Blue Flower

Sunday, 05 July 2015 17:10

Archived Post

Written by

I found this post on the internet and saved it here.

March 14, 2003

qmail. vpopmail. procmail.

How comes they just don't want to work together?

procmail: Program failure (100) of "/var/qmail/vpopmail/bin/vdelivermail"
From
This email address is being protected from spambots. You need JavaScript enabled to view it. Fri Mar 14 02:12:30 2003
Subject: test
Folder: **Bounced**                                                       782

Anyone seen this problem before?

Posted by imajes at March 14, 2003 09:36 AM | TrackBack
Comments
  1. I just finished working on exactly this problem. It took me more than 12 hours to solve it. Non of what Google came up with worked for me.
    This is my procmailrc file

    ###### Procmairc start ##########
    #
    # Uncomment these if you want to debug
    #VERBOSE=ON
    #LOGFILE=/tmp/procmail.log
    # Find the users home directory and store in variable
    VIRTUALHOME=`/var/vpopmail/bin/vuserinfo -d $EXT@$HOST`

    # Location of safecat
    SAFECAT=/usr/local/bin/safecat

    # Location of the users Maildir
    MAILDIR=$VIRTUALHOME/Maildir

    # Give each user a spamfolder where spam-tagged mail will be delivered.
    SPAMDIR=$VIRTUALHOME/Maildir/.Spam

    # Check if the user have a spamfolder, if not, create one.
    # We never use this variable, but the command will be executed, dirty dirty.
    CHECKSPAMFOLDER=`if [ ! -d $SPAMDIR ]; then /var/courier-imap/bin/maildirmake $SPAMDIR && chown -R vpopmail:vchkpw $SPAMDIR && echo "INBOX.Spam >> $MAILDIR/courieimapsubscribed"; fi`

    # Finally we can let SpamAssassin check our mail.
    :0fw
    | /usr/bin/spamassassin

    # If the message is tagged as spam, put it in spamfolder
    :0w
    * ^X-Spam-Status: Yes
    | $SAFECAT $MAILDIR/tmp $SPAMDIR/new

    # If the message is considered clean, deliver as normal.
    :0w
    | $SAFECAT $MAILDIR/tmp $MAILDIR/new

    ###### Procmairc end ##########

    NOTE: The CHECKSPAMFOLDER is only for squirrelmail.

    In .qmail-default iI have this:
    | preline /usr/bin/procmail -p -m /path/to/procmailrc

    Good luck

  2. Great Help! This file was exactly what I have spent ages looking for!

    Have you had problems with the qmail message que getting quite long? Just wondering ....

  3. Hi, we have been using the script you suggested and it works well. Although how do you catch email accounts that do not exist? Any help would be great!

  4. On my server, where vpopmail uses MySQL and so on, the solution presented on the first comment fails on alias users, for example if the user has an account 'firstnameX', the vuserinfo fails to find user as ' This email address is being protected from spambots. You need JavaScript enabled to view it. ', which is kinda groody.
    (The solution would've been quite what i've been searching for otherwise.)

    Another thing I haven't quite figured out yet are the .qmail-user -files, procmail gets run only if it's in domain's .qmail-default , and .qmail-username -files never seem to get processed. If anyone would've thoughts on these issues, I'd be pleasantly surprised to get back an email covering them.

    cheers.

  5. as Adrian commented on catching email accounts that doesnt exist, I tried putting

    :0w
    |/var/vpopmail/bin/vdelivermail '' bounce-no-mailbox

    but it didn't work, mail kept getting requeued.
    my temporary solution was to put

    :0
    *
    /var/vpopmail/domains/dom/postmaster/Maildir/noaccount/


    at the end of procmailrc.

  6. To solve the "non-existent" user problem, I just create a symbolically linked .qmail-username file for each user to a file called .qmail-template. The .qmail-template file contains what the author listed above. My .qmail-default file then looks like
    "| /var/vpopmail/bin/vdelivermail '' delete" to delete the messages
    or you can use
    "| /var/vpopmail/bin/vdelivermail '' bounce-no-mailbox" to bounce the message
    With the .qmail-default set to one of these I do not have to worry about any non-existent user. Yes it adds one more step after creating a virtual user, but it solves the issue and everything behave like I would want it to.

  7. Great stuff. Here is another solution to the problem, which uses maildrop instead of procmail for the mail delivery:

    http://wotsit.thingy.com/haj/mailfilter-spamassassin-vpopmail.shtml

    Works well in some quick tests, and has no problem with non-existant mailboxes.

    Lawrence

    lawrence (at) aslak (dot) net

Sunday, 05 July 2015 17:10

Installing Simscan

Written by

This is applicable for qmr setups ONLY! If you're using John Simpsons qmail-smtp-run script and his patch, his run file has options for qmail-scanner and simscan. Please refer to his man pages for instructions.

