Your Linux Data Center Experts

vPostMaster Frequently Asked Questions

  1. Why can't I check my email?
  2. Why can't I send outgoing E-mail? The mail server responds "Recipient address rejected: No such domain."
  3. I'm getting the following warning in my maillog: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
  4. How do shell users get their E-mail? I can log in via SSH or on the console, but why not via the web or POP/IMAP? Why can't my mail users log in to a shell?"
  5. Where are the aliases?
  6. I have 64MB of RAM, can I run vPostMaster? How?
  7. How do I upgrade to the commercial version of vPostMaster?
  8. I can check mail, but when I send a message my email client freezes.
  9. We got on a spam blacklist because the server name is showing up as "localhost.localdomain". How do I fix this?
  10. I'm running qmail and vpopmail, what does it take to migrate to vPostMaster?
  11. I want to migrate from another software package to vPostMaster. How do I do it?
  12. How do I authenticate ProFTPd via vPostMaster?
  13. PRO: What support is included with the "Pro" version?

Q) Why can't I check my email?

A) Many mail systems only handle mail for one domain, so they only need you to login with your username. Because vPostMaster may handle mail for many domains, by default, it needs both the username and domain name when logging in. For example: if your username is johndoe and your mail account is part of the example.com domain, you will need to use johndoe@example.com as your username to log in.

Administrators with root access to the system may configure a default domain name so that users of the default domain do not need to specify the domain name when logging in. To configure the default domain, on Red Hat, Fedora, or CentOS systems, edit /etc/dovecot.conf, on Debian or Ubuntu systems edit /etc/dovecot/dovecot.conf and add a line like this:

auth_default_realm = "example.com"

where "example.com" is the name of your default domain. You will then need to tell the dovecot service to reread the configuration file for the change to take effect. Run:

kill -HUP `cat /var/run/dovecot/master.pid`

Q) I'm getting the following warning in my maillog: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory

These are warnings, not errors. Presumably, you could get rid of these warnings by creating the sasldb2, however they will not prevent the normal functioning of your SMTP authentication. I see these messages on my test box. However, the next messages which are displayed are:

Dec 12 12:37:41 mail imap-login: Login: user at example.com [127.0.0.1]
Dec 12 12:37:41 mail postfix/smtpd[18727]: D2B9C282D3:
   client=host[IPADDR], sasl_method=PLAIN, sasl_username=user at example.com

These are the SASL IMAP authentication messages which indicate that the SMTP connection has been authenticated by SASL. So, the warnings you sent are not causing problems.


Q) Why can't I send outgoing E-mail? The mail server responds "Recipient address rejected: No such domain."

A) Outgoing SMTP mail sent through the server must be authenticated with SMTP AUTH before you can send. If you do not authenticate, the system can't tell your mail apart from spammers trying to use your system as a relay.

To configure SMTP AUTH in your mail client, go into the SMTP server settings and enable the authentication settings.

For example, in Thunderbird, right click on the account, go to Properties, go down to "Outgoing Server (SMTP)", click on the server name and click "Edit". On this page you should check the box which says "Use name and password" and enter your full E-mail address in the "User Name" field. This will require that you enter your password when you send E-mail (at least the first time).


Q) How do shell users get their E-mail? I can log in via SSH or on the console, but why not via the web or POP/IMAP? Why can't my mail users log in to a shell?

A) vPostMaster does not use system accounts for mail storage. This is for security reasons. There is a single system user "vpostmaster" which all mail is stored under. The benefit is that a user getting their mail via unsecured POP does not reveal a login which may be able to be used by a third party listening on the Internet connection to log into your mail server. It also means that you don't have to trust your mail users with local accounts (which opens up many security holes).

However, this also means that if you have shell users, they can't just run "mail" and read their messages stored in vPostMaster accounts. The best solution for this may be to use a command-line client such as "mutt" which supports reading E-mail via IMAP or POP.

Alternately, you can forward mail in vPostMaster to an address in a domain listed in the "mydestination" line of "/etc/postfix/main.cf". Often this may be "local.<SYSTEM_NAME>". If you forward mail to this domain, it will be delivered via the Unix mailbox for that user, after going through vPostMaster.


Q) Where are the aliases?

