly a DNS lookup problem. Make sure that DNS + lookups aren't timing out, that lookups on all your IP addresses + aren't failing, and that you can lookup remote addresses as well. +

+ +

+ If you are using 'tcpserver' for the head end to qmail-pop3d, then you + may want to the following 2 switches to the command line: -R + and -H. The former prevents tcpserver from attempting to + obtain TCPREMOTEINFO from the remote host. This eliminates an "ident" + lookup that may be being blocked or silently dropped by a firewall. + The latter prevents tcpserver from doing a DNS lookup on the remote + IP. +

+ +Miscellaneous + +How do I get in contact with other users? +

+ There is a mailing list run by the author. To subscribe, send an + e-mail (content and subject line is ignored) to . +

+ Remember that if you have a problem that you want us to diagnose, we + need to know the following important details: + + The output of `qmail-showctl` + The contents of the vmailmgrd log for the attempt you are + trying to diagnose + The contents of the qmail and smtpd logs for a failed delivery + attempt + The contents of the pop3d logs for a failed login attempt + The complete command line with which vmailmgrd and qmail-pop3d + was invoked + + Please do not contact the author directly with vmailmgr questions. +

+ +Are development version of vmailmgr available anywhere? +

+ Yes, they are available through anonymous CVS. + To access the CVS server, set your CVSROOT to + :pserver:cvs@bruce-guenter.dyndns.org:/CVS, log in with an + empty password, and check out the vmailmgr module. +

+ +How does incoming email get handled? +

+ Incoming email is first received by the qmail SMTP daemon and + inserted into the qmail queue. Then `qmail-send' examines + the email envelope (which details the recipient address or + addresses) to determine how to dispatch the message. It looks up the + domain name of each recipient in + `/var/qmail/control/virtualdomains', and prefixes the user + name with the string that it finds. It then looks up the resulting + user name in the system password table (or in + `/var/qmail/users/cdb' if it exists) to find the base user + name and home directory (which I will call `$HOME'). It + then looks for the file `$HOME/.qmail-VIRTUAL'. If that's + not found, it looks for the file `$HOME/.qmail-default', + which will contain an instruction to pipe the message to + `vdeliver'. +

+ This is where vmailmgr first enters the picture. The virtual user + name is sent to `vdeliver' through environment variables. It looks + in the configuration files (in `$HOME/.vmailmgr' and then + in `/etc/vmailmgr') to determine the location of the + password table, and looks up the virtual user name in the table to + determine delivery instructions. If the name is not found, the + message is bounced and delivery ends. Otherwise, it then looks for + the `vdeliver-predeliver' script in the configuration + directories (in reverse order) and executes any that are found. It + then delivers the message to all the listed destinations -- an + optional mailbox directory and zero or more forwarding + addresses. Finally, it looks for the `vdeliver-postdeliver' + script and executes any that are found. +

+ +How does outgoing email get handled? +

+ Outgoing email is not handled by vmailmgr. For details on outgoing + email handling, check the qmail documentation. +

+ +What about security of CGI and PHP functions? +

+The socket used by the daemon is a UNIX-domain socket (as opposed to +Internet-domain), meaning you need local access on the computer to +open up a connection. The path for this socket is run-time +configurable. +

+The daemon forks a new connection for each connection, up to a +configurable maximum (at which point it stops listening, IIRC, I +should verify this). The idea of threading has been completely +discarded to avoid a bug in a command creeping in and makeing the +whole server break. +

+The protocol spoken over the socket is explicitly bounded to at most +64kB of data, and all data is prefixed by a size. Static-sized +buffers are only used with static-sized reads, and therefore can't be +overflowed with stack-smashing tricks. +

+The daemon commands setuid to the appropriate user as soon as the base +user has been verified, to avoid doing any more than necessary as +root, as well as to avoid the possibility of tricking the daemon into +reading a file another user wouldn't normally have access to. +

+To help avoid DoS on the local computer, a 1-second alarm is set as +soon as the connection is received, and is only cleared once all the +data has been read. If it takes longer than 1 second to read the data +from the socket, the server process exits. +

+ +What are the differences between vmailmgr and vpopmail? +

+ The primary difference between vmailmgr and vpopmail is the use of + base users. With vmailmgr there is one base user for each virtual + domain. With vpopmail, there is one base user for the entire + virtual domain system. +

+ +