Setting up maildrop

Please note that this information is no longer up to date. The content of this site has moved to a new domain DIYMacServer.com which is kept up to date. Apologies for the inconvienince.

To enable our mailserver to drop emails in pre-defined mail folders we needed an extra program, we needed another delivery agent. Untill now we have been using ‘virtual‘ one of the standard programs that come with Postfix. I’ve chosen to use maildrop as I have good experience with the other courier programs. If you like you can also another popular agent called ‘procmail‘, but I don’t use that.

Until now we have been using the postfix user to deliver and read our mail using postfix and courier IMAP. We cannot use this user anymore if you want to use maildrop. Postfix, t be more specific the ‘pipe‘ command in postfix, does not allow other programs to be run as the postfix user. Therefore we are going to create a new user called ‘vmail’, this user will be used from now on by all programs to access the virtual mail folders.

sudo niutil -create / /users/vmail
sudo niutil -createprop / /users/vmail uid 102
sudo niutil -createprop / /users/vmail gid 102
sudo niutil -createprop / /users/vmail shell "/usr/bin/false"
sudo niutil -createprop / /users/vmail home "/var/emtpy"
sudo niutil -createprop / /users/vmail passwd "*"

You can download the maildrop software from it’s website, I’ve used version 2.0.2 for my own install. Unpack the archive and we can start compiling:

./configure --enable-maildirquota \
--enable-maildrop-uid=102 \
--enable-maildrop-gid=27

make

sudo make install

When all went without a problem we can start configuring Postfix to use this new program. First we need to create a new transport to send our emails to maildrop. There is already an entry for maildrop in /etc/postfix/master.cf but you need to replace that one with this one:

maildrop unix - n n - - pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop
     /etc/maildroprc -d ${user}@${nexthop} ${extension} ${recipient}
    ${user} ${nexthop} ${sender}

Please note that the last 3 lines are actually one line and should be added like one line to master.cf. If you don’t use maildrop already you can change this without affecting the current workings of your mailserver as the maildrop transport isn’t used yet.

Next we change the main.cf config file in /etc/postfix/ to start using the new transport:

Please change:

virtual_transport = virtual

into:

virtual_transport = maildrop

and add this line at the bottom to prevent multiple emails t obe send at once to maildrop which might cause unwanted errors:

maildrop_destination_recipient_limit = 1

Next up maildrop filtering, we need to create a filter for maildrop in ‘/etc‘ to tell it what to do with the incoming mails. I’ve made a simple filter to move all spam detected by DSPAM to be put automatically in the Junk folder. This is how my maildroprc looks like:

#
EXTENSION="$1"
USER="$5"
HOST="$6"
MAILHOME="/usr/local/virtual"
DEFAULT="$MAILHOME/$HOST/$USER/."

if (/^X-DSPAM-Result: Spam*/)
{
  to "$MAILHOME/$HOST/$USER/.Junk/"
}
else
{
  to "$MAILHOME/$HOST/$USER/"
}

If you are using a different location for your virtual mails please change the MAILHOME variable accordingly. To enable maildrop to use and read the file we need to change the ownership and set it to be read and write only to that user the way maildrop likes to see it.

sudo chown vmail maildroprc
sudo chmod 600 maildroprc

You can read more about how to write your filters on the maildrop website in the documentation section.

Next up is the most dangerous part of the setup as this will affect your current setup, be carefull and make sure you got a backup of everything. We need to change the permissions and ownership of the virtual mail directory to allow maildrop access as maildrop needs to run as non root, non postfix user. We’ve created the vmail user at the top of this page and now we are going to use it for Postfix and Courier IMAP.

First change the following lines in /etc/postfix/main.cf:

virtual_minimum_uid = 27
virtual_uid_maps = static:27

into:

virtual_minimum_uid = 102
virtual_uid_maps = static:102

Next up the Courier configuration change the file /usr/local/etc/authlib/authmysqlrc and modify the line:

MYSQL_UID_FIELD         '27'

into:

MYSQL_UID_FIELD         '102'

To change onwership of the actual maildirs:

sudo chown -R vmail /usr/local/virtual

This will take a while depending of the amount of mail accounts and emails present.

