DbMail Administrator (DBMA) Simplified Help

DbMail Administrator (DBMA) Main Menu Help
Global Mail System Administration

Are you having trouble? Send an email message for help.

The best place to perform most functions is from the User Account Window

General Functions

User Search

Enter a user ID number, a user name or an email address and search for that specific user to fetch the account window for that user. This function appears throughout the various GUI windows. It will open a user account if it finds the user you seek. From that account window you can manage the user's account, deal with message issues, email the user, search mail, manage aliases, ACLs, passwords, mail quotas, encryption, and more.

List Users (for a group)

This is the primary tool for listing users in the RestrictGroup configuration. Enter the group number to list all users in that group. This function appears throughout the various GUI windows in all versions. In the Main Menu window a drop down list of all the groups stored in the database will default to the default group and allow you to select any other group stored in the database.

List Aliases (for a group)

Enter the group number or on the Main menu select a group from the drop menu to list all aliases in that group (hard-coded in the Restrict Group configuration. This function appears throughout the various GUI windows.

Users

Add User

Open a user interface for adding users. Users

This function has a number of preset default options which can be set from "Configuration". Default presets include auto-generate password, auto-generate alias, group, and password encryption method. FEATURE NOTE: When auto-create alias has been set to "1" in the 'Configuration Options', the 'Add User' interface recycles after typing the user name and pressing "Add New User". In this manner even a large group of users can be populated into the database in minutes. Otherwise, if the auto-create processes have not been configured, the Add User function causes a proof-reading and modification window to open with the new data set out.

When adding a user and alias, DBMA will check the RFC compliance of the email address. (Note: You do not have to set an alias at this time.) If for some reason, like a fallback alias for a LAN (i.e.: @LANdomain.int), you can bypass the alias checking "on" Force Bypass RFC-Compliant Alias Check. This is generally not a good practise for production systems.

Delete User / Group

Open an interface to delete a single user or an entire group of users. You need to know the name or ID number of the user. Deleting users can also be done from Group Lists or from the User Account Window.

Email A User

Send an email to any user. Be careful not to send the user an encrypted password. It won't do them any good. This feature allows a notice to be sent to the user when a mail quota has been reset, a password changed, or any administrative function you may wish to advise the user about.

Aliases

Add Aliases Aliases

Opens a user interface to add an alias for a user. This can also be performed from the User Account Modify window or from the Group List.
Delete Aliases
Opens a user interface to allow deletion of specific aliases.
List All Aliases
List all aliases and forwards in the database. Aliases and forwards are listed separately, each list limited in number to (default 200) what is set in the "Show X Lines" block.

Forwards

Add Forward

Select Add Forward. Forwards work on the basis of two email addresses. The mail of the "From" address is forwarded to the "To" address. You may also enter one of the user's name; or user's mail system ID number. If you enter the user name or ID number, and the user has several aliases, DBMA will return a list for each one so that you can select which email address (alias) you wish to forward mail from. Id DBMA finds the "From" address, it will redirect the mail from where it currently goes to the new address you have specified. If DBMA does not find the "From" address, you will be asked to correctly enter the information or to create an Alias if one does not exist.

This exercise is in part a spelling or error checker. Many people confuse the creation of Aliases with Forwards. If for example, you have an account named "Webmaster" and you want user "billy.bishop" to receive the mail for webmaster, this is better achieved as an Alias. There is less room for error in this management method. To create that alias, open the User Account Window for billy.bishop, select "Modify billy.bishop's Account" and create the "webmaster" Alias there.
Delete Forward
Open user interface to delete a mail forward.
List All Forwards
Open user interface to list all mail forwards.

Mail Notifications

Add Auto Notify Mail Notifications

From the main window, open user interface to add a mail notification for a user. When the user (established by the User ID number stored in the database, the "Notify Address" stored in the database is sent a "NEW MAIL" received notice.
From each User Account Window you can create auto notifications for that user.
Delete Auto Notify
Open user interface to delete a mail notification for a user.
List Auto Notifications
List all auto notifications.

Global Function

List All Users All Groups

List every user in the database. Be sure to set the number you want to display in the "Show x Lines block". Once your list is opened you Global Function

can re-order the list (i.e.: Current Mail Size, Last Login etc.) in a manner of your choosing to locate the users you seek, or increase the number of lines to be displayed. If you have 10,000 users or more in your system, the "Show x Lines block" will be handy feature. In the alternative you can set "Show x Lines block" to a number larger than your user list and use that for all operations.

Database Cleanup

Look for all changes made by this tool in the statistics column (bottom left) as: "Number of deletes pending".

