A quick guide to vpopmail with PostgreSQL

A QUICK GUIDE TO VPOPMAIL WITH POSTGRESQL

Original of this document is available from http://www.bowe.id.au/michael/isp/vpopmail-postgresql.htm

ABOUT THESE NOTES

I am one of the developers for the vpopmail package. On my own servers I actually use the MySQL backend. I observed that the documentation included in the vpopmail package for PostgreSQL was fairly lacking, so I cobbled together these notes.

vpopmail and PostgreSQL are both running on the same machine.

You should not permit end-users to have shell access to this server. PostgreSQL by default allows any local user to access any database on the server. You can certainly tighten the security of the default PostgreSQL installation, but it is pretty much futile considering that vpopmail stores the PostgresSQL login/pass in the "libvpopmail.a" file. It is straightforward for any knowledgeable local user to be able to extract the user/pass from this file

I have successfully used these notes to build Redhat 7.2, 7.3 and 8.0 based servers

All the commands shown below have been run as root.

Follow these notes at your own risk...!

QMAIL

follow the setup instructions at "Life with qmail"

POSTGRESQL

www.postgresql.org

We will be using PostgreSQL to store all the domain and mailbox account information for vpopmail.

Setup an account for the PostgreSQL server to run under :

useradd postgres

Download and unpack the source

cd /usr/local/src
wget ftp://ftp.au.postgresql.org/pub/postgresql/v7.3.4/postgresql-7.3.4.tar.gz
tar xzf postgresql-7.3.4.tar.gz
chown -r root.root postgresql-7.3.4
cd postgresql-7.3.4

Compile source (installs to /usr/local/pgsql)

 ./configure
gmake
gmake install

Create the data directory

mkdir /usr/local/pgsql/data
chown postgres /usr/local/pgsql/data

Run the installation script that creates/verifies all the various system-use tables etc

su postgres
/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data

Fire up the server

/usr/local/pgsql/bin/postmaster -D /usr/local/pgsql/data > /usr/local/pgsql/data/serverlog 2>&1 &

At this point the PostgreSQL daemons should be running. A good way to verify this is to use this command :

ps axf

If all is well, you should be able to see something like this :

388 pts/1 S 0:00 /usr/local/pgsql/bin/postmaster -D /usr/local/pgsql/data
389 pts/1 S 0:00   \_ postgres: stats buffer process 
391 pts/1 S 0:00       \_ postgres: stats collector process

(If you received errors, look in the file /usr/local/pgsql/data/serverlog for debugging info)

Configure PostgreSQL so it is running all the time from bootup onwards

# exit back to the root user from the postgres su
exit
cp /usr/local/src/postgresql-7.3.4/contrib/start-scripts/linux /etc/rc.d/init.d/postgres
chmod 744 /etc/rc.d/init.d/postgres
chkconfig --add postgres
Then I like to use the ntsysv program to double-check that PostgreSQL is set to launch at boot time

VPOPMAIL

Original Authors : http://www.inter7.com/vpopmail
Current Development location : https://sourceforge.net/projects/vpopmail

http://www.inter7.com/vpopmail (Original author's home page)
http://sourceforge.net/projects/vpopmail (The recent vpopmail development work is being done via Sourceforge)

Make the user accounts

# If you are using RH8.0, you will probably need to run this following command,
# because RH8.0 comes preconfigured with UID/GID 89 allocated to postfix
#
# userdel postfix

groupadd -g 89 vchkpw
useradd -g vchkpw -u 89 -d /home/vpopmail vpopmail

# We recommend you use the user and group id's of 89. The FreeBSD folks
# have reserved 89 for the group and 89 for the user for vpopmail. Feel
# free to have the OS assign the group/user id (for example, Solaris won't 
# allow gid 89).

Download and unpack the source

cd /usr/local/src
wget http://telia.dl.sourceforge.net/sourceforge/vpopmail/vpopmail-5.4.4.tar.gz
tar xzf vpopmail-5.4.4.tar.gz
chown -R root.root vpopmail-5.4.4
cd vpopmail-5.4.4

Create the a vpopmail database in PostgreSQL

/usr/local/pgsql/bin/createdb --username=postgres --owner=postgres vpopmail

Now, build the program

./configure \
  --disable-roaming-users \
  --enable-logging=p \
  --disable-ip-alias-domains \
  --disable-passwd=n \
  --enable-clear-passwd \
  --disable-domain-quotas=n \
  --enable-auth-module=pgsql \
  --disable-many-domains \
  --enable-auth-logging \
  --enable-pgsql-logging \
  --enable-valias

  
<-- We arent building roaming user support in this example
<-- Log POP3 authentication errors to syslog (/var/log/maillog)
<-- We don't want IP alias domain support for this example
<-- Don't include /etc/passwd support. Our box doesnt have any "real" users, only vpopmail users
<-- Enable storing passwords in cleartext. Makes your support staff's life much easier!
<-- Disable support for domain-wide disk usage quotas
<-- Store all the user and domain information in PostgreSQL rather than using disk-based "cdb" files
<-- Tell vpopmail to create one PostgreSQL table per email domain
<-- Maintain a lastauth table in PostgreSQL (shows when / how a user last accessed their email)
<-- Maintain the vlog table in PostgreSQL (shows failed authentication requests)
<-- Enable PostgreSQL valias processing

make
make install-strip

Review the contents of the file is used to set the default limits for any domains / mailboxes in the vpopmail system. Make sure it contains reasonable defaults for your system.

vi ~vpopmail/etc/vlimits.default

Optionally, nominate a "default domain". Users in this domain can login to POP3 etc using just their username. Users from all other domains need to use their full email address as their login name.

echo "yourdomain.com" > /home/vpopmail/etc/defaultdomain

Setup the quota warning message that is sent to users when they are at 90% quota

vi quotawarn.msg

From: SomeCompany Postmaster <postmaster@yourdomain.com>
Reply-To: postmaster@yourdomain.com
To: SomeCompany User:;
Subject: Mail quota warning
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

Your mailbox on the server is now more than 90% full.

