<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<!-- THIS PAGE IS AUTOMATICALLY GENERATED. DO NOT EDIT. -->
<!-- Mon Feb 9 14:16:03 2004 -->
<!-- USING HT2HTML 2.0 -->
<!-- SEE http://ht2html.sf.net -->
<!-- User-specified headers:
Title: tmda-ofmipd + VPopMail/VMailMgr HOWTO
-->
<head>
<title>tmda-ofmipd + VPopMail/VMailMgr HOWTO</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="generator" content="HT2HTML/2.0">
<style type="text/css">
body { margin: 0px; }
</style>
</head>
<body bgcolor="#ffffff" text="#000000"
marginwidth="0" marginheight="0"
link="#0000bb" vlink="#551a8b"
alink="#ff0000">
<!-- start of page table -->
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<!-- start of banner row -->
<tr>
<!-- start of corner cells -->
<td width="150" valign="middle" bgcolor="#afeeee" class="corner">
<center><font size="+2"
>>>> TMDA </font></center> </td>
<td width="15" bgcolor="#cccccc"> </td><!--spacer-->
<!-- end of corner cells -->
<!-- start of banner -->
<td width="90%" bgcolor="#cccccc" class="banner">
<!-- start of site links table -->
<table width="100%" border="0"
CELLSPACING=0 CELLPADDING=0
bgcolor="#ffffff">
<tr>
<td bgcolor="#cccccc">
<a href="./index.html">Home</a>
</td>
<td bgcolor="#cccccc">
<a href="./trouble.html">Help</a>
</td>
<td bgcolor="#cccccc">
<a href="tmda-cgi">TMDA-CGI</a>
</td>
<td bgcolor="#cccccc">
<a href="http://sourceforge.net/projects/tmda">SourceForge</a>
</td>
</tr><tr>
<td bgcolor="#cccccc">
[ <a href="http://www.au.tmda.net/" title="Australia Mirror">AU</a> | <a href="http://www.de.tmda.net/" title="Germany Mirror">DE</a> | <a href="http://www.it.tmda.net/" title="Italy Mirror">IT</a> | <a href="http://www.pl.tmda.net/" title="Poland Mirror">PL</a> | <a href="http://www.us.tmda.net/" title="USA Mirror">US</a> mirror ]
</td>
<td bgcolor="#cccccc">
<a href="http://tmda.net/faq.cgi">FAQ</a>
</td>
<td bgcolor="#cccccc">
<a href="http://wiki.tmda.net/">Wiki</a>
</td>
<td bgcolor="#cccccc">
<a href="http://www.cafeshops.com/TMDA/">Store</a>
</td>
</tr>
</table><!-- end of site links table -->
</td><!-- end of banner -->
</tr><!-- end of banner row -->
<tr><!-- start of sidebar/body row -->
<!-- start of sidebar cells -->
<td width="150" valign="top" bgcolor="#cccccc" class="sidebar">
<!-- start of sidebar table -->
<table width="100%" border="0" cellspacing="0" cellpadding="3"
bgcolor="#ffffff">
<tr><td bgcolor="#191970"><b><font color="#ffffff">
About
</font></b></td></tr>
<tr><td bgcolor="#cccccc">
<a href="index.html">Introduction</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="history.html">History</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="features.html">Features</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="challengeresponse.html">Challenge / Response</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="donations.html">Donations</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="http://wiki.tmda.net/index.cgi/TmdaAdvocacy">Advocacy</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<tr><td bgcolor="#191970"><b><font color="#ffffff">
Install
</font></b></td></tr>
<tr><td bgcolor="#cccccc">
<a href="requirements.html">Requirements</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="download.html">Download</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="install.html">Installation</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="upgrade.html">Upgrading</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<tr><td bgcolor="#191970"><b><font color="#ffffff">
Configuration
</font></b></td></tr>
<tr><td bgcolor="#cccccc">
<a href="config.html">Overview</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="config-pre.html">Pre-Config</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="config-server.html">Server Config</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="config-client.html">Client Config</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="config-vars.html">Config Variables</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="config-filter.html">Filter Spec</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="filter-sources.html">Filter Sources</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="howto-template.html">Templates</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<b>Virtual Domains</b>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="tmda-ofmipd.html">tmda-ofmipd</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="http://wiki.tmda.net/index.cgi/TmdaHowtos">User HOWTOs</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<tr><td bgcolor="#191970"><b><font color="#ffffff">
Support
</font></b></td></tr>
<tr><td bgcolor="#cccccc">