A) vPostMaster can be configured to use literal aliases. Information on doing this is provided at the end of this FAQ entry. However, before doing that realize that vPostMaster was designed so that you don't need aliases.

vPostMaster treats every address the same. Aliases in traditional mail systems are a special-case which can easily be overlooked. vPostMaster side-steps this issue by treating all mail addresses the same. The functionality of aliases is implemented through the account settings on the "alias" account.

To create a traditional alias, simply create a user with the appropriate account name, and configure it such that "Local delivery" is disabled, and "Forward To" lists one or more destination addresses to forward to.

In the case of a single "Forward To" address, with no "Local delivery" vPostMaster internally treats this as an alias, picking up all account settings and rules from the destination account. If local delivery is on, or mail is forwarded to more than one user, the account settings for the alias account are used. This is because in these cases, delivery is going to multiple destination accounts, so there is no single set of rules to apply except for the alias account rules.

If you really want literal aliases, there is a "Recipe" on the vPostMaster web site about how to set up aliases with vPostMaster.


Q) I have 64MB of RAM, can I run vPostMaster? How?

A) vPostMaster will run on a system with 64MB of RAM, but there's little space left over. You should expect to more-or-less dedicate a 64MB system to vPostMaster, you won't want to be running VNC, PHP bulletin boards, etc...

Using default values on systems with limited memory will mostly likely cause the system to become non-responsive due to thrashing, and may also cause the "out of memory" handler in the kernel to kill off little-used processes like the SSH daemon. Not what you want to have happen.

The primary thing is to configure the number of instances that get run. This definitely impacts performance, so don't expect a small memory system to handle lots of E-mail.

Limit the number of instances of the vPostMaster programs that run by modifying "/etc/postfix/master.cf". In there you will find lines starting with "vpm-pfpolicy" and "vpm-pftransport". The 7th column should be either a number or a "-" (dash). This is the last column before the word "spawn" or "pipe". Change this column to "1".

Another thing you may wish to limit in "master.cf" is the line starting with "smtp". The default is to allow 100 concurrent incoming SMTP connections. On a small memory system you probably should push this down to 10 to 50.

Note there are two "smtp" lines, one has "inet" as the "type" column, that is for incoming connections. The second has type "unix" and relates to outgoing connections. In general, you will want more incoming than outgoing connections (to be able to handle incoming spam attacks). A good starting point is to set the outgoing connections to half the incoming value set above.

SpamAssassin uses a huge amount of resources. Limit the number of simultaneous "spamd" daemons by setting the "-m" option when SpamAssassin starts. Limit this to the same as the number set for vpm-pftransport above.

On Red Hat and similar systems, this may be limited by editing "/etc/sysconfig/spamassassin" and changing the "-m" option to "SPAMDOPTIONS". On Debian systems, the file is "/etc/default/spamassassin" and you change the "OPTIONS" line.

After making these changes, run:

/etc/init.d/postfix restart; /etc/init.d/spamassassin restart

Finally, if you are using the system only for vPostMaster, you should limit the number of simultaneous Apache processes as well. Apache can easily use 2 to 5MB per instance. In the Apache configuration, use the following values:

StartServers 1
MinSpareServers 1
MaxSpareServers 1
ServerLimit 5
MaxClients 5

You will need to restart Apache after making these changes. On Fedora, Red Hat, and CentOS systems, "/etc/init.d/httpd restart" should do it. On Debian and Ubuntu systems, "/etc/init.d/apache2 restart" is the command you usually want.


Q) How do I upgrade to the Pro version of vPostMaster?

A) If you have not already paid for a Pro license, please order one using our secure order form. After your payment has been processed, you will receive an email with a username and password and instructions on adding this to your distribution sources file, if applicable.

The upgrade to the commercial version involves:

All existing users and data will be preserved through the update.


Q) I can check mail, but when I send a message my email client freezes.

A) This chilling problem can occur if your password contains single or double quotes. This is a bug in some SASL implementations, if you are effected the best bet would be to change your password to not have a quote in it.

To change your password, visit the vpostmaster page for your domain (http://example.com/vpostmaster/ where example.com is your domain name), log in with your current username@domain name and password, and use the password fields on the Edit user page to change your password to something that doesn't have quote characters in it.


Q) We got on a spam blacklist because the server name is showing up as "localhost.localdomain". How do I fix this?

