Mysql Based Exim Qpopper WebAdmin
Install
 
Exim Install
Exim config sample
Qpopper Install
Qpopper config sample
 
How to install mbewqa:

Simply unpack the tar.gz under your document-root and edit the file constants.inc.php.
Set the MYSQL_HOST, MYSQL_PORT, MYSQL_USER,
MYSQL_PASSWORD, MYSQL_DB options, and SET DEMOMODE
to false.
(This user need to have SELECT, INSERT, UPDATE, DELETE
rights to the database in your MYSQL_DB setting.)

Create the database and the user in your mysql server.
Now open the file install.php with your browser and follow the instructions.

!! Since php-4.2 the register_globals option is defaulted to Off in php.ini, but unfortunately this script requires register_globals=On. Please set register_globals to on in your php.ini, but first please read the following section of php manual about register_globals and security: http://www.php.net/manual/en/security.registerglobals.php

! This script is not exploitable with the register_globals "feature" so simple, because a hash of your login informations indicates a successful login.

The next version, without register_globals is coming soon...

 

How to install exim with MySql support:

Download the latest exim 3.x source from http://www.exim.org and unpack it. Change into exims source directory (cd /your/path/exim-3.x), copy the file /src/EDITME to /Local/Makefile and open it with your editor.

Set the following options: 
AUTH_PLAINTEX = yes
BIN_DIRECTORY = /usr/local/exim/bin
CONFIGURE_FILE = /etc/exim.conf
LOOKUP_MYSQL = yes
LOOKUP_INCLUDE = -I /path/to/your/mysql/includes
LOOKUP_LIBS = -L /path/to/your/mysql/libs -lmysqlclient
SPOOL_DIRECTORY = /var/spool/exim
SUPPORT_MOVE_FROZEN_MESSAGES = yes

Change into your exim source directory (/..../exim-3.x) and type: make and make install. Now your exim is compiled and installed in your bin directory and a sample config file is copied to /etc/exim.conf. This is the default exim.conf, and don't supports mysql lookups. Here is a sample config file with mysql lookup and with smtp-auth. Edit this file, set your mysql settings (host, port, user, password, database).

The required tables for exim, you can create with mbeqwa in menu "Domain administration" or manually. The table structure:


Create table mail (
user varchar(64) not null,
domain varchar(127) not null,
alias varchar(255),
is_alias enum("yes","no") default "no",
password varchar(32),
key user (user),
key domain (domain));

create table relay_ip (
ip char(15) not null,
ts datetime not null,
key ip (ip),
key ts (ts));

Now you can run exim....
How to install Qpopper with MySql support:

Download qpopper-3.1.2 from Qualcomm's ftp: ftp://ftp.qualcomm.com/eudora/servers/unix/popper/old/ and unpack it, then download the Exim-Qpopper-Patch by Sarel Lugtenburg from http://freshmeat.net/projects/exim-qpopper-mysql/?topic_id=34 and unpack it. Change to your qpopper source directory /..../qpopper3.1.2 and patch the source code: patch -p1 < /path/to/exim/qpopper/patch/qpopper3.1.2-mysql-0.11.2.patch. Now configure your popper. I use the following options to configure my popper:

./configure --with-popperconfig=/etc/popper.conf --enable-mysql --with-mysqllibpath=/usr/local/mysql/lib/mysql --enable-log-login-mysql --enable-standalone --enable-shy --enable-servermode

and now run make. If no error occurs, the executable (popper) is created in your ..../qpopper3.1.2/popper directory, copy it to your bin directory (/usr/local/bin) . Create the file /etc/popper.conf. Here is the example popper.conf. Edit the mysql settings. More info can you find in the homepage of Sarel Lugtenburg: http://www.netd.co.za/mysql-mail/ or take a look into the patch file, you can find there all available configuration options.

Now, you can run popper.

 

If the site of Sarel Lugtenburg is not available here is a temporary mirror to the last known version of the exim-qpopper-mysql patch: http://mbeqwa.sourceforge.net/exim-qpopper-mysql-0.11.2.tar.gz

 

I modified the qpopper patch because of a security bug at the login. The attacker was able to relay with your smtp server if you turned on the pop before smtp authentication, and you have least one alias user. The alias user has an empty password, and the attacker was able to log in with your alias user and with an empty password. After this was a relay_ip record created with his ip address and was able to relay. With the modified patch is impossible to log in with an empty password. Please use this (0.11.3) patch and recompile your qpopper.

http://mbeqwa.sourceforge.net/exim-qpopper-mysql-0.11.3.tar.gz

thx to Miha for the bugreport.

SourceForge Logo