1) Through a serious of SQL queries and commands, DBMA sets message status 003 for all mail marked for deletion. That will escalate the deletion process. Status for messages flagged for deletion in some cases could be 000, 001,or 002 depending on the DbMail version you are using. As well as clearing up some previous issues with older DbMail versions this tool accelerates the cleanup process nicely.

2) DBMA also marks for deletion any completely orphaned messages having no mailbox nor owner. These orphans can occur due to vagaries in the database or the DBMS and the type of database you are using. Broken or incomplete indexes or cascading routines can cause this to happen as well as administrative errors. This tool allows you to manually perform the function of a schedules crontab utilities run. Note: If DBMA finds some orphaned messages it will first set their status to 001. Your command line (crontab) utility will then escalate them to 002 then 003 then delete them. You can speed that up by selecting 'Database Cleanup' a second time, and any orphaned messages marked 001 will be escalated to 003 and deleted from the database on the next Utility/Maintenance run. This two staged approach takes into consideration that this is a very rare occurrence; is likely caused by manually 'messing with the database'; and the fact that you may have by other means deleted a user, giving you time to manually recreate that user at the proper user_idnr. In future versions, DBMA will fully delete these immediately after reporting what if any exist .

3) DBMA deletes all unattached (orphaned) mailboxes.

Logins Last X Hours

Check recent logins. Selectable by hours. Shows POP/IMAP4-before-SMTP data as well as users' last logins (most recent by hours)..

Global Functions - Configuration

Configurations

Open a "Configuration Window" to set all configurations and options. Do "Primary Configuration" first and then do your "Preset Options" to your liking, after you are connected to the database.
Configuration: This is a first step in setting up DBMA. There is no code to open and edit. DBMA should fly up a 'Configuration Window' immediately after correct installation. Please use care entering your database configuration information. It will save you time. Read each item before committing.
Options: include a number of automated functions including auto-create password for new users; auto-create alias for new users; what statistics to display and their refresh rate; the default domain; what features you would like turned on, and more. Configurations has its own in the Window. Come back here for more detailed help on the features.

Encrypt Help

Opens a help window and encryption tool to explain and demonstrate the encryption methods used in DBMA. This is an interactive Help Tool which makes no changes to your system.

Show x00 Lines

Sets a maximum number of lines to display in lists. Important for very large mail systems.

Go!

Execute the 'checked' selection you have made.

Clear

Clear all 'selects' and statistics.

Global Functions - Access Control Lists

ACL / ACL List

IMAP4 Access Control Lists (ACL's) (RFC 2086) provide the option to share IMAP4 folders. If you do not have any shared folders, this is your tool to create them. DBMA first checks your system to make certain that the critical system accounts exist within Group 0.

Remember that once you have created the infrastructure and assigned some administrative rights (SETACL) to key trusted users, your Shared Folder Forest under #Users is likely to grow fast. #Public folders can be controlled exclusively by you, the Mail System Administrator, or you can give Administrative Access Rights to #Public/folders to trusted users or Group Admins.

How to Start Sharing Folders
Select "ACL" from the main screen. Type the name of the folder you wish to create and press "Create Shared Folder." DBMA will do the rest. DBMA will assign limited user access rights to "anyone". If "anyone or __public__ does not exist on your system, DBMA will create them for you.

The Global function screen for ACLs also has an Access Rights tool for manually adding a folder to a users ACL or updating any user for any shared folder. Be careful how you use this as it is a powerful and highly flexible tool.

Any User Account Window provides a means to manage specific user access rights to shared folders. You can permit users to have higher privileged access rights or even administration rights. To understand these rights, hold your cursor over the text block at the bottom which corresponds to the item for which you seek help. Or click help.

Once you have your shared folders set up and appropriate user rights assigned (for anyone), you will want to get your email client configured to subscribe to these folders. The internet is abound with opinions on what is the best email MUA (Mail User Agent - Email Client). If you are using Thunderbird or a fairly new Mozilla Mail, you are in luck. These MUAs will "subscribe" to the shared folders in a flash. You can drag and drop or copy to, move to or whatever you like in these folders.

Here is a usage example of IMAP4 Shared Folders. Let's say you have some pictures you want to show many people on your mail server. Create a folder or use what you have and create a message containing your pictures and save it in your drafts folder with a subject line "Pictures of me Winning The Lottery" or whatever. Next, select the email in your drafts folder and copy it to your "Common Shared Folder". Now 'anyone' has access. Hopefully your target audience is not using one of the ACL Shared Folders 'unfriendly' MUAs. You perhaps can share the following advice.