A) This name is controlled by the setting of "myhostname" in "/etc/postfix/main.cf". On many systems it is pulled from the systems host name when it's set up, and that's where the "localhost.localdomain" comes in. You can change this by using "postconf -e myhostname=mail.example.com" and then restarting Postfix ("/etc/init.d/postfix restart").

Be careful to ensure that the "mydestination" does not include "$myhostname" though. See the current setting by running "postconf mydestination". If "mydestination" ends up with one of your vPostMaster domains in it, mail to those domains will be delivered to local system users, not to vPostMaster.

For this reason, the vPostMaster install process removes "$myhostname" from "mydestination".


Q) I'm running qmail and vpopmail, what does it take to migrate to vPostMaster?

vpopmail and vPostMaster both use Maildir format mail storage, so conversion of the user mail folders won't be necessary. Also note that vPostMaster provides a script called "vpmuser" which can be called from the command line to create new users easily from the command-line, instead of having to use the web interface.

First thing you would need to do is set up the domain(s) that are in vpopmail. Be sure to configure the defaults as you would like them, because newly created users will pick up those defaults. Now, add the users, including any aliases. Note that vPostMaster does not have the idea of an alias being distinct from a user. Everything is treated as an address, and some addresses forward, some addresses have local delivery, some have both.

Once you have a user created, you should be able to copy their "/home/vpopmail" user directory over to their "/var/spool/vpostmaster" directory. For example, the address "user@example.com" would have the vPostMaster home directory "/var/spool/vpostmaster/domains/ex/example.com/mailboxes/us/user/". Under that directory is a "Maildir" directory.

After the copy, make sure everything is owned by the "vpostmaster" user. For example: "chown -R vpostmaster /var/spool/vpostmaster".

Warning: It's recommended you not do this on your production mail server, because a migration can cause lost e-mail until issues are tested and resolved. It is best if you can set up a second mail server with vPostMaster, and install things there while the old one is still live, and test. Doing a live migration on a single machine can be done, but is very tricky to get right without losing mail.


Q) I want to migrate from another mail server to vPostMaster. How do I do it?

The way I'd do it is to leave the mail server up and do an initial rsync to a temporary location on the new server. Create the scripts to create the new accounts and migrate messages from the old maildirs to the new ones, and then test it on the temporary copy. Once you have that all working, and are ready to do the migration, do another rsync of the changed data. Then shut down POP/IMAP/Webmail/SMTP on the old mail server and do a final rsync. Now run the conversion process.

During doing this, you should get an idea of how long the later rsync and the account conversion process will take. You don't shut down the mail server until the very last part of the process, so mail server availability is impacted the minimum amount of time.


Q) How do I authenticate ProFTPd against the vPostMaster user database?

ProFTPd has a module which allows using a PostgreSQL database to authenticate users. You will need to set up the ProFTPd VirtualHost stanza as in the example below to make it work. Note that the bold names are values you have to fill in:

<VirtualHost IP ADDRESS>
  Port 21
  SQLAuthenticate users
  SQLConnectInfo vpostmaster@127.0.0.1:5432 vpostmaster VPOSTMASTER PASSWORD
  RequireValidShell off
  SQLAuthTypes crypt
  #  MAKE THE FOLLOWING 3 LINES INTO ONE LONG LINE
  SQLNamedQuery vpmuser SELECT "name, cryptedpasswd, '523', '524',
     'HOME DIRECTORY BASE NAME/%U', '/dev/null' FROM users
     WHERE (name=\'%U\') AND (domainsname='DOMAIN NAME') LIMIT 1"
  SQLUserInfo custom:/vpmuser
  DefaultRoot ~
</VirtualHost>

NOTE: The SQLNamedQuery line above needs to be joined into a single long line.

Note that ProFTPd doesn't have a way for you to enter a domain name for the user, so you would need to set up IP-based virtuals and hard-code the domain name with the IP. Also note that the above uses an FTP home directory in a different home directory than the vPostMaster mail directory. If you were to use an FTP directory in the mail directory, you would not have to hard code the path to the FTP directory.


Q) PRO: What support is included with the "Pro" version?

A) The "Community" version includes community support via the vPostMaster mailing list and list archives, as well as the vPostMaster web site.

The "Pro" version includes support from tummy.com, ltd. Our staff will help you with the installation and configuration of vPostMaster.