Please note that this information is no longer up to date. The content of this site has moved to a new domain DIYMacServer.com which is kept up to date. Apologies for the inconvienince.
To enable our mailserver to drop emails in pre-defined mail folders we needed an extra program, we needed another delivery agent. Untill now we have been using ‘virtual‘ one of the standard programs that come with Postfix. I’ve chosen to use maildrop as I have good experience with the other courier programs. If you like you can also another popular agent called ‘procmail‘, but I don’t use that.
Until now we have been using the postfix user to deliver and read our mail using postfix and courier IMAP. We cannot use this user anymore if you want to use maildrop. Postfix, t be more specific the ‘pipe‘ command in postfix, does not allow other programs to be run as the postfix user. Therefore we are going to create a new user called ‘vmail’, this user will be used from now on by all programs to access the virtual mail folders.
sudo niutil -create / /users/vmail sudo niutil -createprop / /users/vmail uid 102 sudo niutil -createprop / /users/vmail gid 102 sudo niutil -createprop / /users/vmail shell "/usr/bin/false" sudo niutil -createprop / /users/vmail home "/var/emtpy" sudo niutil -createprop / /users/vmail passwd "*"
You can download the maildrop software from it’s website, I’ve used version 2.0.2 for my own install. Unpack the archive and we can start compiling:
./configure --enable-maildirquota \ --enable-maildrop-uid=102 \ --enable-maildrop-gid=27 make sudo make install
When all went without a problem we can start configuring Postfix to use this new program. First we need to create a new transport to send our emails to maildrop. There is already an entry for maildrop in /etc/postfix/master.cf but you need to replace that one with this one:
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop
/etc/maildroprc -d ${user}@${nexthop} ${extension} ${recipient}
${user} ${nexthop} ${sender}
Please note that the last 3 lines are actually one line and should be added like one line to master.cf. If you don’t use maildrop already you can change this without affecting the current workings of your mailserver as the maildrop transport isn’t used yet.
Next we change the main.cf config file in /etc/postfix/ to start using the new transport:
Please change:
virtual_transport = virtual
into:
virtual_transport = maildrop
and add this line at the bottom to prevent multiple emails t obe send at once to maildrop which might cause unwanted errors:
maildrop_destination_recipient_limit = 1
Next up maildrop filtering, we need to create a filter for maildrop in ‘/etc‘ to tell it what to do with the incoming mails. I’ve made a simple filter to move all spam detected by DSPAM to be put automatically in the Junk folder. This is how my maildroprc looks like:
#
EXTENSION="$1"
USER="$5"
HOST="$6"
MAILHOME="/usr/local/virtual"
DEFAULT="$MAILHOME/$HOST/$USER/."
if (/^X-DSPAM-Result: Spam*/)
{
to "$MAILHOME/$HOST/$USER/.Junk/"
}
else
{
to "$MAILHOME/$HOST/$USER/"
}
If you are using a different location for your virtual mails please change the MAILHOME variable accordingly. To enable maildrop to use and read the file we need to change the ownership and set it to be read and write only to that user the way maildrop likes to see it.
sudo chown vmail maildroprc sudo chmod 600 maildroprc
You can read more about how to write your filters on the maildrop website in the documentation section.
Next up is the most dangerous part of the setup as this will affect your current setup, be carefull and make sure you got a backup of everything. We need to change the permissions and ownership of the virtual mail directory to allow maildrop access as maildrop needs to run as non root, non postfix user. We’ve created the vmail user at the top of this page and now we are going to use it for Postfix and Courier IMAP.
First change the following lines in /etc/postfix/main.cf:
virtual_minimum_uid = 27 virtual_uid_maps = static:27
into:
virtual_minimum_uid = 102 virtual_uid_maps = static:102
Next up the Courier configuration change the file /usr/local/etc/authlib/authmysqlrc and modify the line:
MYSQL_UID_FIELD '27'
into:
MYSQL_UID_FIELD '102'
To change onwership of the actual maildirs:
sudo chown -R vmail /usr/local/virtual
This will take a while depending of the amount of mail accounts and emails present.
Now, if you are comfortable with the changes you made we can restart the affected programs to activate the changes.
sudo /usr/local/sbin/authdaemond stop sudo /usr/local/sbin/authdaemond start sudo postfix reload
If something doesn’t work, don’t worry too much as mails won’t disappear. Just undo the changes to the config files, return proper permissions to the virtual maildir with the command:
sudo chown -R postfix:postfix /usr/local/virtual
and restart the programs again.
Note: If you have problems getting it to work please post your errors or problems on the forum. This is a better way to capture the knowledge spread and makes it accessible to others. Registration doesn’t hurt and won’t take long.
December 4th, 2006 at 1:53 pm
Richard, to have the filter only work for a particular user (eg jlbrown), do I just change the line in maildroprc from:
DEFAULT=”$MAILHOME/$HOST/$USER/.”
to:
DEFAULT=”$MAILHOME/$HOST/jlbrown/.” ?
I only want to do this for one account at this stage.
Thanks, James.
December 4th, 2006 at 2:14 pm
No don’t do this or you will receive everyone’s mail. I’m looking into a per user setup but haven’t quite found out how to do this in an easy way.
PS your mail is being bounced, user unknown !
December 5th, 2006 at 1:42 am
OK. I look forward to do your docs when you figure it out!
For some reason the changes that I started to make stopped me being able to retrieve my mail. Don’t know why it would say user unknown. Anyway, all seems to be OK now.
February 19th, 2007 at 7:28 pm
Thanks for this.
Btw: I just figured out why my setup didn’t work (meaning: mailfilter not working).
First of all, mailfilter’s a pain to debug.