With Microsoft's Outlook Express and Outlook you will need to do a little coaxing. Select the account and click on "IMAP4 Folders". Don't try to first subscribe to #Public after you "Reset List". Instead, select just the sub folders of #Public and subscribe to them. Close the "Folders" window. Reset the list of folders. Next open "IMAP4 Folders" again and select #Public. Close. This two-step process of subscribing to the subfolders first and then later subscribing to the root #Public seems to work. You should be in business.

Sharing a Users' Folders
This is normally done with an ACL-friendly MUA but DBMA can help you create much of what the user can do from their MUA if it is easier to do it for them than explain how; or in the event that your user has made a mistake and you are on a repair mission.
In the drop-down display of available ACL-eligible folders in the User Account Window you will see all of the "#Public" folders plus all of the users folders. They are all eligible for sharing. Example for User Account Window for: Bob

#Public/common
bob/INBOX
bob/Trash
bob/Sent
bob/shared

If you select and add a set of Access Rights to "bob/shared", it will be available across the system under #Users but no one will be able to share it unless you assign Access Rights to additional users; or allow bob SETACL (Admin) rights for that folder and he can do it all for you.

You manage individual user rights from the User Account Window and manage #Public and #User rights from the global Access Control List Tools (select ACL on the Main Screen).
Assigning rights to #Users/folder can be done with the DBMA Access Control List Tools after the #User/folder has been shared from the User Account Window. The first step is to go to the User Account Window, create the shared folder by assigning the owner full Access Rights. Next you return to the DBMA ACL Tools and select the new shared #User/folder you created and one after another add the users needing access rights on this folder.

ACL Permissions set to 1-On or 0-Off
lookup: mailbox is visible to LIST/LSUB commands
read: SELECT the mailbox, perform CHECK, FETCH, PARTIAL SEARCH, COPY from mailbox
seen: keep seen/unseen information across session
write: STORE flags other than SEEN and DELETED
insert: perform APPEND, COPY into mailbox
post: send mail to submission address for mailbox
create: CREATE new sub-mailboxes in any implementation defined hierarchy
delete: STORE DELETED flag perform EXPUNGE
administer: perform SETACL

This Compares to the RFC 2086 - IMAP4 ACL extension definition
The ACL extension is present in any IMAP4 implementation which returns "ACL" as one of the supported capabilities to the CAPABILITY command. This is something DbMail does very well. It may be one of the best. An access control list is a set of identifier,rights pairs. Identifier is a US-ASCII string. The identifier anyone is reserved to refer to the universal identity (all authentications, including anonymous). All user name strings accepted by the LOGIN or AUTHENTICATE commands to authenticate to the IMAP4 server are reserved as identifiers for the corresponding user. Identifiers starting with a dash ("-") are reserved for "negative rights", described below. All other identifier strings are interpreted in an implementation- defined manner.
Rights is a string listing a (possibly empty) set of alphanumeric characters, each character listing a set of operations which is being controlled. Letters are reserved for ``standard'' rights, listed below. The set of standard rights may only be extended by a standards-track document. Digits are reserved for implementation or site defined rights. The currently defined standard rights are:
l - lookup (mailbox is visible to LIST/LSUB commands)
r - read (SELECT the mailbox, perform CHECK, FETCH, PARTIAL, SEARCH, COPY from mailbox)
s - keep seen/unseen information across sessions (STORE SEEN flag)
w - write (STORE flags other than SEEN and DELETED)
i - insert (perform APPEND, COPY into mailbox)
p - post (send mail to submission address for mailbox, not enforced by IMAP4 itself)
c - create (CREATE new sub-mailboxes in any implementation-defined hierarchy)
d - delete (STORE DELETED flag, perform EXPUNGE)
a - administer (perform SETACL)
acl help

Statistics and other Important Data

DBMS Version, Database and statistics

Provides a detailed account of your database including the number of: aliases, auto notifications, auto replies, deletes pending, mailboxes, message blocks, messages, physical messages, recent logins, users, and the database version.

My Domains

A listing of all domains used in aliases. You may see an additional listing here if you have "Use DBMA MTA Domains 1=YES, 0=NO" turned on. The second list is exactly what is stored on the DBMS for the use of your MTA. If the lists differ, it may be time to edit the your list on the database and remove the stale entries. If you are not using the "mydestination" option, if these are to be local accounts, make certain they are configured in your MTA. Here too is an opportunity to check against any spelling errors as they will show up prominently. If you spot a spelling error, select and copy the miss-spulled :o) domain and then select "List All Aliases" and do a browser search with the copied text. Then fix that alias and the user will starting getting mail again. (Checking spelling, though tedious, can be good thing.)