Now, if you are comfortable with the changes you made we can restart the affected programs to activate the changes.

sudo /usr/local/sbin/authdaemond stop
sudo /usr/local/sbin/authdaemond start
sudo postfix reload

If something doesn’t work, don’t worry too much as mails won’t disappear. Just undo the changes to the config files, return proper permissions to the virtual maildir with the command:

sudo chown -R postfix:postfix /usr/local/virtual

and restart the programs again.

Note: If you have problems getting it to work please post your errors or problems on the forum. This is a better way to capture the knowledge spread and makes it accessible to others. Registration doesn’t hurt and won’t take long.

11 Responses to “Setting up maildrop”

  1. James Brown Says:

    Richard, to have the filter only work for a particular user (eg jlbrown), do I just change the line in maildroprc from:

    DEFAULT=”$MAILHOME/$HOST/$USER/.”

    to:

    DEFAULT=”$MAILHOME/$HOST/jlbrown/.” ?

    I only want to do this for one account at this stage.

    Thanks, James.

  2. Richard5 Says:

    No don’t do this or you will receive everyone’s mail. I’m looking into a per user setup but haven’t quite found out how to do this in an easy way.

    PS your mail is being bounced, user unknown !

  3. James Says:

    OK. I look forward to do your docs when you figure it out!

    For some reason the changes that I started to make stopped me being able to retrieve my mail. Don’t know why it would say user unknown. Anyway, all seems to be OK now.

  4. Chris Says:

    Thanks for this.

    Btw: I just figured out why my setup didn’t work (meaning: mailfilter not working).

    First of all, mailfilter’s a pain to debug.
    2ndly: the logfile arg does take a full path (e.g. /var/log/maildrop.info otl) and writes to it if its owned by e.g. vmail|virtual|whatever your vuser is called. Which is great.

    3rdly (and what took me hours to figure out): if you follow this guide and others on the net, you have wisely given let’s say vmail the /bin/false shell. However, if you decide to e.g

    `test -d $DEFAULT`
    if ( $RETUNRCODE != 0) { # do something }

    this ends up always being called since test cannot return TRUE!

    My solution was to put

    SHELL=”/bin/sh” # or what flavour have you

    on top of the global mailfilterrc.

    I don’t know if this opens up a whole bunch of security issues, though. Any insights on this?

    Thought I’d share this..
    Thx
    Chris

  5. Richard5 Says:

    I agree on the first, it’s a dog.. The second explains why didn’t get it working, thanks for that. I haven’t tried the 3rd but will give it a go later on. I hope someone else will give us some insights on the security angle.

  6. Chris Says:

    New insight viz. #1:

    Put

    VERBOSE=”5″

    in your mailfilter and look in awe at /var/log/mail.info whenever your maildrop goes aboogie :)

    (it might help, but still..)

    And: If you’re looking at making a per user setup, try something like this (works for me):

    `test -f $MAILHOME/mailfilters/${USER}@${HOST}`
    if ( $RETURNCODE == 0 )
    {
    #log ” == User $USER has own mailfilter, including $MAILHOME/mailfilters/${USER}@${HOST} …”
    include “$MAILHOME/mailfilters/${USER}@${HOST}”
    }

    near the end but don’t forget a

    to “$MAILHOME/$HOST/$USER/”

    after that.