2ndly: the logfile arg does take a full path (e.g. /var/log/maildrop.info otl) and writes to it if its owned by e.g. vmail|virtual|whatever your vuser is called. Which is great.
3rdly (and what took me hours to figure out): if you follow this guide and others on the net, you have wisely given let’s say vmail the /bin/false shell. However, if you decide to e.g
`test -d $DEFAULT`
if ( $RETUNRCODE != 0) { # do something }
this ends up always being called since test cannot return TRUE!
My solution was to put
SHELL=”/bin/sh” # or what flavour have you
on top of the global mailfilterrc.
I don’t know if this opens up a whole bunch of security issues, though. Any insights on this?
Thought I’d share this..
Thx
Chris
February 19th, 2007 at 9:36 pm
I agree on the first, it’s a dog.. The second explains why didn’t get it working, thanks for that. I haven’t tried the 3rd but will give it a go later on. I hope someone else will give us some insights on the security angle.
February 19th, 2007 at 10:03 pm
New insight viz. #1:
Put
VERBOSE=”5″
in your mailfilter and look in awe at /var/log/mail.info whenever your maildrop goes aboogie
(it might help, but still..)
And: If you’re looking at making a per user setup, try something like this (works for me):
`test -f $MAILHOME/mailfilters/${USER}@${HOST}`
if ( $RETURNCODE == 0 )
{
#log ” == User $USER has own mailfilter, including $MAILHOME/mailfilters/${USER}@${HOST} …”
include “$MAILHOME/mailfilters/${USER}@${HOST}”
}
near the end but don’t forget a
to “$MAILHOME/$HOST/$USER/”
after that.
This assumes all individualized mailfilters in $MAILHOME/mailfilters/user@domain.tld …
(again: doesn’t work if shell is bin/false, at least on this end of things)
Cheers
Chris
July 2nd, 2007 at 9:57 am
Set things up as per docs, but I get:
Jul 2 17:49:34 mail-bordo-com-au postfix/qmgr[487]: 652C6A54432: removed
Jul 2 17:49:46 mail-bordo-com-au postfix/qmgr[487]: warning: connect to transport maildrop: Connection refused
Jul 2 17:49:56 mail-bordo-com-au authdaemond: stopping authdaemond children
Jul 2 17:49:57 mail-bordo-com-au pop3d: Connection, ip=[::ffff:58.170.149.36]
Authdaemond is running.
Also get:
Jul 2 17:56:03 mail-bordo-com-au imapd-ssl: Failed to create cache file: maildirwatch (peter.psarros@bordo.com.au)
Jul 2 17:56:03 mail-bordo-com-au imapd-ssl: Error: Permission denied
Don’t know what I’ve done. Any ideas?
Thanks, James.
August 20th, 2007 at 12:48 pm
HI
I have configured a mail server to use a maildrop as the MDA to deliver mails.
my /etc/maildroprc file looks like this
###############################################
#
EXTENSION=”$1″
user=”5″
domain=”$6″
MAILHOME=”/home/vmail/”
DEFAULT=”$MAILHOME/$domain/$user/Maildir”
if (/^X-SPAM: Spam*/)
{
to “$MAILHOME/$domain/$user/Maildir/Junk”
}
else
{
to “$MAILHOME/$domain/$user/Maildir”
###############################################
When i try to send create mail box using postfixadmin there is no
error but the Maildir is created in /home/vmail instead of
/home/vamil/domain.com/user1/
(here is the logs)
################################################
Aug 17 14:02:19 server3 clamd.amavisd[2152]: Database correctly
reloaded (94464 viruses)
Aug 17 14:17:00 server3 postfix/qmgr[6233]: 34FE237221:
from=, size=421, nrcpt=1 (queue active)
Aug 17 14:17:00 server3 postfix/qmgr[6233]: B1B1137154:
from=, size=421, nrcpt=1 (queue active)
Aug 17 14:17:00 server3 postfix/qmgr[6233]: 7617637155:
from=, size=421, nrcpt=1 (queue active)
Aug 17 14:17:00 server3 postfix/pipe[6401]: 34FE237221:
to=, relay=maildrop, delay=1087, status=sent
(newwork.asia)
Aug 17 14:17:00 server3 postfix/qmgr[6233]: 34FE237221: removed
Aug 17 14:17:00 server3 postfix/pipe[6403]: B1B1137154:
to=, relay=maildrop, delay=1331, status=sent
(newwork.asia)
Aug 17 14:17:00 server3 postfix/qmgr[6233]: B1B1137154: removed
Aug 17 14:17:00 server3 postfix/pipe[6404]: 7617637155:
to=, relay=maildrop, delay=1227, status=sent
(newwork.asia)
Aug 17 14:17:00 server3 postfix/qmgr[6233]: 7617637155: removed
#################################################################
my /etc/postfix/master.cf file looks like this
#############################################################
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
maildrop unix – n n – – pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop /etc/maildroprc
-d ${recipient}
#
################################################################
could some onel pls help me as to why maildrop is not creating the
maildir in the right location .
–
Warm Regards
Agnello . G .Dsouza
August 20th, 2007 at 1:55 pm
Maildrop does not create maildir’s you will need to add the creation of maildir’s to your script to get this working. Maildrop in your current setup only works with existing maildirs.
October 13th, 2007 at 10:13 pm
Silly question perhaps but should the * be replaced with an actual password? Also should –enable-maildrop-gid=27 be 102?
sudo niutil -createprop / /users/vmail passwd “*”
October 13th, 2007 at 10:26 pm
@Dennis, No there is no need for a real password. This is not a security risk as there is also no shell access defined for that user.
You could set the GID to 102, it would be neater but it doesn’t really matter. I will correct it later !
Thanks.