# server side filtering with maildrop

## Dr_Stein

Is anyone here good with maildrop? 

I'm trying to get it working with the virtual-user HOWTO setup on here, but am not having any luck at all. I really need to get server-side filtering setup with virtual users (stored in mysql) because procmail isn't able to do it.  :Sad: 

I've submitted my query to 2 different mailing lists, and got a couple replies but I'm still stuck. 

here's the post I sent off:

After much Googling and trial & error, I got postfix to hand mail off to

"maildrop" (turns out I needed to change the transport from virtual to

maildrop) but I can't get any farther than that.

I have "virtual users" in /home/vmail, with everything set up to be

/home/vmail/domain.com/user/.maildir - without maildrop, everything has

been working fine. However, I need server-side filtering available.

Here's what I've been running into:

Apr  2 03:11:02 [maildrop] Cannot have world/group permissions on the

filter file - for your own good.

Apr  2 03:11:02 [postfix/pipe] 2B90ABB19: to=<phoneboy@phoneboy.org>,

relay=maildrop, delay=0, status=deferred (temporary failure. Command

output: /usr/bin/maildrop: Cannot have world/group permissions on the

filter file - for your own good. )

Great! It's going to protect me from myself. How nice!

So, I change the permission to "chmod 600 .mailfilter" thus removing

world/group perms.

garbage vmail # pwd

/home/vmail

garbage vmail # ls -laF

total 12

drwxr-xr-x   15 vmail    vmail         496 Apr  1 06:47 ./

drwxr-xr-x    5 root     root          144 Mar 20 20:23 ../

-rw-------    1 vmail    vmail          44 Apr  2 03:16 .mailfilter

drw-------    2 vmail    vmail         120 Apr  2 01:33 .mailfilters/

drwxr-xr-x    2 vmail    vmail         264 Mar 28 15:55 .razor/

drwx------    2 vmail    vmail          48 Mar 30 07:06 .spamassassin/

drwxr-x---    3 vmail    vmail          80 Mar 31 23:40 capitolgarage.com/

so, it should be reading .mailfilter and doing what it says. .mailfilter

simply says "include /home/vmail/.mailfilters/$LOGNAME" for now. I read a

short howto at

http://sourceforge.net/mailarchive/message.php?msg_id=170745

If I change the permissions on .mailfilter, I get this:

Apr  2 03:18:38 [maildrop] Unable to open include file.

Apr  2 03:18:38 [postfix/pipe] E0A48BC15: to=<phoneboy@phoneboy.org>,

relay=maildrop, delay=1, status=deferred (temporary failure. Command

output: /usr/bin/maildrop: Unable to open include file. )

Grr! Regardless of the permissions on the include file, I get this error.

I thought "Maybe it's not filling in "$LOGNAME" (I still don't understand

exactly where it grabs that from) so I tried specifying a particular file.

Still no luck.  :Sad: 

I'm completely lost, but at least I'm a little bit farther down the road

than I was earlier.

I still can't get it to look into the mysql db, either.. but if I can deal

with flat files, that'll work for now.

Any suggestions?

----------

## Dr_Stein

> >

> > is there a way to see if /usr/bin/maildrop is changing suid to "vmail?"

> > (or should it be doing that?)

>

> Add:

> VERBOSE=9

> logfile /tmp/maildrop.log

> to the very top of the .mailfilters and see what's up.

> Also, make certain that the user vmail can read/access everything it

> needs to.

>

Thanks for the reply! I tried it, but....

.mailfilters is a directory, but I tried the .mailfilter file - I ended up

getting errors.  :Sad: 

Apr  4 19:18:20 [postfix/pipe] 18092F66: to=<phoneboy@phoneboy.org>,

relay=maildrop, delay=0, status=deferred (temporary failure. Command

output: .mailfilter(2): Syntax error. )

if I comment out the VERBOSE and logfile line, it's back to this error:

Apr  4 19:18:45 [postfix/pipe] C8FE41012: to=<phoneboy@phoneboy.org>,

relay=maildrop, delay=0, status=deferred (temporary failure. Command

output: /usr/bin/maildrop: Unable to open include file. )

vmail can read/write/execute anything under /home/vmail - 700 perms on all

of the .mail* files.

 :Sad: 

----------

## SimianRage

Don't know if this problem was ever solved, I've been googling and searching the forums myself the past few days and I finally got something working on my setup. If it's already been solved sorry for the redundancy.

