Retour à la page d'accueil

Mailadmin and beyond

This guide explains how to use the Drupal7 Mailadmin module. Starting from scratch, we obtain a running mail server, with a clean web administration interface. IMAP access is handled by Dovecot, and mail delivering by Exim4.

You'll need a working domain name.

Mailadmin
Consult mails
Receive mails

Mailadmin ^

First, install Drupal7 on a web server equipped with a PostgreSQL database.
Then, install and activate Mail admin which comes with the "Mail admin shared domain list" sub-module.

For this, you may have to intervene on your database to actually finish the installation. If you run into "PDOException : SQLSTATE[42704]: Undefined object: 7 ERROR language "plpgsql" doesn't exists ; HINT : use […] to load the language in the db" during the module activation, you'll need to log on your PostgreSQL Drupal database with sufficient privileges to pass this command :

create language plpgsql

Then, you'll be able to play again the module database setup script :

postgres@mail-server:~$ psql -f modules/mailadmin/database/setup.pgsql

After that, your module will be installed. You'll got a new E-mail administration link (/mailadmin) in your admin user profile page.

From here, you'll be able to do nothing, until you first set at least one domain in your "shared domain list".

Happily, the second module is dedicated to the management of this list, and you can reach its interfaces typing this address : /mailadmin/shareddomain/

Once you set some domains, they fill the lists of the main module, allowing you via some clicks in Drupal to define :

Thank you Mailadmin.

The module records these settings in a clean database, and that's all. It prevents evident unworkable settings to be input, but nothing more. It's just a good graphical web user interface on top of a database. To receive and consult e-mails, some work remains. We need to setup a mail transport agent to receive mails, and a pop/imap server to consult them from an e-mail client.

Mailadmin is known to work with Exim (MTA) and Dovecot (IMAP), with PostreSQL between the 3.

My example is based on Debian 6.

I assume that you successfully added a working-test-domain.fr in your shared domains list, and then a test-user@working-test-domain.fr mailbox.

I also assume that you are in a configuration where working-test-domain.fr is routable, and configured with an MX record pointing to the machine we work on. Get you a domain.

Consult mails ^

It may be a strange idea to try to consult e-mails before receiving them, but still, I unrolled things this way. So first : install dovecot.

I typed : aptitude install dovecot-imapd (as IMAP access would be enough to start with something).

As there is no magic in the universe, once dovecot is installed on your box, it requires some settings to run…

So I edited /etc/dovecot/dovecot.conf to uncomment some lines :

protocols = imap imaps
disable_plaintext_auth = no
mail_debug = yes
auth_verbose = yes
auth_debug = yes
auth_debug_passwords = yes
auth default {
    mechanisms = plain
[…]
    passdb sql {
        # Path for SQL configuration file
        args = /etc/dovecot/dovecot-sql.conf
    }
[…]
    userdb static {
        args = uid=5000 gid=5000 home=/var/vmail/%d/%n allow_all_users=yes
    }
[…]
}

Ok, that was fun until this last line : args = uid=5000 gid=5000 home=/var/vmail/%d/%n allow_all_users=yes

But your mails need to be stored somewhere on your machine hard-drive, and you have to choose where in order to tell dovecot where to find them.

So I followed this tutorial : http://workaround.org/ispmail/lenny/configure-dovecot

Which explains that you may create a "vmail" user (with uid=5000) on your system to store your mail in his special home directory :

$ groupadd -g 5000 vmail
# useradd -g vmail -u 5000 vmail -d /var/vmail -m

So did I, and following the tutorial I also set up in dovecot a mail_location variable defining sub-directories to store everyone e-mails in, with a simple domain/user_name/e-mails tree structure :

mail_location = maildir:/var/vmail/%d/%n/Maildir

So, now, you might understand this previous last line, which states that users can statistically be found with the permissions of user and group 5000 in a dynamically constructed path :

home=/var/vmail/%d/%n

Else, all the debug and verbose related stuff is mention here just for you to find out in your logs why it refuses to work when its broken. If everything works, you may comment it out to improve performances in production configuration.

But we're not done yet, as you noticed, this previous configuration file loads the dovecot-sql.conf file. There are three useful lines in my file :

# read your Drupal site settings.php to find the good values
connect = host=localhost dbname=[drupal-db-name] user=[drupal-db-user] \
    password=[drupal-db-passwd]
# to be true, this one might not be useful is our case
default_pass_scheme = SSHA256
password_query = \
  SELECT local_part AS username, domain_name AS domain, password, \
  home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
  FROM mailadmin_mailboxes WHERE domain_name = '%d' AND local_part = '%n'

Hum, I know, the complexity always appears in the last line… This one is an SQL statement, which aims to allow dovecot to retrieve the passwords of the existing users when someone tries to login and consult their mails. You did set these passwords up via Mailadmin, which stored it in your Drupal database. The fields need to be retrieved with these exact names. They are took from the "mailadmin_mailboxes" table (which is one of the 4 tables of the module). In fact, only the three fields of the first line are needed, the others are here because they exists in the database, and may be used in a prefetch configuration, but the Mailadmin module don't seem to manage them (at least yet…). The last part of the query ensure that you pick the right password.

Then, reload your dovecot configuration with :

# /etc/init.d/dovecot reload
Reloading IMAP/POP3 mail server: dovecot.

And you can test your connectivity from every machine connected to internet via, for instance :

mutt -f imap://test-user@working-test-domain.fr@working-test-domain.fr

Because, yes, mutt needs twice the @domain part to first know where to connect to, and then connect via a full e-mail address, for dovecot to split it into domain and local_part.

mutt may ask you to accept a certificate (for TLS authentication is you didn't set better certificates), and then your password. The level is complete when you successfully log on your new account.