<a href="trouble.html">Help</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="http://tmda.net/faq.cgi">FAQ</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="http://wiki.tmda.net/index.cgi/TmdaMailingListsAndNewsgroups">Lists & Newsgroups</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="http://wiki.tmda.net/index.cgi/TmdaMailingListArchives">List Archives</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="http://wiki.tmda.net/index.cgi/TmdaCommercialSupport">Commercial Support</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="http://wiki.tmda.net/index.cgi/TmdaDocumentation">External Docs</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="http://wiki.tmda.net/">TmdaWiki</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<tr><td bgcolor="#191970"><b><font color="#ffffff">
Miscellaneous
</font></b></td></tr>
<tr><td bgcolor="#cccccc">
<a href="http://wiki.tmda.net/index.cgi/TmdaMirrors">Mirrors</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="logos.html">Logos</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<a href="http://www.cafeshops.com/TMDA/" TARGET="Resource Window">Merchandise</a>
</td></tr>
<tr><td bgcolor="#cccccc">
<tr><td bgcolor="#191970"><b><font color="#ffffff">
Contact
</font></b></td></tr>
<tr><td bgcolor="#cccccc">
<a href="mailto:tmda-users@tmda.net">TMDA Users List</a>
</td></tr>
<tr><td bgcolor="#cccccc">
</td></tr>
<tr><td bgcolor="#cccccc">
© 2001-2004
</td></tr>
</table><!-- end of sidebar table -->
</td>
<td width="15"> </td><!--spacer-->
<!-- end of sidebar cell -->
<!-- start of body cell -->
<td valign="top" width="90%" class="body"><br>
<h1>tmda-ofmipd + VPopMail or VMailMgr</h1>
<hr>
In this HOWTO I will assume you are comfortable with basic UNIX skills
and understand things like UIDs, home directories and so forth. If
you are not, you should get a good UNIX tutorial/reference and
learn about the basics. You should definitely not try to administer
something as complicated as a mail server, particularly one serving
multiple domains, until you are on speaking terms with UNIX.
<h2>Virtual Domains Background</h2>
Virtual domains are a neat feature of qmail where a single UID can
control all the email addresses within a given domain. VPopMail and
VMailMgr are add-ons to qmail's virtual domain system that provide
POP/IMAP authentication and user/password management. In VPopMail's
case, a single UID can be used for all of the virtual domains on the
system.
<p>
A common situation on the Internet today is that people don't read
mail from shell accounts. Instead, they are running machines without
a local MTA and they retrieve their mail via POP or IMAP. Thus we
have mailhubs, where mail is delivered to a POP or IMAP mailbox but
the individual users never log in to a shell.
<p>
Both virtual domain managers (VDMs) come with a program that can
authenticate a user/password combination as provided by the user's
MUA. This makes it possible to set up a POP or IMAP server with
authentication provided by the VDM. So by using one of the VDMs, you
can have private, authenticated POP/IMAP mailboxes in one or more
domains on a single mailhub.
<p>
VMailMgr implements virtual domains using a separate UID for each
domain. VPopMail can do the same, but in a typical installation all
virtual domains are under a single UID, often 'vpopmail'. Normal mail
delivery is accomplished in either case through a .qmail-default file
and a custom delivery program that is part of the VDM package.
<p>
Each of the VDMs also comes with a utility program that can provide
the path to the virtual user's home directory. In VPopMail's case,
the home directory is named for the user and contains the private
Maildir directory. VMailMgr, on the other hand, names the maildir
itself after the user account ('tim' rather than 'Maildir') and it is
that maildir directory that TMDA uses as the home directory under
VMailMgr.
<p>
A simple script can parse the output of these utility programs and
print the virtual user's home directory. The output of the script is
captured by either tmda-filter or tmda-ofmipd and used to set the
$HOME environment variable. From that point on, the '~' notation in
TMDA's config file and filter files will refer to the virtual user's
home directory.
<p>
This means that the default settings for many of TMDA's configuration
variables will work naturally in a virtual domain environment. TMDA
will expect to find each user's .tmda/ directory in the $HOME
directory. There is no need to set DATADIR, FILTER_INCOMING or
FILTER_OUTGOING, for example, if you are satisfied with the default
path settings.
<p>
Two sample scripts are provided in the tmda/contrib directory, called
vpopmail-vdir.sh and vmailmgr-vdir.sh, which will work in most
installations. If you wish to store your users' TMDA configuration
files somewhere other than <virtual_home_dir>/.tmda/, you can
easily write a different script.
