Blue Flower

The instructions below will backup all users and emails. This will NOT copy over ezmlm lists. This may happen in future releases.

On the old mailserver:

fetch http://goodcleanemail.com/files/tarballs/vpopmail_server_import_export.tgz
tar zxvf vpopmail_server_import_export.tgz
cd import
run backupemail.sh > output
create /home/backups/vpopusers
run CreateVPOPUserBK.sh
This places all the backups of vpopmail into the /home/backups/vpopusers dir
before you scp this folder over to the new server, make SURE you chown the user:group to the user you will scp it over to

On the new mailserver run the following commands but before you import the users it would be a good idea to disable validrcptto in qmail-smtpd/run and then restart qmail. Import the users and then enable validrcptto and then rebuild the validrcptto.cdb file as you did in my vpopmail instructions.

fetch http://goodcleanemail.com/files/tarballs/vpopmail_server_import_export.tgz
tar zxvf vpopmail_server_import_export.tgz
cd export
scp over the output file from the old mail server
mkdir /home/backups/vpopusers
Please note: Depending on how many domains/users there are, the next few commands can take several hours. Please plan accordingly.
scp the /home/backups/vpopusers from the old mail server to /home/backups/vpopusers on the new server
run output (This will create all the domains/users)
run RestoreTheUserDir.sh (This will restore all users folders)

Monday, 06 July 2015 01:08

Removing old vpopmail user accounts easily

Written by

I was thinking about how much space was getting used up by inactive e-mail accounts just collecting spam or whatnot and I wondered if there was a tool to remove users that hadn't authenticated with vpopmail in a long time as shown in vqadmin next to each username under the column 'Last Logon' not knowing there was a tool to do this for me I did all of my removals by hand until I just couldn't take it anymore and decided I would just see if there was a binary that came with vpopmail to do this for me which there was! It's easy to use as well and saved me so much time.

You should be able to find the binary here /home/vpopmail/bin/vdeloldusers, you can easily incorporate a crontab to run every week to remove old e-mail accounts like I've done.

Just to remove e-mail accounts that haven't been authenticated in 6 months or 180 days you just execute...

# /home/vpopmail/bin/vdeloldusers -a 180 -e -D (this will remove all e-mail accounts that haven't been used in 180 days or 6 months on every virtual domain you host)

To see what would be removed you can easily just execute...

# /home/vpopmail/bin/vdeloldusers -a 180 -e -V (this will show you every virtual domain that you host with inactive e-mail accounts without removing them)

Just running /home/vpopmail/bin/vdeloldusers will give you all the options you can pass to it so don't be afraid to use this binary! I was a little hesistant at first since I host so many domains but it works like a charm, I didn't know if it would update the last logon when a user is just using webmail/imap authentication but it did and of course it updates when a user does smtp authentication that was what I was kind of skeptic about but it works great!

I needed to figure out how I was using so much disk space and was looking for a quick way to tell me which domain was the culprit to the usage and since I never really did any domain or user quota settings which I should of and still will eventually I was needing a quick way to tell so this is the fastest way I could find and the best output.

# du -ksh /home/vpopmail/domains/*

If you wanted you could pretty much add this to your qmail stats if you wanted to monitor the disk usage for your virtual domains, you can easily get down into the mailboxes disk usage as well just change the command to something like..

# du -ksh /home/vpopmail/domains/myhosteddomain.com/*

Just some helpful things I've found to help myself and hopefully you as well.

Monday, 06 July 2015 01:07

How to backup vpopmail with rsync/ssh

Written by

Setting up vpopmail with rsync and ssh

The reason why vpopmail just doesn't work with rsync is mainly because vpopmail has a chmod of 700 which means only the owner, vpopmail, can read it or root if you're logged in that way. Here is how to rsync vpopmail over a ssh connection.