Receive mails ^

As explained in the first part, your domain(s) have to route traffic to your machine. It's easy to verify it once you got a running exim4 instance on your box :

# aptitude install exim4-daemon-heavy

We chose to install the heavy version of the daemon because the light one don't have SQL support.

Then, at this point we know that we'll have a good time trying to tame exim to read deliver mails to our database-defined virtual local users.

Exim configuration can be divided into a lot of small files, or concatenated all in one. But in any cases, Debian also provide a "update-exim4.conf" system, based on the /etc/exim4/update-exim4.conf.conf file (not a joke !).

In this 1st file, it's possible configure some big parts :

dc_eximconfig_configtype='internet'
dc_local_interfaces='127.0.0.1 ; ::1 ; '
dc_use_split_config='false'

In my configuration, I let the rest in default state. So the main points are :

After modifications, run :

# update-exim4.conf

It's a script which manage to write the now configuration item where exim4 expects them.

Once exim is focused on the one-file conf, lets personalize it. Ok, it's a ~2000 lines file, but reading a first and modest tutorial : http://www.janoszen.com/2010/03/22/the-big-exim-tutorial/ you can start to understand how it works… It's divided in kinda chapters :

Before the first chapter, there are ~400 lines of "introduction settings", in which I added on top :

hide pgsql_servers = localhost/[drupal-db-name]/[base-user]/[base-user-password] :

It should work also with the socket version of exim/postgresql possible connexion :

hide pgsql_servers = (/var/run/postgresql/.s.PGSQL.5432)/[drupal-db-name]/[base-user]/[base-user-password] :

But authentication failed this way in my case.

Then, we must explain to exim how to get the domains to accept e-mails for :

domainlist local_domains = ${tr { ${lookup pgsql{SELECT DISTINCT domain_name \
	FROM mailadmin_shareddomains} } } {"\n"} {:} }

The inner SQL statement just retrieve the domains from the corresponding dedicated Mailadmin table (mailadmin_shareddomains), and present them in a colon-separated list. Other tutorials usually don't bother with this detail, but I didn't manage to avoid it. The trick comes from : http://gablog.eu/online/node/34.html

Then, even if Mailadmin does his best to avoid you entering twice the same domain in the list, it seemed prudent to enforce the DISTINCT SQL clause.

To finish here, it seems you need a primary_hostname :

primary_hostname=working-test-domain.fr

Then, I jumped to the end of the section routers. In this section, named router rules are defined. Debian comes with a lot of its own rules, but we have to add one to connect Exim with the database. Router rules work like coral polyps, trying to grab the e-mails received by Exim, deciding if they fit their delivering conditions.

mailadmin_domains:
  debug_print = "R: mailadmin_domains $local_part@$domain"
  driver = accept
  domains = +local_domains
  condition = ${lookup pgsql{SELECT local_part || '@' || domain_name \
    FROM mailadmin_mailboxes \
    WHERE domain_name = '${quote_pgsql:$domain}' \
    AND local_part = '${quote_pgsql:$local_part}'}}
  self = send
  transport = vmail_users

The three important things here are :

Our vmail_users transport rule, defined after the "begin transports" statement looks like :

vmail_users:
  driver = appendfile
  maildir_format = true
  directory = /var/vmail/$domain/$local_part/Maildir
  create_directory
  delivery_date_add
  envelope_to_add
  return_path_add
  user = vmail
  group = vmail
  mode = 0600

Important parts are :

My inspiration for this part came from :

Once you edited the config file, reload exim with :

/etc/init.d/exim4 reload

If it doesn't complain, you can try sending your first e-mail, and wait in your e-mail client to watch at its arrival.

But things can go wrong. When exim4 fails to reload, it writes a paniclog, that you have to remove yourself in order to avoid warnings about it's existence.

And, instead of waiting for your e-mail to come in your e-mail client, you may :

tail -F /var/log/syslog /var/log/exim4/mainlog

In order to read how the e-mail is handled by Exim, and if he is rejected for any reason.

Then, we still have two Mailadmin database tables unused :

At least, to instruct Exim what to do with theses information, we wont need transport rules. Lets defined two new sets of domains :

domainlist source_domain_aliases = ${tr { ${lookup pgsql{SELECT DISTINCT source_domain_name \
        FROM mailadmin_domain_aliases} } } {"\n"} {:} }
domainlist source_domain_forwards = ${tr { ${lookup pgsql{SELECT DISTINCT domain_name \
        FROM mailadmin_forwards} } } {"\n"} {:} }

And two forwarding routers using them :

mailadmin_domain_aliases:
  debug_print = "R: mailadmin_domain_aliases $local_part@$domain"
  driver = redirect
  allow_defer
  allow_fail
  domains = +source_domain_aliases
  data = ${local_part}@${lookup pgsql{SELECT FIRST (target_domain_name) \
    FROM mailadmin_domain_aliases WHERE source_domain_name = '${quote_pgsql:$domain}' } }
  file_transport = address_file
  pipe_transport = address_pipe

mailadmin_forwards:
  debug_print = "R: mailadmin_domain_aliases $local_part@$domain"
  driver = redirect
  allow_defer
  allow_fail
  domains = +source_domain_forwards
  data = ${lookup pgsql{SELECT FIRST (destination) FROM mailadmin_forwards \
    WHERE domain_name = '${quote_pgsql:$domain}' \
    AND local_part = '${quote_pgsql:$local_part}' } }
  file_transport = address_file
  pipe_transport = address_pipe

Mailadmin database is made to ease this part, giving the right information on the right shape…

Reload Exim conf once again, and we're done.