My Groups

Shows every "group" (client_idnr) stored in your database and which domains are in each group. It is a wise idea to set aside Group 1 for pseudo accounts like abuse, postmaster, webmaster, privacy and so on. In that case, every domain on your system should appear in Group 1 as an alias to these pseudo-accounts. Here is where you can check this out. If you have seven domains then all seven should show up in your pseudo-account group. If not, fix it. Every domain must have a postmaster and abuse account to name just a couple.
Open Aliases
If DBMA finds an open alias (i.e.: @LANdomain.int) it will show WARN: fallback alias: *@domain.tld followed by what group it is in (i.e.: [3] ). This might need your attention if it is an error.

My DBMS

Status and process list for your DBMS. To appreciate this data requires a fairly good understanding of how your database management system (DBMS) works. Some or all of this information will be useful to you. Scroll to the bottom of the list to see the process list which will include information about all replication slaves and masters connected to this DBMS.

User Account Window

This is the core of DBMA, our Mail User Account Window
This is why we do what we do in the mail side of IT. There are an estimated 750 million email accounts in the world in the early 2000s, and you are taking responsibility for mail delivery to and from many of them. In a nutshell, our job is to deliver their mail to their storage location. We are the new postmasters and these email account owners are our real customers. We'll treat them well.

The User Account Window (illustration below) is where you will spend most of your time so this is also where your DbMail Administrator (DBMA) is most feature rich.

From this Window you will most often jump to the Modify User Account Window.

Or you may have a user who is a magnet for viruses and unparsebale messages so you may spend time seaching for problem mail or tracking delivery issues, all of which are done from the User Account Window.

You can select and open user mailboxes for troubleshooting jammed mail, undelating mail accidentally deleted, tracking virus and spam issues, searching all mailboxes; adding or updating ACLs if your system uses that feature; creating an auto notification; sending the account owner a report of the changes accomplished in a mail message; doing what you do.

Mail box icons open to a Mail search, delete or undelete tool.
Mail search is available from any users mail box and the search will be conducted within that mail box. Look for the mailbox icon beside the mailbox name you seek and click it to open the contents list.

'Delete mail' sets the status flag to 003 so it is wiped out on the next maintenance pass. (Don't delete mail without cause nor permission.) All flags are visible in any mail box so an erroneously marked (for delete) can be spotted quickly. Individual mail can be undeleted or deleted; all mail in any mail box can be deleted or undeleted.

The "Modify" User Account Window allows you to edit the User Name; change the Password; change the Encryption Type ( plain, md5sum, md5 or crypt); Change Passwords; Change Mailbox Quota Size; and Add an Email Aliases.

If Auto Create User for New Alias in your configuration is set to "1", DBMA will generate the username for any alias you create which does not have an account. This specialized feature is intended for systems where the MTA relies on using the first_part of the email address to verify user exists and not the alias. The user created will have an unknown encrypted password. Mail will go to whatever account you have entered the alias for. An example of this useage would be in the Administrator's account where all admin mail will eventually go. By quickly typing a dozen or so pseudo-account aliases, like abuse, daemon, dns, noc, webmaster, privacy etceteras, you have created non-priviledged inaccessable accounts for each pseudo-account with all their mail going to the Administrator. It is also a precursor method for systems requiring some form of key-pair Authenticated Sender ID. The default is "0", off.

Here's an example of how it works, if configured "On". If you are in the Modify User Account Window for "Rick" and you add an alias for "ricky@domain.com" AND there is no such user as "ricky", DBMA will automatically create the user with a NO ACCESS password only if this option is set to "1" in the Configuration Window". Why? Again, if your MTA is configured to lookup local recipients in the dbmail_users.uderid table and not the dbmail_aliases.alias table, you should create a user for every alias. It is done both ways today in the email world.

Every 'human' user should have an account. (Pseudo-accounts may be aliased in your MTAs aliases table or pointed to real human users with DbMail). The account may not even have mailboxes which receive mail, being aliased or forwarded to another account or system, but to manage users properly; maintain best practices; preserve privacy and security posture; every user should have an account whether they receive mail or not. This is how you keep track of employees coming and going; password terminations; maintain correct billing operations; manage mail quota's, track alias asignments, forwards and redirections, and so on. An email alias that would allow "Rick" to use his nickname "Ricky" is an example of an email address for which there may not be a corresponding user named "Ricky" It's Rick's account. If your MTA is doing username lookups on the first part of the email address however, you will need to create that account. When you create an email alias, you will be assigning it to an account with an associated action. It may then be forwarded to another server outside of your MTA domains. Know your system and how it works.