Part of this documentation was taken from http://jms1.net/ssh.shtml and also http://www.qmailinfo.org/index.php/ExampleRsyncScripts and https://wiki.archlinux.org/index.php/SSH_keys#Ed25519

Setting up the ssh keys

On the server, Open up /etc/ssh/sshd_config and add PermitRootLogin without-password. Then you will want to restart sshd by running killall -HUP sshd. You will get kicked out of your terminal. If all is well, You should be able to login again. Root is now allowed to login only via a ssh key. Don't worry, there is some added security in the document as well.

The first thing we will want to do is generate the key on the client, or backup, machine. Run the following command:

ssh-keygen -t ed25519 -b 1024 -f id_dsa_vpopmail -C 'Some comment'

When you see 'Enter passphrase (empty for no passphrase):' Just hit enter and then when you see the confirmation that says 'Enter same passphrase again:' just hit enter again. After a few seconds, it should give you an output similar to the following:

Your identification has been saved in id_dsa_vpopmail.
Your public key has been saved in id_dsa_vpopmail.pub.
The key fingerprint is:
88:da:e8:4c:50:5d:c5:95:b9:1e:6e:8f:96:82:c0:19 Some Comment

Now, the id_dsa_vpopmail.pub is the file we need to ssh over to your server. Here are the steps you will want to follow to get this over to your server to allow root logins via ssh:

# scp id_dsa_vpopmail.pub user@server:
user@server's password:
id_dsa_vpopmail.pub |********************| 0 0:00
# ssh user@server:
user@server's password:
(You have to be root at this point to do the following steps)
# cat id_dsa_vpopmail.pub >> ~root/.ssh/authorized_keys2
# chmod 600 ~root/.ssh/authorized_keys2
# exit

This is not the only way to get the public key file into place. You could also copy it on a floppy disk, or email it to the system administrator and have them install it for you (remember this is the PUBLIC key, there is no security risk in sending it via normal email.)

Note that you can have multiple keys listed in the .ssh/authorized_hosts2 file- this is why the public keys have comments at the end, so you can easily tell which line in the file corresponds to which key.

To add a bit more security on the server, will will want to change the /root/.ssh/authorized_keys2 to look like so:

command="/root/.ssh/rsync-key" ssh-dss AAAAB3NzaAAA4fobEeQMoC6vRInbeNy5PukQ5fAkCc+Vr...

Then this is what is in the /root/.ssh/rsync-key file:

#!/bin/sh
logger -t ssh-command "$SSH_ORIGINAL_COMMAND"
echo $SSH_ORIGINAL_COMMAND > /tmp/work.$$
if ! grep -q '^rsync --server ' /tmp/work.$$
then
logger -t rsync-key INVALID COMMAND ""$SSH_ORIGINAL_COMMAND""
exit 1
fi
rm /tmp/work.$$
exec $SSH_ORIGINAL_COMMAND

Then we need to chmod it properly so it runs:

chmod 755 /root/.ssh/rsync-key

Backing up vpopmail

Now that we have the keys in place for rsync via ssh to work, we can now setup a script to automate this for us and then we can put it into cron. Here is my script for this. I will call this vpopmail-backup.sh:

#!/bin/sh
echo `date` starting >> /var/log/vpopmail-backup.log
rsync -aS --delete -e /path/to/backup-vpopmail-ssh root@HOST:/usr/home/vpopmail/ /backup/vpopmail/location
echo `date` done >> /var/log/vpopmail-backup.log

The '/path/to/backup-vpopmail-ssh' in the above file has this in it:

#!/bin/sh
unset SSH_AUTH_SOCK
exec /usr/bin/ssh -i /path/to/id_dsa_vpopmail $*

Now we want to setup the chmod for the following files:

chmod 755 vpopmail.sh
chmod 755 backup-vpopmail-ssh

Now lets give it a test!

./vpopmail.sh

If all goes well, It should pause there for a minute and then it will come back to the prompt. Check your vpopmail log in /var/log/vpopmail-backup.log and see if it started and stopped correctly.