<h2>tmda-filter</h2>
The tmda-filter program has a command-line option for use with virtual
domains.
<p>
<blockquote><code>
-S <script><br>
--vhome-script <script>
</code></blockquote>
<p>
You give the name of the script that prints the virtual user's home
directory as the argument to this option. tmda-filter
will use the output of the script to set $HOME before either
Defaults.py or the user's config file are loaded, thus ensuring that
tilde (~) expansion refers to the correct home directory.
<p>
Because of this processing, you no longer need to explicitly specify
the user's configuration file and therefore you do not need separate
.qmail-<user> and .qmail-<user>-default files. All users can be
handled from the .qmail-default file installed by VPopMail or
VMailMgr. Of course, if you expect that only some of your users will
use TMDA, you will need to leave the .qmail-default file alone and
create separate files for those users who use TMDA.
<p>
Finally, tmda-filter may be unable to find the user's home directory.
For example, this will be the case for mail sent to a bogus address in
the domain. If tmda-filter is unable to find the user, it will exit
with a 0 return code, allowing further processing in the .qmail-*
files to occur. It is recommended that you leave the DELIVERY
configuration variable set to the default ('_qok_') and place the VDMs
delivery program after the line that runs tmda-filter. VPopMail
example:
<p>
<i>.qmail-default</i>:<br>
<code>
| preline tmda-filter -S ~vpopmail/bin/vpopmail-vdir.sh<br>
| vdelivermail "" bounce-no-mailbox
</code>
<h2>tmda-ofmipd</h2>
The tmda-ofmipd program has two command-line options to assist in
running it in a virtual domain environment. The first is:
<p>
<blockquote><code>
-S <script><br>
--vhome-script <script>
</code></blockquote>
<p>
This works the same way as the corresponding option for tmda-filter.
Setting it to a script that prints the virtual user's home directory
will cause tmda-ofmipd to set the $HOME directory before running
tmda-inject to process and send the mail.
<p>
The second command line option is normally not necessary. Some Linux
distributions, such as Debian, may need it, though. It is:
<p>
<blockquote><code>
-v <path_to_qmails_virtualdomains_file><br>
--vdomains-path <path_to_qmails_virtualdomains_file>
</code></blockquote>
<p>
This is the path to qmail's 'virtualdomains' file.
Qmail is normally installed in /var/qmail and 'virtualdomains' is
found in /var/qmail/control/virtualdomains. This is the location that
tmda-ofmipd assumes, so if this is the correct path for your system,
you don't need to set this option.
<p>
Some Linux distributions place qmail in /usr/local instead. If your
qmail installation is not in /var/qmail, you will need to give this
option to tmda-ofmipd and specify the full pathname of the qmail
'virtualdomains' file.
<p>
The rest of this HOWTO is about tmda-ofmipd and is divided into two
sections: one for <a href="#vpopmail">VPopMail</a> and one for <a
href="#vmailmgr">VMailMgr</a>. Please read the appropriate one for
your installation, as the configuration is somewhat different for
each.
<h2><a name="vpopmail">VPopMail</a></h2>
All files, including the per-user TMDA configuration, filter and log
files, are owned by the vpopmail user. Therefore, you should run
tmda-ofmipd as the vpopmail user. <b>Do NOT use the -u (--username)
switch</b>. If you do this, the VPopMail support will not work!
<p>
Instead, use 'su' or 'sudo' to start tmda-ofmipd as the vpopmail
user. In the simplest case, as root, you can start tmda-ofmipd like
this:
<code><pre>
# su -l vpopmail -c '/path/to/tmda-ofmipd -S /path/to/vpopmail-vdir.sh'
</pre></code>
<p>
This assumes that the vpopmail user has a login shell. It also
assumes the default authentication mechanism, where tmda-ofmipd
searches the /home/vpopmail/.tmda/tofmipd file. You can use any of
the other authentication options (vchkpw, POP/IMAP/LDAP/etc.) and, if
you use the IP-based domains option in VPopMail, you can bind to all
IP addresses on the machine by specifying '-p 0.0.0.0:8025'.
<p>
For each user, be sure to create a .tmda/ subdirectory in the directory
printed by the --vhome-script. In a normal VPopMail/TMDA
installation, this will typically be:
<p>
<code>
/home/vpopmail/domains/example.com/<username>/.tmda
</code>
<p>
Then, run tmda-keygen for each user, placing the generated key in
.tmda/crypt_key as usual.