'User Account Window' with all features turned on. If you are not using features, turn them off in the Configuration Window to reduce the clutter.

DBMA MTA DOMAINS SQL Configurable Option

DBMA will store your domains (and 'transport') in the database within a table named DBMA_MTA, if you select "1" (YES) in the 'Configuration Window /Options'. It happens in a flash, in real time. Add an new alias with a new domain and the MTA knows about it instantly. The default for this feature is "0" (NO). This feature is fully functional for both MySQL and PostgreSQL; for any version of DbMail; and can be used for any MTA capable of connecting to an SQL DBMS. The table contains only a domain name.

There are no domain tables in the database so DBMA sorts through your hundreds of aliases to collect your domains. It sorts and filters, strips and compares and when a new domain is added to the system, it writes the new data into the database. DBMA does not write domains to the database ubnless there has been a change. You may manually add or delete domains from the 'Configuration Window.'

The Main Window displays the current status of domains DBMA has found and those which are stored as 'DBMA_MTA.mydestination' in the MTA database. Compare them and watch out for any spelling or typo errors which may have crept in.
What is this for? Your Mail Transfer Agent (i.e.: Postfix) can be configured to use this table as the list of domains that the machine considers itself the final destination for.Why is that a good thing? Because from then on, anytime a domain is added to your server via DBMA, all that is required of you is to enter the alias within the DBMA User Account Window, or Add User tool and your MTA immediately has the new domain and does not need to be restarted (which has a huge performance penalty); things happen faster, easier . Everything else after turning the feature on and reconfiguring your MTA to use your DBMA is automatic (apart from making the obvious DNS changes) while you have full administrative override from the configuration window.
Note. If MTA Domains is turned on in DBMA BUT IF YOU HAVE NOT YET CONFIGURED YOUR MTA, it has ZERO EFFECT.

Do this from "Configurations" Window

Perform this task *after* you are connected to the database you will be administering.

1. Change the Option Value toUse DBMA MTA Domains 1=YES, 0=NO

2. Press

3. Press and DBMA will create the table within which your domains will be stored.

4. You should now be looking at the list of domains stored in your database in the "My domains" panel of the DBMA Main window.

5. DBMA will automatically add a domain to the DBMA_MTA.mydestination row for every alias you will or have already created.

You must remember to add an alias for the FQDN of the host (to PREVENT LOOPS) and any other name the host goes by. As well, the postmaster@ the domain literal: the IP address of the mail host (i.e.: postmaster@xxx.xxx.xxx.xxx) is a requirement of all mail servers.

Once MTA Domains is initiated, the Configurations Window will always have a section for adding and deleting domains. Otherwise the process is automatic. This is a good place to add $myhostname if it is not already among your postmaster or pseudo-account aliases. (IT SHOULD BE: Postmaster must accept mail at the domain literal, and at each host name by which the server can be accessed.).

Obviously if you are trying to delete a domain, and it is still in among your aliases, it will return right back again. (Keeps your setup clean.) If you add a domain, it will stay there in the database until you delete it. If you delete a domain

6. Finally you must configure your MTA to use MySQL for the domains it is the final destination for. Examples are set out below. Try to use multiple servers (primary plus mirror, whatever you like) to avoid a Single Point of Failure (SPOF).

If you have arrived here having completed the above configuration; congratulations, sort of.... Nothing here works unless your MTA is compiled *--with-XXsql* and configured to use MySQL or PostgreSQL . The domains stored in the 'DBMA_MTA' table are automatically derived from your aliases as well as those you may enter manually from here. If your mail transfer agent is configured to use this DBMA SQL feature, these are the domains for which your MTA will accept mail. The syntax of wildcards, IPs or domain literals is identical here to what you would use in your MTA config file. Please check your MTA documentation if you are in doubt. Consult with your System Administrator for DNS and other related issues.

Add or Delete Domains:

Should a domain continually reappear even though you wish that domain removed, that is your warning that a user still has an alias using the deprecated domain and apparently is expecting mail at that address. Remove or update the old alias.

Mailbox Transport:

Each DBMA_MTA destination domain has a transport configuration attached to it. A default is already created to use dbmail-lmtpd on port 24. The DbMail lmtpd is an awesome transport; use it if possible. Change it at your discretion to enable the use of anti-spam, anti-virus, mail-policy, or the DbMail SMTP daemon (and a million other possibilities). You do this by editing the transport table which is displayed beside each domain below. Type what you want and press edit.