Monday, 06 July 2015 01:06

How to get imap to work with mysql/vpopmail

Written by

If you have installed courier, stop all the courier services and remove startup scripts, config files, etc. Then, Follow the Slackware method for installing imap and it should work fine. You will need to add --with-mysql to the configure command in order for mysql authentication to work.

Monday, 06 July 2015 01:05

Setting up SMTP with TLS

Written by

Copied with permission from:
John Simpson
http://qmail.jms1.net/smtp-service.shtml
http://qmail.jms1.net/tls-auth.shtml

This service only accepts mail from authorized clients- it requires the AUTH command before accepting any messages. It also requires STARTTLS before the AUTH command may be entered. This makes an ideal "SMTP relay service" for your authorized users.

You must be using John Simpsons qmail patch in order for this to function properly.

# cd /var/qmail/supervise
# mkdir -m 1755 qmail-smtpd-tls
# cd qmail-smtpd-tls
# fetch http://goodcleanemail.com/files/run.smtp.sslserver
# mv run.smtp.sslserver run
# vi run

This will start up a text editor on the script. I prefer nano, but you are free to use pico, vi, emacs, or any other text editor you like. Set the options as needed for your service. The file itself contains documentation on the options you can set.

You should set the following values:

IP=1.2.3.4  Substitute your own IP address. Do not leave this set to 0 without a good reason.
PORT=587  Set the port number we will be listening on.
SSL=0  Do not run an SSL-only service.
FORCE_TLS=1  Refuse to accept mail from clients who have not done STARTTLS.
DENY_TLS=0  Do not refuse to process the STARTTLS command.
AUTH=1  Allow the AUTH command after STARTTLS has been completed.
REQUIRE_AUTH=1  Refuse to accept mail from clients who have not done AUTH.

Once you are finished editing and have saved the file...

# chmod 700 run
# mkdir -m 755 log
# cd log
# fetch http://goodcleanemail.com/files/service-any-log-run
# mv run.log run
# chmod 700 run

Setting up the tcpserver access files

If you have already setup the Makefile, skip down to Creating the smtp file

I do something a little different with my tcpserver access control files than most other people. Instead of calling the files /etc/tcp.smtp and /etc/tcp.smtp.cdb (the files are in /etc/ and have names which start with "tcp.") I call them /etc/tcp/smtp and /etc/tcp/smtp.cdb. The idea is that /etc/tcp is a directory containing all of my tcpserver access control files, along with a Makefile which rebuilds any out-of-date cdb files whenever their source text files have been updated.

If you use the "run" scripts from my web site, you will find them written this way. Of course you can edit the scripts and change the filenames if you like, but I have found this to be a much easier way to administer the control files (I use tcpserver for a lot more than just qmail.)

To set this up on your own server...

These commands should be run as root.
# mkdir -m 755 /etc/tcp
# cd /etc/tcp
# fetch http://goodcleanemail.com/files/etc-tcp-makefile
# mv etc-tcp-makefile Makefile

Creating the smtp file

At this point it should be ready to go- all you need to do is create the "smtp" file, containing the normal access control list. It may look something like this:

127.:allow,RELAYCLIENT=""
:allow

run

# gmake

or if you're not using FreeBSD

# make

Finally:

# cd ~vpopmail/bin
# chown vpopmail:vchkpw vchkpw
# chmod 6711 vchkpw

The final step is to start the service running.

# ln -s /var/qmail/supervise/qmail-smtpd-tls /service/

Wait about ten seconds, and then make sure the service is running correctly.

# svstat /service/qmail-smtpd-tls
/service/qmail-smtpd-tls: up (pid 25183) 6 seconds

The number of seconds should be two or greater, and if you re-run the same command again, you should see the count going up rather than cycling back to zero. If the count never passes three, or if the service is not listed as "up" to start with, check the logs to see what's going on.

# tail log/main/current

Page 12 of 23