    This assumes all individualized mailfilters in $MAILHOME/mailfilters/user@domain.tld …
    (again: doesn’t work if shell is bin/false, at least on this end of things)

    Cheers
    Chris

  7. James Says:

    Set things up as per docs, but I get:

    Jul 2 17:49:34 mail-bordo-com-au postfix/qmgr[487]: 652C6A54432: removed
    Jul 2 17:49:46 mail-bordo-com-au postfix/qmgr[487]: warning: connect to transport maildrop: Connection refused
    Jul 2 17:49:56 mail-bordo-com-au authdaemond: stopping authdaemond children
    Jul 2 17:49:57 mail-bordo-com-au pop3d: Connection, ip=[::ffff:58.170.149.36]

    Authdaemond is running.

    Also get:

    Jul 2 17:56:03 mail-bordo-com-au imapd-ssl: Failed to create cache file: maildirwatch (peter.psarros@bordo.com.au)
    Jul 2 17:56:03 mail-bordo-com-au imapd-ssl: Error: Permission denied

    Don’t know what I’ve done. Any ideas?

    Thanks, James.

  8. agnello Says:

    HI
    I have configured a mail server to use a maildrop as the MDA to deliver mails.

    my /etc/maildroprc file looks like this
    ###############################################
    #
    EXTENSION=”$1″
    user=”5″
    domain=”$6″
    MAILHOME=”/home/vmail/”
    DEFAULT=”$MAILHOME/$domain/$user/Maildir”

    if (/^X-SPAM: Spam*/)
    {
    to “$MAILHOME/$domain/$user/Maildir/Junk”
    }
    else
    {
    to “$MAILHOME/$domain/$user/Maildir”

    ###############################################

    When i try to send create mail box using postfixadmin there is no
    error but the Maildir is created in /home/vmail instead of
    /home/vamil/domain.com/user1/

    (here is the logs)
    ################################################
    Aug 17 14:02:19 server3 clamd.amavisd[2152]: Database correctly
    reloaded (94464 viruses)
    Aug 17 14:17:00 server3 postfix/qmgr[6233]: 34FE237221:
    from=, size=421, nrcpt=1 (queue active)
    Aug 17 14:17:00 server3 postfix/qmgr[6233]: B1B1137154:
    from=, size=421, nrcpt=1 (queue active)
    Aug 17 14:17:00 server3 postfix/qmgr[6233]: 7617637155:
    from=, size=421, nrcpt=1 (queue active)
    Aug 17 14:17:00 server3 postfix/pipe[6401]: 34FE237221:
    to=, relay=maildrop, delay=1087, status=sent
    (newwork.asia)
    Aug 17 14:17:00 server3 postfix/qmgr[6233]: 34FE237221: removed
    Aug 17 14:17:00 server3 postfix/pipe[6403]: B1B1137154:
    to=, relay=maildrop, delay=1331, status=sent
    (newwork.asia)
    Aug 17 14:17:00 server3 postfix/qmgr[6233]: B1B1137154: removed
    Aug 17 14:17:00 server3 postfix/pipe[6404]: 7617637155:
    to=, relay=maildrop, delay=1227, status=sent
    (newwork.asia)
    Aug 17 14:17:00 server3 postfix/qmgr[6233]: 7617637155: removed

    #################################################################
    my /etc/postfix/master.cf file looks like this

    #############################################################
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    maildrop unix – n n – – pipe
    flags=DRhu user=vmail argv=/usr/local/bin/maildrop /etc/maildroprc
    -d ${recipient}
    #
    ################################################################

    could some onel pls help me as to why maildrop is not creating the
    maildir in the right location .


    Warm Regards

    Agnello . G .Dsouza

  9. Richard5 Says:

    Maildrop does not create maildir’s you will need to add the creation of maildir’s to your script to get this working. Maildrop in your current setup only works with existing maildirs.

  10. Dennis Says:

    Silly question perhaps but should the * be replaced with an actual password? Also should –enable-maildrop-gid=27 be 102?

    sudo niutil -createprop / /users/vmail passwd “*”

  11. Richard5 Says:

    @Dennis, No there is no need for a real password. This is not a security risk as there is also no shell access defined for that user.

    You could set the GID to 102, it would be neater but it doesn’t really matter. I will correct it later !

    Thanks.