Re-Create MTA_Domains deletes your Custom Transports

If you feel that your MTA_Domain list is in error, search out the old aliases which have spawned a bizarre 'destination' domain and update or delete them. This is a very good way to keep your database tidy. If for example you mistyped an email address with mypoodle.com instead of mypuddle.com your 'poodle' now has a domain in your MTA-Domains and your MTA now thinks it should be accepting mail for the dog :o)
It's a good idea to scan your MTA domains every so often on the DBMA Main Screen. When you spot a 'wierd' domain that doesn't belong there, scan through the alias list to fetch out the errant 'typo' entry and fix it in the appropriate User Account Window. It's fairly important to keep your database as clean as possible. That "button" you first used to create your MTA_Domains will do it again for you. You may recreate the table as often as needed by pressing the "Create.." button. Consider that to be an "eject button" because it will remove all your self-added domain literals and revert to default all your mail transports.

The default 'transport' is:

dbmail-lmtp:127.0.0.1:24

Setting Up Transport

in main.cf:
=========
mailbox_transport = mysql:/etc/postfix/transport.cf 
transport.cf
===========
user=dbmail
password=dbmail
dbname=dbmail
hosts=127.0.0.1
table=DBMA_MTA
select_field=transport
where_field=mydestination

Checking this in Postfix we'll use the 'Postmap' command. From the command line type the following substituting a domain you know to be in the database.

The command line:
% postmap -q localhost mysql:/etc/postfix/transport.cf

will return:
% dbmail-lmtp:127.0.0.1:24

Postix's 'master.cf' needs a little configuring. If you don't have something like the following in master.cf, you should. Please check the documentation for your MTA type and version to fully understand its configuration needs for using XXsql configs. It is also possible to set up some fairly fancy to do multi-domain hosting with 'virtual transport domains' and 'virtual mailbox maps' using the DBMA_MTA tools. We'll get you started on the basics.

master.cf
========
dbmail-lmtp unix    -   -       n       -       -       lmtp
dbmail-smtp unix    -   n       n       -       -       pipe
        flags=  user=dbmail:dbmail
        argv=/usr/local/sbin/dbmail-smtp -d ${recipient}

Examples of 'literals' and '$wildcard' domains to be entered manually:
(You wouldn't necesarily use them all.)

$mydomain 
mail.$mydomain
$myhostname 
[127.0.0.1] 
[192.168.100.20] # Example LAN address if applies
[216.239.57.107] # Example WAN address if applies

mydestination in Postfix:

main.cf
---------
mydestination = mysql:/etc/postfix/mydestination.cf

You can also do this in main.cf to avoid SPOF if no mirror DBMS is available. Check your Version's documentation for syntax

mydestination = mycriticaldomain.com
 myothercriticaldoman.com
 mysql:/etc/postfix/mydestination.cf

mydestination.cf Postfix Pre-Version 2.2
----------------
user = dbmail
password = dbmail
dbname = dbmail
hosts = 127.0.0.1 192.168.1.1 # Add your replicating mirror DBMS to avoid Single Point Of Failure
table = DBMA_MTA
select_field = mydestination
where_field = mydestination

mydestination.cf Postfix Version 2.2 and newer
----------------
user = dbmail
password = dbmail
dbname = dbmail
hosts = 127.0.0.1 192.168.1.1 # Add your replicating mirror DBMS to avoid single point of failure
query = SELECT mydestination FROM DBMA_MTA WHERE mydestination like '%s'

Hopefully it may help you to configure Sendmail, Exim and other MTA's knowing the Table Schema added to the dbmail database:

CREATE TABLE DBMA_MTA (
mydestination varchar(35) NOT NULL default '',
transport varchar(128) NOT NULL default '',
UNIQUE KEY mydestination (mydestination)
) TYPE=MyISAM;

+---------------+--------------+------+-----+---------+-------+ 
| Field         | Type         | Null | Key | Default | Extra | 
+---------------+--------------+------+-----+---------+-------+ 
| mydestination | varchar(35)  |      | PRI |         |       | 
| transport     | varchar(128) |      |     |         |       | 
+---------------+--------------+------+-----+---------+-------+

The advantage in handling this from the database is that you do not need to reload postfix when a domain is added or removed. Postfix, and likely other MTAs lose performance in such a case. Also you will have a single action capability of adding domains just by creating an alias. As an Administrator, anything that puts management and control of events more firmly in your grasp, is a move forward.