Assumption: I set up an email server exactly as described in the gentoo virtual mail guide that's dated April 30

Problem: I want server side filtering, specifically spamassassin and custom filtering, for virtual domains. 

I am using procmail for the local users, but for the virtual users I set up maildrop. I emerged maildrop and my USE flags include mysql. 

----------------------------------------------------------------------------------------

First, emerge maildrop. I have mysql in my USE flags and maildrop builds with mysql support.

Next, modfy /etc/postfix/main.cf. 

```

# This is what used to be set

#virtual_transport = virtual

# Add these 2 lines so we use the mysql transport table instead

transport_maps = mysql:/etc/postfix/mysql-transport.cf

virtual_transport = $transport_maps

# I added this because I read it in the MAILDROP_README file in postfix doc

maildrop_destination_recipient_limit = 1

```

Next modify the /etc/postfix/master.cf to fix the path to maildrop. The default uses /usr/loca/bin/maildrop, but on my system it installed to /usr/bin

```

#

# maildrop. See the Postfix MAILDROP_README file for details.

#

maildrop  unix  -       n       n       -       -       pipe

  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

```

Now if you want any of your virtual domains to use maildrop instead of virtual for delivery just change the transport table's destination field to 'maildrop:' instead of 'virtual:'

Since all virtual domains are using the vmail account, I set up a /home/vmail/.mailfilter file:

```

xfilter "/usr/bin/spamc"

# Check for user defined filter file

exception {

    include "$HOME/mailfilters/$LOGNAME"

}

```

This just runs all mail through spamassassin, then checks for custom mailfilter definitions.

LOGNAME gets set to virtuser@somedomain.com, so I created a /home/vmail/mailfilters directory. Primarily I was just interested in running spamassassin. I wanted the custom mailfilter files for my personal use because I subscribe to the gentoo mailing lists using a virtual account. Here is what I  put in my custom file, e.g. /home/vmail/mailfilters/virtuser@somedomain.com:

```

if (/^X-Spam-Flag:.*YES/)

{

    exception {

        to $DEFAULT/.spam/

    }

}

if (/^List-Id:.*gentoo-user/)

{

    exception {

        to $DEFAULT/.Gentoo.User/

    }

}

if (/^List-Id:.*gentoo-security/)

{

    exception {

        to $DEFAULT/.Gentoo.Security/

    }

}

if (/^List-Id:.*gentoo-announce/)

{

    exception {

        to $DEFAULT/.Gentoo.Announce/

    }

}

if (/^List-Id:.*gentoo-gwn/)

{

    exception {

        to $DEFAULT/.Gentoo.GWN/

    }

}

```

-------------------------------------------------------------------------------------

This stuff is all new to me, so I'd appreciate any suggestions. Note: in regards to previous post about maildrop file permissions, all of my maildrop filter files are owned by vmail account and chmod 600

EDIT: fixed my misuse of the "color" tag

----------

## janus128

What SimianRage describes worked fine for me, with one addition: don't forget to configure /etc/maildrop/maildropmysql.cf! Here are the relevant lines from my maildropmysql.cf (don't forget to input your own password for 'dbpw' and the right default_uidnumber and default_gidnumber for the 'vmail' user and group).

```

hostname   localhost

port      3306

socket      /var/run/mysqld/mysqld.sock

database      mailsql

dbuser      mailsql

dbpw         <secret>

dbtable      users

#not used now

#timeout      5

default_uidnumber   1001

default_gidnumber   1001

# MySQL Field definitions

#

# UID_FIELD - MySQL attribute which contains the users name (w or w/o domain)

uid_field      email

# UIDNUMBER_FIELD - MySQL attribute which contains the system uid to deliver

# mail as

uidnumber_field      uid

# GIDNUMBER_FIELD - MySQL attribute which contains the system gid to deliver

# mail as

gidnumber_field      gid

# MAILDIR_FIELD - MySQL attribute which contains the path to the users

# custom maildir

maildir_field      maildir

# HOMEDIRECTORY_FIELD - MySQL attribute which contains the path to the users

# home directory

homedirectory_field   homedir

# QUOTA_FIELD - MySQL attribute which contains the users quota

quota_field      quota

# MYSQL_DEFAULT_STATUS_FIELD - MySQL attribute which could be created in the

# MySQL entry to set whether or not the user is allowed to receive email on

# this box..

#      -- looks unused for now; but must be valid column ! (2001-11-03)

# (I didn't know what to put here, so I just enetered a valid column)

mailstatus_field   postfix

```

The only other change I made was to /home/vmail/.mailfilter, where I set a default rule which moves spam to the user's .spam directory (make sure that directory exists for all users). It's very handy to be able to specify filters on a per user and default basis!

```
 

xfilter "/usr/bin/spamc" 

# Check for user defined filter file 

exception {

   include "$HOME/mailfilters/$LOGNAME"

}

# Redirect spam by default for all users

if (/^X-Spam-Flag:.*YES/)

{

   exception {

      to $DEFAULT/.spam

   }

}

```

Hope this helps someone!