I have simscan working A-OK with QMR and it is much quicker scanning
mails than qmail-scanner due to not having the perl startup overhead.
Saying that simscan is not as mature as QMS and to the best of knowledge
can only use clamav.

These instructions are roughly how I got Simscan to work with QMR.
Please feel free to amend them

download simscan 1.1

# wget http://www.inter7.com/simscan/simscan-1.1.tar.gz

then unpack it

# tar xvzf simscan-1.1.tar.gz

move into its directory

# cd simscan-1.1

and create a file called setup.sh which will hold the compile settings
vi setup.sh

Add a simscan user

# pw useradd simscan -s /sbin/nologin -d /tmp

Add the following content:

# ./configure \
--enable-clamav=y \
--enable-clamdscan=/usr/bin/clamdscan \
--enable-custom-smtp-reject=n \
--enable-attach=y \
--enable-dropmsg=n \
--enable-qmaildir=/var/qmail \
--enable-received=y \
--enable-spam=y \
--enable-spam-passthru=y \
--enable-spamc=/usr/local/bin/spamc \
--enable-qmail-queue=/var/qmail/bin/qmail-queue \
--enable-trophie-socket=/var/run/trophie \
--enable-trophie-path=/usr/local/share/trophie/trophie \
--enable-ripmime=/usr/local/bin/ripmime \
--enable-clamavdb-path=/var/clamav \
--enable-sigtool-path=/usr/bin/sigtool \
--enable-per-domain=y

This config allows for sophie/trophie when they are added and per domain
settings.

make it executable

# chmod 755 startup.sh

then run it

# ./setup.sh

then make simscan with

# make

install it

# make install-strip

fix permissions on the /var/qmail/simscan/ directory

# chmod g+s /var/qmail/simscan/

Set all mails to be scanned, machine wide by editing

# vi /var/qmail/supervise/qmail-smtpd/run

and add the line

# QMAILQUEUE="/var/qmail/bin/simscan"; export QMAILQUEUE

near the top ie. my 1st 5 lines are:

#!/bin/sh
QMAILQUEUE="/var/qmail/bin/simscan"; export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`

alternatively you can have much greater control by stating which actions
to be performed on emails coming from different IP addresses: for
instance mine is set to scan ALL mails and is probably the simplest setup.

Edit the /var/qmail/control/simcontrol file and place your options in there:

# vi /var/qmail/control/simcontrol

As I said above mine scans ALL mails form ALL IP addresses with:
:clam=yes,trophie=no,spam=no

run /var/qmail/bin/simscanmk to convert the
/var/qmail/control/simcontrol into the
/var/qmail/control/simcontrol.cdb file
/var/qmail/bin/simscanmk

restart qmail with

# qmailctl restart

Thursday, 16 June 2016 15:40

Installing vmware tools on FreeBSD

Written by

The only requirement to install Vmware Tools on FreeBSD is to have the compat6x-amd port installed. Please run the commands below:


# cd /usr/ports/misc/compat6x
# make install clean

What you will need to do next is login to vSphere, click the FreeBSD VM and right click it and choose Install/Upgrade Vmware Tools (see screenshot below). It will then popup a screen to install Vmware tools. Just click ok. You can now exit vSphere.



Now lets create the /crom directory and then mount the cdrom drive first.


# mkdir /cdrom
# mount -t cd9660 /dev/cd0 /cdrom

Now lets make a directory, unzip the tarball and then unmount the drive.


# mkdir ~root/vmware
# cd ~root/vmware
# tar zxvf /cdrom/vmware-freebsd-tools.tar.gz
# umount /cdrom

Now lets install vmware tools.


# cd vmware-tools-distrib
# ./vmware-install.pl

Basically all you need to do from here is just hit enter on all the prompts. It will install the startup script in /usr/local/etc/rc.d and it will also install the documentation to /usr/local/share/doc/vmware-tools.

Congrats! You now have Vmware Tools installed on FreeBSD!

Wednesday, 15 June 2016 19:31

Installing and Configuring dehydrated (Was LetsEncrypt)

Written by

Taken from letsencrypt.org:

The objective of Let’s Encrypt and the ACME protocol is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention. This is accomplished by running a certificate management agent on the web server.