DBMA MTA ACCESS
For fine-grained tuning or as a complete replacement for your MTA's access lists, this tool will replace optional MTA config flat files like access, sender_access, client_access, helo_access etceteras. The DBMA_MTA_Access table contains two fields of importance: a.) 'sender' and b.) 'action' directive. The 'sender' field in any case would contain the domain or IP address requiring action. The 'action' directive could be one of at least three directives: a.) REJECT, b.) OK, c.) reject_unverified_sender with the option of using any text string your MTA understands (i.e.: error code plus message) in the latter. In simple terms this is your global white-list/black-list resource. How you use it is is a matter of your preference. The following examples for Postfix may make this decision clear for you right away as you compare what follows to your current configuration: in Postfix's main.cf =================== smtpd_recipient_restrictions = .../ check_client_access mysql:/etc/postfix/DBMA_MTA_Access.cf, check_sender_access mysql:/etc/postfix/DBMA_MTA_Access.cf, check_recipient_access mysql:/etc/postfix/DBMA_MTA_Access.cf, \... where DBMA_MTA_Access.cf looks like: DBMA_MTA_Access.cf ================ user=dbmail password=dbmail dbname=dbmail hosts=127.0.0.1 table=DBMA_MTA_ACCESS select_field=action where_field=sender Checking this is easy with Postfix. From the command line type the following substituting a "sender" domain you know to be in the database, or enter one first using DBMA MTA Admin. The command line: % postmap -q evilhackers.com mysql:/etc/postfix/DBMA_MTA_Access.cf will return: % REJECT Sendmail and other MTAs have a catchall access file where Mail relay access is controlled. The Default is to reject mail unless the destination is local, or listed in /etc/mail/local-host-names but you can control that further with the 'access' file. This is another case where DBMA_MTA_ACESSS can be a replacement. Enter the 'sender' domain and type the 'action' directive in the 'other' text box and you will be able to create in effect what follows: FREE.STEALTH.MAILER@ 550 We don't accept mail from spammers another.source.of.spam REJECT okay.cyberspammer.com OK 128.32 RELAY The database table for DBMA_MTA_Access may eventually contain hundreds if not thousands (hopefully not!) of domains you may wish denied access or specifically whitelisted. The Unique key for 'sender', the domain or IP needing an action makes this method most desireable over flat files contained within your MTA configuration namespace. If you enter a domain or IP already contained within the database, DBMA will determine that fact and update the action for you. For that reason you do not need to 'pull' a list of senders and actions every time you administer this tool. The fact you are opening the GUI would indicate that the sender is not already on your reject list and needs attention. Nevertheless you can select the option to view all rows within the database and in some cases you could go and pour yourself a coffee and wait for the page to load if you have blacklisted whole countries by individual IPs :o) on one of those 'bad-email-days'. The DBMA_MTA_Access database table looks like this in MysQL, a little different in PgSQL: CREATE TABLE DBMA_MTA_Access ( myid int(5) NOT NULL auto_increment, sender varchar(128) NOT NULL default '', action varchar(25) NOT NULL default 'REJECT', PRIMARY KEY (myid), UNIQUE KEY sender (sender) ) TYPE=MyISAM COMMENT='MTA acces table' AUTO_INCREMENT=1 ; +--------+--------------+------+-----+---------+----------------+ \| Field \| Type \| Null \| Key \| Default \| Extra \| +--------+--------------+------+-----+---------+----------------+ \| myid \| int(5) \| \| PRI \| NULL \| auto_increment \| \| sender \| varchar(128) \| \| UNI \| \| \| \| action \| varchar(25) \| \| \| REJECT \| \| +--------+--------------+------+-----+---------+----------------+
EXPERIMENTAL Auto Replies
I caution you AGAINST using DbMail's Auto Reply function on a public-service production machine. Including this tool in DBMA may improve the safety of Auto Reply if you abide the warnings. Since DBMail 2.0.1 was released, DbMail's Auto Reply has come to look like a contender, a little rough around the edges, but a powerful tool. It will not, however, discern that you have made a horrible loop error in your setup and it will unrelentingly execute any furocious mail loops you unwittingly create. This can escalate to a multiple Denial of Service (DoS) attack against yourself and others which will LIKELY cause considerable grief. Please be careful, and don't be DoS-ing anyone but yourself. Be wary of configuring auto reply for accounts which might be system accounts, aliases for root, postmaster etc, any of which could be sending mail to each other. Let me give you an example: Let's say you declare "Bobby" the person who should get root's mail in your systems /etc/mail/aliases (or whatever) file. You also have postmaster and MAILER-DAEMON aliased to root which in turn points to "Bobby". You are Bobby and you decide to go on vacation. You create an Auto Reply, "Sorry, I am away. Back soon... blah blah". AND, your pal, Administrator "X" is also going on vacation and SHE would like YOU to make HER an auto reply too. She's also got some pseudo-accounts aliased to her mailbox. "Sorry I am away on vacation...blah blah. Dum de dum and away you go. Nothing cares that you are on your