----------

## SimianRage

I completely forgot about  /etc/maildrop/maildropmysql.cf, thanks for pointing that out.

One final thing I would like to do is figure out how to let the virtual users manage their own spam settings. I wonder if the squirrelmail spamassassin plugins could be modified/configured to do it. Currently all the spamassassin files are in /home/vmail/.spamassassin

----------

## schutten

Wonderful!

Great!

I just implemented it and it works.

Thanks guys, I can finally filter user in my virtual domain.

Oh, I sure do love the flexibility of Linux...

----------

## twk-b

i have copied/modified the and mosted it on the gentoo-wiki at:

http://gentoo-wiki.com/HOWTO_Email_Virtual_Server_Maildrop_and_Spam_Assasin#Resources

----------

## MooktaKiNG

Should i remove the spamassassin part in my .procmailrc?

would this just repeat the same thing, becuase maildrop uses spamc.

All i should do is filter every email thats been flagged with spam, right?

I'm trying to move local mail to virtual. but i do also want to keep some local user mails.

----------

## MooktaKiNG

One thing which is off topic i would like to ask is how do you use the quota option in the user table in the mailsql database?

I don't know how that works. i usually leave it empty.

----------

## MooktaKiNG

OK i got maildrop working.

but i want users t be able to create their own filters using squirrelmail.

http://www.squirrelmail.org/plugin_view.php?id=210

Thats the plugin. BUT it just refuses to work.

I know this might be the wrong place to put it. but just incase if someone came across this.

I have all this set in config.php:

```

$FILTER_FILE_PATH = '/home/[DOMUSER]/[DOMAIN]/[USERNAME]/.mailfilter';

$FILTER_APP_PATH = '/usr/bin/maildrop';

$DEFAULT_DELIVERY = '$MAILDIR';

$ALLOW_UNSUBSCRIBED = true;

$LOCAL_MAILDIR = '$HOME/[DOMUSER/[DOMAIN]/[USERNAME]/.maildir/';

$USE_MAILDIRS = 1;

$VIRTUAL_DOMAINS = 1;

$SEPERATOR = '@';

```

I get this error:

Fatal error: Call to undefined function: _write_default_recipie() in /var/www/mail.mooktakim.com/plugins/serversidefilter/functions.php on line 82

Its weird. not sure whats going on.

ALso is there anyway to make this run for ONLY for the virtual email users?

----------

## Dr_Stein

Remove the SSL support from the IMAP libraries and then try it again. That's what ended up being the ultimate solution for me.  :Smile: Last edited by Dr_Stein on Sun Dec 11, 2005 7:20 am; edited 1 time in total

----------

## MooktaKiNG

 *Dr_Stein wrote:*   

> Jesus.. I had a PAIN of a time with that plugin and the author failed to respond ... I know people get busy sometimes, but I couldn't wait. 
> 
> Remove the SSL support from the IMAP libraries and then try it again. That's what ended up being the ultimate solution for me. 

 

ANd you recieved the same error message?

----------

## Dr_Stein

Hrm.. not quite. Sorry, I didn't see that you were doing it with vmail.  :Smile: 

Did you try the test suite that's in the serversidefilter plugin folder? I was having errors come up from that. I resolved those, and the PHP side just worked great.

----------

## MooktaKiNG

i keep on getting this error when i run test.sh:

```

Can't find uid/gid for user

RESULT: 11

Can't find uid/gid for user

RESULT: 11

Can't find uid/gid for user

RESULT: 11

```

And when i try to compile the filtercmd command my self with the http user setting changed etc. it doesn't compile becuase i dont have the kerberos libraries etc.

i did try to chown it to vmail:apache and vmail:users

it doesn't work.