To see the entire process take a look at https://letsencrypt.org/how-it-works/
Additional documentation can be found here https://letsencrypt.org/docs/
Also this walkthrough was copied with permission from https://wiki.freebsd.org/BernardSpil/LetsEncrypt

First lets install the port:


# cd /usr/ports/security/dehydrated
# make install clean

Now to setup permissions:


# pw groupadd -n _dehydrated -g 443
# pw useradd -n _dehydrated -u 443 -g 443 -d /usr/local/etc/dehydrated -w no -s /nonexistent
# chown root:_dehydrated /usr/local/etc/dehydrated
# chmod 770 /usr/local/etc/dehydrated
# mkdir -p -m 775 /usr/local/www/.well-known/acme-challenge
# chgrp _dehydrated /usr/local/www/.well-known/acme-challenge

Now to modify Apache configuration:

The acme validation will GET a uniquely named file from http://www.yourdomain.com/.well-known/acme-challenge/

The only way I can make the challenge work is by running the following command:


ln -s /usr/local/www/.well-known/ /usr/local/www/apache24/data

Now every (non-ssl) Virtual Host that you have needs to have the same symlink if you want a cert for each domain

Now what we need to do is create domains.txt and include a list of all domains you want to create certs for:


# cd /usr/local/etc/dehydrated
# cp domains.txt.example domains.txt
# vi domains.txt

Now inside domains.txt put in each domain you want to create a cert for. I'm only using one in this example to make things very easy for you.

Now we need to copy over the config.sh and modify two lines and add one line (I indicate the addition in red):


# cp config.sh.example config.sh
# vi config

now change the following lines. The last line in red is an addition to the config.sh script:

BASEDIR="/usr/local/etc/dehydrated"
WELLKNOWN="/usr/local/www/.well-known/acme-challenge"
alias openssl='/usr/local/bin/openssl'

You will probably want to run LetsEncrypt manually the first time:


# cd /usr/local/etc/dehydrated
# su -m _dehydrated -c 'bash /usr/local/bin/dehydrated --cron'

Now what we need to do is copy the .pem files to apache. In my apache guide we use self-signed certs and we will change apache to use the certs that we just created.


# cd /usr/local/etc/dehydrated/certs/domain.com
# cp fullchain.pem /usr/local/etc/apache24/ssl.crt/domain.com.pem
# cp privkey.pem /usr/local/etc/apache24/ssl.key/domain.com.key

Now we need to edit the httpd-ssl.conf to use the new certificates:


# vi /usr/local/etc/apache24/extra/httpd-ssl.conf

Now find the 2 lines in the httpd-ssl.conf and edit them as follows:

SSLCertificateFile "/usr/local/etc/apache24/ssl.crt/domain.com.pem"
SSLCertificateKeyFile "/usr/local/etc/apache24/ssl.key/domain.com.key"

Now to restart apache:


# /usr/local/etc/rc.d/apache24 restart

If you are using my qmail setup you can use the following commands to create a new qmail certificate.


# cd /usr/local/etc/dehydrated
# cat fullchain.pem > /var/qmail/control/domain.com.pem
# cat privkey.pem >> /var/qmail/control/domain.com.pem

Now what you need to do is edit all the following scripts and change all references of servercert.pem to domain.com.pem

/service/qmail-smtpd-ssl/run
/service/qmail-smtpd-tls/run
/usr/local/etc/dovecot.conf << There are 2 lines to replace servercert.pem

After you edit those files make sure you restart the services.

Now we're not completely done. What we need to do is create a script that will automatically renew the ssl certificates every 3 months. Here is what my current script looks like:

----- START SCRIPT -----
#!/bin/sh

# Run script to renew certs
su -m _dehydrated -c 'zsh /usr/local/etc/dehydrated/config --cron'

# uncomment the following sections as needed.

# Deploy certs to apache once they've been renewed.
# cd /usr/local/etc/dehydrated/certs/domain.com
# cp fullchain.pem /usr/local/etc/apache24/ssl.crt/domain.com.pem
# cp privkey.pem /usr/local/etc/apache24/ssl.key/domain.com.key

# copy the qmail certs over
# cd /usr/local/etc/dehydratedh/certs/domain.com
# cat fullchain.pem > /var/qmail/control/domain.com.pem
# cat privkey.pem >> /var/qmail/control/domain.com.pem
#
# Restart the necessary services
# svc -t /service/qmail-smtpd-ssl
# svc -t /service/qmail-smtpd-tls
# svc -t /service/dovecot/run

# Restart apache
# /usr/local/etc/rc.d/apache24 restart

----- END SCRIPT -----

Thursday, 09 June 2016 18:13

Installing Screen

Written by

Install Screen

Screen is a nice little utility that can enable you do install one thing in the background while doing something else. Install it by doing the following:


# cd /usr/ports/sysutils/screen
# make install clean

We will want to install this as installing the cvsup port takes a while to do. Type rehash and hit Enter. typing rehash just refreshes the terminal we are in IF you're using tcsh. We are going to now add a customization to screen so we don't get the welcome window. Copy /usr/local/share/examples/screen/screenrc to your home dir. We will always want to run screen as root so run the following command:


# cp /usr/local/share/examples/screen/screenrc ~root/.screenrc
# vi ~root/.screenrc

Remove the # in front of # startup_message off so it appears as startup_message off. Change vbell on to vbell off and put in a # in front of vbell_msg " Wuff ---- Wuff!! " so it appears as #vbell_msg " Wuff ---- Wuff!! "

What this will do is tell screen not to show the startup window. Now lets give it a test to get yourself familiar with it. Type rehash and hit Enter and then type screen and hit Enter. You'll notice the screen will flash and then you will be bumped back to a prompt again. You are now in a screen session. To disconnect from screen, hold down CTRL and then hit A and then D. You can let go of the CTRL key. You will see the words [detached].

Now that screen is running in the background, we can reattach to it by typing in screen -rd and hit Enter. If you have more than one screen running and you probably will as get you get more familiar with it, Just run ps -auxw | grep screen. This command will grep (or more simply find) any screen sessions and display their PID. To connect to a screen by PID, just type screen -r PID. Pretty easy eh? I would recommend running screen in this entire step as it is quite lengthy.

Monday, 06 July 2015 00:02

Installing and Configuring Fetchmail

Written by

Getting fetchmail to work with qmail-scanner

In order to get fetchmail to work with qmail-scanner, there are a few things we need to do. The first thing we need to do is to setup fetchmail so it delivers correctly. To do this, what we need is login as root and then create a .fetchmailrc file with the delivery information in it. Start by doing the following:

# cd ~root

# vi .fetchmailrc

You will want to put the following information in the .fetchmailrc file:

poll mail.server.name
with protocol pop3
username user password mypass is This email address is being protected from spambots. You need JavaScript enabled to view it. here

The mail.server.name is the complete pop3 server you want to pull your messages from. The protocol can vary but is most often pop3. The next line gets a little more interesting. We are going to pull the mail for user using password of mypass and then deliver it to This email address is being protected from spambots. You need JavaScript enabled to view it. . The here tells the fetchmail program to deliver the message locally.

Please note that if you want to test this first just to make sure things are working okay, put the word keep at the end of the username section like so:

username user password mypass is This email address is being protected from spambots. You need JavaScript enabled to view it. here keep

This will keep the messages on the server so that way you can check to make sure this works okay before you start ripping messages off you boxes :-)

You can have multiple lines with the username in it like so:

poll mail.server.name
with protocol pop3
username user password mypass is This email address is being protected from spambots. You need JavaScript enabled to view it. here

username user1 password mypass is This email address is being protected from spambots. You need JavaScript enabled to view it. here

username user2 password mypass is This email address is being protected from spambots. You need JavaScript enabled to view it. here

You can also poll multiple pop3/imap servers

poll mail.server.name
with protocol pop3
username user password mypass is This email address is being protected from spambots. You need JavaScript enabled to view it. here

poll mail.server3.name
with protocol IMAP
username user4 password mypass is This email address is being protected from spambots. You need JavaScript enabled to view it. here

poll mail.server4.name
with protocol pop3
username user5 password mypass is This email address is being protected from spambots. You need JavaScript enabled to view it. here

So the .fetchmailrc file can have many different ways to pull messages from different types of mail servers.

If you are using John Simpsons qmail-smtpd/run script, please add the following 2 lines to your .fetchmailrc file. You will want to add this to the section under the protocol section but before the username section. Please replace x.x.x.x with the the IP Address of your qmail server and the cert path if applicable. This is what a typical entry would look like:

poll mail.server.name
with protocol pop3
sslcertck sslcertpath '/var/qmail/control'
smtphost x.x.x.x

username user password mypass is This email address is being protected from spambots. You need JavaScript enabled to view it. here

The hard part is pretty much over. Now what we need to do is add the qmail-filtering mechanisim to /etc/smtp or if you’re using John Simpsons qmail-smtpd/run file. It would be /etc/tcp/smtp so we’ll want to modify the following entry in it:

127.:allow,RELAY="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl",QS_SPAMASSASSIN="on"

If you’re using the qmailrocks standard qmail-smtpd/run file, just type in qmailctl cdb.

If you’re using the John Simpson qmail-smtpd/run file, type in the following:

# cd /etc/tcp

# gmake

Start fetchmail by typing:

# fetchmail -d 300 -L /var/log/fetch

the -d switch tells fetchmail to check the mail every 300 seconds (Every 5 mins) and the -L tells the log file path. The log file is optional. If you check the log file, it should start pulling messages.

You should be off and running!

Page 18 of 23