vacation, nor with who, nor the fact it's your lucky break of a lifetime. From the time of the first notice message mailed from root or one of the pseudo-accounts it will begin; a storm of emails as fast and as furious as your super-deluxe quad-Itanium2 data cruncher can send them (if you are lucky its just a clopped-out, over-flogged pair of Pentium IIs which will take its time filling up your new ten-terra-byte, database file server.). Hopefully the air conditioning system can handle the heat in the server room. Epitaph: This is another reason why I push "Every user should have their own account. It's not a must but it's a best practise, within reason." Also, its how you start fixing this problem. Auto Reply is applied to the user_idnr; the User Account, NOT THE ALIAS. You didn't just create an Auto Reply for "Bobby", you created an Auto Reply for abuse, bin, daemon, dbmail, decode, dumper, exim, ftp-bugs, MAILER-DAEMON, manager, named, nobody, operator, postfix, postmaster, uucp, www ... etc. Each one is now on vacation and will promptly send carefully crafted "Sorry, I am away. Back soon... blah blah" email messages in a flash response to the from addresses of every sender, including each other, all pointing back to your mailboxes: all happening until the quotas are used up at which time your MTA starts queuing the messages in system flat files for the postmaster, for the webmaster, for the MAILER-DAEMON, for support, for abuse, etc... and so on. Well, how would you do it and make it all work? There are several solutions. Here is the simplist. This is both technical and procedural. Open a User Account Window for the mail user wanting an auto-reply. Check what if any aliases it may have. If it has institutional or pseudo-accounts aliased to it, move those aliases to point back to their own mailboxes. (For example, if webmaster was aliased to "Harry", delete that alias in "Harry"'s account and then open webmaster's account which heretofore had no email addresses or aliases and create the alias for "webmaster" in "webmaster's account".) Once all the aliases except 'mailuser @ yourdomain.tld' are removed, go to the DBMA Main Screen and select list all forwards. Then delete the forwards for this account. This is somewhat redundant but you should do it anyway. Double check everything by selecting "all Aliases in this Group" for this user's group number. The only way something would appear there for this user is if it is old, stale junk pointing to the user's ID number; some alias was once misspelled and ever since has been overlooked. Those can come back to haunt you. Now you can go to the User Account Window for this user and complete the auto reply form. You first select and remove the instructional text, typing in what you want in the message, and then press the Create Auto Reply" button. The User Account Window will return showing the new setting. Check that it is as you intended. Now click the "Modify 'user' Account" button and when the Modify User Account Window opens, click on "Send 'user' A Messsage". A new window will open with preformatted text which you will alter to have your address as the from address and text to explain what you have just done. Press "Send" and a new window will open saying "OK.. message sent etc": You need to remember to turn off this Auto Reply at some date and time so put that information in the subject line. Send it again, this time to yourself. Now check your mail box for both an Auto Reply message and the one you sent to yourself. Send another message from your MUA to the account and make sure you get an Auto Reply. That Auto Reply you got looked great, didn't it? (If you receive an Auto Reply with a nicely formed header including From: and To: lines that make sense, skip to the next line as this is outdated.) Is it some shmozzle "From: <unknown>@" about "AW" ? Hmmm. How are your 'C'-scripting talents. Here's another quick fix. Time to edit pipe.c in the install directory for your DbMail. Search and destroy that AW replacing it with "Auto Reply" (no quotes). In the line above it hard code a return address like "autoresponder@yourdomain.tld" in place of the "NULL"(unknown)"NULL" at the end of the line. Replace (unknown) and leave those quotes in place. Now make clean and rebuild, you hacker. See, you're good. You should join the team. But first open up your /etc/dbmail.conf and make sure Auto Reply is turned on. It likely isn't. While Auto Reply is in place for this single user, keep a watchful eye (as in "Watch Like A Hawk") on the account and turn this Auto Reply off as soon as that time arrives. There is an inherent danger in this function in any application inasmuch as careless use could bring your system down as it DoS-es itself in a furious mail loop. That's not the worst scenario. You should really know what you are doing before you try this. I mean think it out carefully first and read a little. Some users have made Auto Reply in DbMail work nicely for their specific purposes and in its latest form it is a good experimental platform to be used for administrative and test purposes. Maybe you are a coder and have some improvement ideas to contribute to dbmail.org. I think this could be made better without too much effort. Likely one good volunteer is going to make the difference. Then this 'chapter' of the HELP page would become something simple like, "Oooh you just type some stuff and press a button." :o)