----------

## lhurgoyf

I was wondering. I have the Basic vmail system set up following the guide in the docs section on this page. on top of that I did a basic spamassassin installation. which works out pretty well.

but. As im working with a lot of users and domains and I want to enforce per-user quotas (which does not work with the vmail setup) I created a perl script which gets the quotas from the database and checks for usage etc.

is it possible to put this script in the maildrop besides spamassassin. I want my mails who are send to a 'full' inbox to bounce with a mailbox-full message (that will be done from the quota/perl script itself) I just need to make sure that if it passes the quota script. spamassassin will still check the file. and if it doesnt pass the quota script. spamassassin or postfix shouldnt get it back at all.

----------

## MooktaKiNG

 *lhurgoyf wrote:*   

> I was wondering. I have the Basic vmail system set up following the guide in the docs section on this page. on top of that I did a basic spamassassin installation. which works out pretty well.
> 
> but. As im working with a lot of users and domains and I want to enforce per-user quotas (which does not work with the vmail setup) I created a perl script which gets the quotas from the database and checks for usage etc.
> 
> is it possible to put this script in the maildrop besides spamassassin. I want my mails who are send to a 'full' inbox to bounce with a mailbox-full message (that will be done from the quota/perl script itself) I just need to make sure that if it passes the quota script. spamassassin will still check the file. and if it doesnt pass the quota script. spamassassin or postfix shouldnt get it back at all.

 

What you have to do is use the quota field in the mailbox table. Make sure that its written like this: 10000S, for 10Mb, and S is needed to mean size.

Then make sure that quota is included in the imap servers features, it usually is. and make sure the quota field is included in the couriers, if u use that, configurations,

One thing though, this is a great howto i  used to install my server:

http://www.besy.co.uk/projects/debian/mailserver/default.htm

the gentoo howto is NOT compatible with PostfixAdmin, becuase of the database layout etc. 

so i had to follow that howto to get it installed. i like postfixadmin, i recommend anyone to use it.

HOwever, i can't seem to get mailman to work anymore. it seems to bounce all the email sent to the mailing lists. if anyone got it working please let me know.

----------

## lhurgoyf

I read the howto on that page, and all I can find which differs from the way its currently set up is the fact it sends a mail when a box is 75% full Still when its full the box will be closed and senders will get a 'ugly' mailbox-not-available message.

----------

## MooktaKiNG

 *lhurgoyf wrote:*   

> I read the howto on that page, and all I can find which differs from the way its currently set up is the fact it sends a mail when a box is 75% full Still when its full the box will be closed and senders will get a 'ugly' mailbox-not-available message.

 

it gets the message when its over 75%, but if its full it will not accept the message.

----------

## lhurgoyf

 *MooktaKiNG wrote:*   

>  *lhurgoyf wrote:*   I read the howto on that page, and all I can find which differs from the way its currently set up is the fact it sends a mail when a box is 75% full Still when its full the box will be closed and senders will get a 'ugly' mailbox-not-available message. 
> 
> it gets the message when its over 75%, but if its full it will not accept the message.

 

Looking at above. the mailbox user who is at 75%+ of his mailbox limit will get the quota warning message. this is good. I also put this in my script. But when the size reaches 100% the mailbox will be CLOSED for outside mail. and sending users will be like ' Wtf does this mailbox not exist ??? ' without a clue whats happend. I want to bounce their mail with the message ' This users mailbox is full '

----------

## MooktaKiNG

 *lhurgoyf wrote:*   

>  *MooktaKiNG wrote:*    *lhurgoyf wrote:*   I read the howto on that page, and all I can find which differs from the way its currently set up is the fact it sends a mail when a box is 75% full Still when its full the box will be closed and senders will get a 'ugly' mailbox-not-available message. 
> 
> it gets the message when its over 75%, but if its full it will not accept the message. 
> 
> Looking at above. the mailbox user who is at 75%+ of his mailbox limit will get the quota warning message. this is good. I also put this in my script. But when the size reaches 100% the mailbox will be CLOSED for outside mail. and sending users will be like ' Wtf does this mailbox not exist ??? ' without a clue whats happend. I want to bounce their mail with the message ' This users mailbox is full '

 

OK, then i suggest you use maildrop to configure this,  dont exactly know how, but i have seen this being done on google somehwere  :Very Happy: 

sorry.

----------

## lhurgoyf

yeah, that was exactly what I was looking for. but the Internet is getting big. even with google I have a hard time finding certain things, was hoping somebody here knew. But ill go google again  :Smile: 

----------

## lhurgoyf

found a way how to do it now, using basic quota stuff in postfix. the 75% message doesnt work  yet. however when its full the sender gets a need message 'mailbox size limit reached, please try again later'

----------