So that you can continue to receive mail,
you need to remove some messages from your mailbox.

If you require assistance with this,
please contact our support department :

  email : support@yourdomain.com
  Tel   : xx xxxx xxxx

cp quotawarn.msg /home/vpopmail/domains/.quotawarn.msg

If you want, you can alter the standard message that gets sent to the sender in an overquota situation

echo "Message rejected. Not enough storage space in user's mailbox to accept message." > /home/vpopmail/domains/.over-quota.msg

OK, vpopmail is now installed!

Some example vpopmail commands :

To add a domain :
/home/vpopmail/bin/vadddomain yourdomain.com yourpassword
# this creates the domain and makes a mailbox postmaster@yourdomain.com
To add a mailbox:
/home/vpopmail/bin/vadduser someone@yourdomain.com apassword
(Or you can do it via qmailadmin)
To remove a mailbox
/home/vpopmail/bin/vdeluser someone@yourdomain.com
(Or you can do it via qmailadmin)
To remove a domain :
/home/vpopmail/bin/vdeldomain yourdomain.com
To change a user's password
/home/vpopmail/bin/vpasswd someone@yourdomain.com newpassword
(Or you can do it via qmailadmin)
To lookup info about a user
/home/vpopmail/bin/vuserinfo someone@yourdomain.com
This gives you info such as name, crypted password, cleartext password, dir, quota, usage%, last auth.
It has a number of flags to let you see the individual fields, or you can see them all if you dont use any flags.

It also creates the maildirsize file in the users dir

Logging in via POP3

When your users are setting up their POP3 email clients (eg Outlook Express), they should use settings like this :

My incoming mail server is a POP3 server
Incoming mail server (POP3): pop3.yourdomain.com
Outgoing mail server (SMTP): smtp.yourdomain.com
POP3 account name : theirusername@yourdomain.com
Password: theirpassword

When you configured vpopmail, you had the opportunity to nominate a "default" domain. When users from the default domain authenticate, it is optional for them to add the @yourdomain.com onto the end of their username. If vpopmail sees that no domain has been specified, then it will automatically perform the auth against the nominated default domain. If you are hosting multiple domains, then everyone who is NOT in the default domain MUST add their domain name onto the end of their username. (A small percentage of email programs eg Netscape Mail v4.7 do not permit the use of the @ symbol in account name. In this case you can use the % symbol instead of the @ symbol)

TIPS FOR SETTING UP THE POP3 DAEMON

I would recommend that you use the pop3 daemon that is included with qmail. Note that there are a couple of important issues that you need to watch out for :

ISSUE 1 : Make sure you give your pop3d run script sufficient memory to execute successfully.

The error that is typically displayed in this situation is :

Mail server responded /vpopmail/bin/vchkpw: error while loading shared libraries libc.so.6: failed to map segment from shared object: cannot allocate memory.

Most configuration examples for the qmail POP3 server (eg "Life with qmail") will not work correctly when you are using vpopmail with PostgreSQL backend. The problem is that these sample POP3 supervise run scripts do not allocate enough memory for vpopmail with PostgreSQL to operate correctly.

If you were running vpopmail without PostgreSQL there would be no problems, but when you compile vpopmail with the PostgreSQL backend, quite a few additional libraries are linked in to the vpopmail code, meaning that it requires a larger softlimit setting to be able to run correctly.

Most examples show the POP3 supervise script with a softlimit of 2000000, but you will need to bump this up to 4000000 to allow vpopmail with PostgreSQL to run correctly.

eg /var/qmail/supervise/qmail-pop3d/run
#!/bin/sh
exec /usr/local/bin/softlimit -m 4000000 \
/usr/local/bin/tcpserver \
  -H -l hostname.yourdomain.com \
  -v -c 30 -R 0 pop3 \
/var/qmail/bin/qmail-popup hostname.yourdomain.com \
/home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1
# The line in orange should be used if you are running qmail on a computer
# that is on a LAN that is using fake ips/masquerading.
# It tells tcpserver not to bother trying to resolve ip addresses 
# to names when writing the pop3 log files. Usually with fake ips,
# you cant resolve them to names, so it will make the POP3 services run 
# really slowly if it is always trying to resolve these addresses.
# Alternatively, if you are eg an ISP and all your POP3 clients are 
# connecting from real IPs with resolvable names, then you can omit 
# the orange line and then then benefit from more readable logfiles.

ISSUE 2 : The qmail POP3 server needs to be patched to allow vpopmail's quotas to work correctly

You will need to apply a patch so that qmail's POP3 server will co-operate with vpopmail's mailbox quota system.

Unless you apply this patch, your vpopmail mailbox quotas wont be updated correctly when users POP mail out of their mailbox.
# go to your qmail source directory
cd /usr/local/src/qmail-1.03
# grab the patch
wget http://www.shupp.org/patches/qmail-maildir++.patch 
# apply patch to make qmail-pop3d compatible with the maildir++ quota
# system that is used by vpopmail and courier-imap
patch < qmail-maildir++.patch
# stop your qmail server
qmailctl stop
# recompile qmail
make setup check
# start the qmail server
qmailctl start

Also available....

Back to Michael's ISP Links page

Last updated : 29-Dec-2006
Please send me your feedback!
( I have an Amazon wish list )