<p>
Alternately, TMDA can be automatically added to VPopMail accounts
using the vadduser-tmda script. Installation and usage instructions
are listed in the top of the script, which can be found in the
contrib directory of the TMDA source.
<p>
If you are satisfied with TMDA's default file locations for filters,
you can create a simple /etc/tmdarc and avoid creating and maintaining
individual user .tmda/config files. Here's an example:
<p>
<i>/etc/tmdarc</i>:<br>
<code>
import os<br>
<br>
BARE_APPEND = os.path.expanduser("~/.tmda/whitelist")<br>
CONFIRM_APPEND = os.path.expanduser("~/.tmda/whitelist")
</code>
<p>
Finally, create an outgoing filter file, '~/.tmda/filters/outgoing'.
The default outgoing action is 'dated'. You may want to use a default
of 'bare'. You can either set ACTION_OUTGOING to 'bare' in the user's
config or /etc/tmdarc or you can tag the messages in the outgoing
filter. A simple filter allowing the user to receive bounces and
using the latter technique to leave the user's From: header untagged
might look something like this:
<p>
<i>~/.tmda/filters/outgoing</i>:<br>
<code>
to-file ~/.tmda/whitelist bare<br>
to * tag envelope dated=10d from bare
</code>
<p>
This will cause email to all addresses in the whitelist to be sent
with a 'bare' From: header field. Unknown address will also be sent
with a 'bare' From: field and will tag the envelope sender with a
dated address so that bounces do not get stuck in the pending queue.
<h2><a name="vmailmgr">VMailMgr</a></h2>
Since each virtual domain is under the control of a different system
UID in the VMailMgr model, you should run tmda-ofmipd as root, so that
it can setuid to the correct user before running tmda-inject. A
typical command line might be:
<code><pre>
# /path/to/tmda-ofmipd -S /path/to/vmailmgr-vdir.sh
</pre></code>
<p>
This assumes the default authentication mechanism, where tmda-ofmipd
searches the /etc/tofmipd file. You can use any of the other
authentication options (checkvpw, POP/IMAP/LDAP/etc.) and, if you use
IP-based domains, you can bind to all IP addresses on the machine by
specifying '-p 0.0.0.0:8025'.
<p>
In a VMailMgr configuration, the system user that controls the virtual
domain has a home directory, e.g. for a username of 'example.com', the
home directory might be /home/example.com. In that directory is a
users/ subdirectory that contains a maildir for each user with the
same name as the user's email address: for instance,
/home/example.com/users/tim. As mentioned above, the directory that
tmda-ofmipd considers to be the user's home directory is the actual
maildir.
<p>
For each user, be sure to create a .tmda subdirectory in the directory
printed by the --vhome-script. In a typical VMailMgr/TMDA
installation, this might be:
<p>
<code>
/home/example.com/users/<username>/.tmda
</code>
<p>
Then, run tmda-keygen for each user, placing the generated key in
users/<username>/.tmda/crypt_key as usual.
<p>
If you are satisfied with TMDA's default file locations for filters,
you can use a simple /etc/tmdarc and avoid creating and maintaining
individual user .tmda/config files. Here's an example:
<p>
<i>/etc/tmdarc</i>:<br>
<code>
import os<br>
<br>
BARE_APPEND = os.path.expanduser("~/.tmda/whitelist")<br>
CONFIRM_APPEND = os.path.expanduser("~/.tmda/whitelist")
</code>
<p>
Finally, create an outgoing filter file, '~/.tmda/filters/outgoing'.
The default outgoing action is 'dated'. You may want to use a default
of 'bare'. You can either set ACTION_OUTGOING to 'bare' in the user's
config or /etc/tmdarc or you can tag the messages in the outgoing
filter. A simple filter allowing the user to receive bounces and
using the latter technique to leave the user's From: header untagged
might look something like this:
<p>
<i>~/.tmda/filters/outgoing</i>:<br>
<code>
to-file ~/.tmda/whitelist bare<br>
to * tag envelope dated=10d from bare
</code>
<p>
This will cause email to all addresses in the whitelist to be sent
with a 'bare' From: header field. Unknown address will also be sent
with a 'bare' From: field and will tag the envelope sender with a
dated address so that bounces do not get stuck in the pending queue.
</td><!-- end of body cell -->
</tr><!-- end of sidebar/body row -->
</table><!-- end of page table -->
</body></html>
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
4c2411a08c8df257138f687227a41525
>
files
>
108
