Hi Guys,

I've been a Qmail users since Peter Samuel at SLUG.org.au did his talk a
long long time ago.

Now down to business. I have an issue with vpopmail failing with
virtualmin, a webmin spin off..

Basically what happening is this, virtualmin is configuring
|/var/vpopmail/bin/vdelivermail user@domain for aliases and it's breaking.
Why it's breaking I don't exactly know why, because according to the valias
code pipes are supported.

I seek confirmation on the mysql implementation of vmail aliases.

* multiple aliases for the same domain are supported (true)
* if qmail extensions are used (user-ext@domain) in aliases they will be
used INSTEAD of the user's alias (?)
* qmail extensions are supported on aliases if there is not a better match
(see above)
? how do qmail extensions on aliases flow through to the user accounts ?
* pipes are supported (true) (see caveat)
* &forwarding is supported - in order to support non-standard email naming
conventions i.e. dot qmail compliancy (true?)
* mbox delivery is not supported (true)
* if no hostname is provided on alias it will use
/var/qmail/control/defaultdelivery (true? seems to be using
/var/qmail/bin/qmail-inject at some point noenvhost is ignored)
* aliases are processed before users (true)
* if the database is down, a soft delivery delay occurs (true)
* mail loops for valiases only are detected (true) (not for user accounts
bouncing back to a valias??)
* delivery to maildir folders are supported if the full path is specified
* delivery to maildir folders are supported for relative paths in relation
to vpopmail's home directory defined in /etc/passwd (true?) i.e. ./domains/
hiled.biz/user/.maildir/ is prepended by vpopmail's home directory
* a maildir folder needs a ./ or a / at the beginning of the line to be
processed (true/false?)
* anything else that should go into the readme file thats not there....

I do hope some people can look at that virtualmin ticket to theorize why
vdelivermail doesn't like calling itself to do another delivery.
The issue doesn't affect me, it's just that some other setup's and indeed
virtualmin's non-sql-backend setups are all doing it this way.
It did take day to hunt down, but finally my pain is over (i never thought
of checking the valias database)

I'm also petitioning virtualmin to be fixed fixed to work with gentoo's
defacto .maildir defaultdelivery standard for qmail. They had hardcoded
./Maildir in their source.

Speaking of the maildrop patch for virtualmin, I don't like it in it's
current form. It's messy.
I think that vpopmail should support this setup instead.

1) If a domain is not owned by vpopmail:vckpwd/vpopmail still configure
/var/qmail/users/assign to use uid/gid 89 (vpopmail) - see below, this
should be configured by a #ifdef MAILDROP
2) Add maildrop to your system as SUID with it set up that vpopmail is a
trusted user. --configure-trusted-users=x,y,z,vpopmail in maildrop
configure script.
[ Due to the amount of personal information vpopmail system could release,
it should be pretty locked down anyway if any system administrator is worth
his salt.]
3) I patched vdelivermail to spawn vpopmail in LDA mode.
--- vdelivermail.c.orig    2012-08-03 06:51:43.397294158 +0000
+++ vdelivermail.c    2012-08-03 07:56:38.802799846 +0000
@@ -409,7 +409,7 @@
 #ifdef MAILDROP
       if ( limits.disable_maildrop==0 && vpw!=NULL &&
            !(vpw->pw_gid & NO_MAILDROP) ) {
-    sprintf(maildrop_command, "| preline %s", MAILDROP_PROG);
+    sprintf(maildrop_command, "| preline %s -a -d %s@%s", MAILDROP_PROG,
TheUser, TheDomain);
     DeleteMail = 1;
This way maildrop sets up the home directory, the maildir directory and the
appropriate user ID tself. You can still have site-wide configuration by
4) To make point #3 working you need courier-authlib working. They have
just recently the removed vpopmail authentication backend. However SQL /
LDAP or whatever vpopmail uses can be queried. Here is an an example for

#address of mysql server
MYSQL_SERVER            localhost

#login for mysql
MYSQL_USERNAME          vpopmail

#password for mysql
MYSQL_PASSWORD          secret
# of course i don't use the default password ^%%
#path to mysql socket
MYSQL_SOCKET            /var/run/mysqld/mysqld.sock

#mysql port
#MYSQL_PORT              3306

#mysql options (leave alone)
MYSQL_OPT               0

#name of mysql database
MYSQL_DATABASE          vpopmail
MYSQL_USER_TABLE        vpopmail
#mysql charset to use

#default domain to use, when no domain is supplied by user
DEFAULT_DOMAIN          hiled.biz

#MYSQL_CRYPT_PWFIELD     pw_passwd
#MYSQL_CLEAR_PWFIELD    pw_clear_passwsd
#MYSQL_LOGIN_FIELD       CONCAT(pw_name, '@', pw_domain)
#MYSQL_NAME_FIELD        pw_gecos
#MYSQL_HOME_FIELD        pw_dir
#MYSQL_QUOTA_FIELD       pw_shell
#ISNUMERIC(pw_shell) AS quota,

MYSQL_SELECT_CLAUSE     SELECT CONCAT(pw_name, '@', pw_domain) AS username,
                        pw_passwd AS cryptpw, \
                        pw_clear_passwd AS clearpw, \
                        if (pw_uid = '0','89',pw_uid) AS uid, \
                        if (pw_uid = '0','89',pw_gid) AS gid, \
                        pw_dir AS home, \
                        CONCAT(pw_dir, '/.maildir/') AS maildir, \
            if (pw_shell = 'NOQUOTA', '', pw_shell) AS quota, \
                        pw_gecos AS fullname, \
                        'disablewebmail=0,disablepop3=0,disableimap=0' AS
options \
                        FROM vpopmail  WHERE \
                        pw_name = '$(local_part)' AND pw_domain =

username,             \
                        pw_passwd AS cryptpw, \
                        pw_clear_passwd AS clearpw, \
                        if (pw_uid = '0','89',pw_uid) AS uid, \
                        if (pw_uid = '0','89',pw_gid) AS gid, \
                        pw_dir AS home, \
                        CONCAT(pw_dir, '/.maildir/') AS maildir, \
            if (pw_shell = 'NOQUOTA', '', pw_shell) AS quota, \
                        pw_gecos AS fullname, \
                        'disablewebmail=0,disablepop3=0,disableimap=0' AS
options \
                        FROM vpopmail;

            SET pw_clear_passwd='$(newpass)', \
                pw_passwd='$(newpass_crypt)' \
            WHERE pw_name='$(local_part)' \
            AND pw_domain = '$(domain)' ;

I think pw_gid should be hardcoded as 89, though it shouldn't matter as all
mail is umasked 007 anyway.

As you can see it works.
crm authlib # authtest u...@hiled.biz
Authentication succeeded.

     Authenticated: u...@hiled.biz  (uid 89, gid 89)
    Home Directory: /var/vpopmail/domains/hiled.biz/user
           Maildir: /var/vpopmail/domains/hiled.biz/user/.maildir/
             Quota: 536870912S

Should I have a / on the end of the .maildir in maildrop? I've seen
examples of it not there.
Now I can have some scripting (per site and per user) before the real LDA -
from dovecot gets called. No messy configuration in vpopmail either.

What do you think? Can the maildrop patch be updated to be less of a hack
and more of a real LDA, to have it called the same way it is from courier /




Reply via email to