In my previous post, I discussed how to get automatic procmail integration working with Plesk, to let you set up procmailrc rules to sort mail into folders. At the end of the post, I mentioned that it would be nice to figure out how to get Plesk’s version of Ingo set up to generate the rules for us automatically. Well, turns out it’s pretty easy! Once you set up procmail (as described in my previous post), and make the changes after the break to your Ingo config, any filters that users define via Plesk’s Horde/Imp/Ingo implementation will become server-side rules automatically. It’s surprisingly easy, and extremely versatile! The one downside is that if you edit the procmailrc files by hand, and then save rules in Ingo, your changes will be overwritten.
First, you need to set a password for the ‘popuser’ user, and remove the user from ‘/etc/ftpusers’. This will allow Ingo to FTP into the system as that user, and update procmailrc entries.
Then, you need to edit the Ingo config. For some reason, Plesk 9’s Ingo package for Debian has config files in two locations:
/etc/psa/webmail/horde/ingo/backends.php
/etc/psa-horde/ingo/backends.php
I’m not sure which one actually gets used, so I created a symlink:
# rm -f /etc/psa-horde/ingo/backends.php
# ln -s /etc/psa/webmail/horde/ingo/backends.php /etc/psa-horde/ingo/backends.php
Then, we need to edit this file. There should be a default entry that looks like:
/* IMAP Example */
$backends['imap'] = array(
'driver' => 'null',
'preferred' => 'localhost',
'hordeauth' => true,
'params' => array(),
'script' => 'imap',
'scriptparams' => array()
);
That’s not going to do anything for us, so nuke it. Then, copy and paste the entry below:
$split = explode('@', Auth::getAuth());
$backends['procmail'] = array(
'driver' => 'vfs',
'preferred' => 'localhost',
'hordeauth' => 'false',
'params' => array(
'vfstype' => 'ftp',
'hostspec' => 'localhost',
'filename' => '/var/qmail/mailnames/'.$split[1].'/'.$split[0].'/.procmailrc',
'port' => 21,
'username' => 'popuser',
'password' => 'password'
),
'script' => 'procmail',
'scriptparams' => array(
'path_style' => 'maildir',
'variables' => array(
'MAILDIR' => '/var/qmail/mailnames/' . $split[1] . '/' . $split[0] . '/Maildir',
'DEFAULT' => '${MAILDIR}/'
)
)
);
Simply change the password entry to the password you set for popuser. Then, log out of webmail and back in, set up a filter, and it should have updated the procmailrc entry for you. It’s magic!
Again, if this is useful or if you have any questions, please leave me a comment!
Possibly related posts (auto-generated):
{ 1 trackback }
{ 11 comments… read them below or add one }
If you use squirrelmail to provide webmail, there’s a plugin that allows users to manage their own procmailrcs.
and lastly, qmail? really?
Ya, Ingo is the Horde plugin that manages procmail, sieve, etc. The hard part isn’t managing procmail; it’s getting it to work properly under Plesk without breaking anytihng else. ;) I’m actually using Postfix; Plesk just didn’t support it until 9.0, and still stores the mail in /var/qmail/mailnames, even though qmail is not used at all.
OFFTOPIC:
Yes, way offtopic ;)
But since I have crossed you blog / articles often in the web ( and found no email address), I decided to ask in your blog. Sorry for the intrusion. By any chance, have you ever tried/managed to set up a IPSec VPN between Linux and a SonicWALL vpn router? If you could spare some tips (for free :) I’d be glad to hear about it.
I’m afraid not. ;( It’s actually been a few years since I’ve really done a whole lot with IPsec, new job just doesn’t demand it like my old one did. ;) However, I know it’s been done.. have you tried the Openswan lists?
Isn’t it unsecure to save the password of ‘popuser’ in plaintext directly in the backends.php?
Are there a posibility for a hacker to reach the password?
What can a hacker access if he has the password of ‘popuser’?
Unfortunately, this is the only way I’ve been able to make this work. It is slightly insecure; however, you can set the perms on that file such that nobody on the system will be able to read it but root and the mail daemons. This is a weakness in the way that Horde does things.
Thanks for answer.
There is an intresting way to write the .procmailrc with ftp and the auth-infos of the mailuser (mailaccount username and password).
http://www.thorti.de/procmail-web-frontend.html
Sorry thats in german but I can translate it if its necessary.
They are using pureftp and an auth-script to get the mailaccounts password from the MySQL-DB. Qmail is saving the mailaccount-password in an MySQL-DB.
I think thats much more secure because there are no passwords in plaintext and the user can only reach via ftp the direcory where its own mails are stored. I only have to edit the auth-script for pureftp to get it working with Postfix. The only problem I have, is that I don’t know where Postfix is storing the passwords for the mailaccounts. Do you?
If I’m able to get it work with Postfix, I will translate the howto in english.
Hello,
i installed your .procmailrc sript, it’s run and create the .procmailrc. Fine!
I give popuseruser a password and delete it from /etc/ftpusers
Then i edit the file :
/* IMAP Example */
$backends['imap'] = array(
'driver' => 'null',
'preferred' => 'localhost',
'hordeauth' => true,
'params' => array(),
'script' => 'imap',
'scriptparams' => array()
);
$split = explode('@', Auth::getAuth());
$backends['procmail'] = array(
'driver' => 'vfs',
'preferred' => 'localhost',
'hordeauth' => 'false',
'params' => array(
'vfstype' => 'ftp',
'hostspec' => 'localhost',
'filename' => '/var/qmail/mailnames/'.$split[1].'/'.$split[0].'/.procmailrc',
'port' => 21,
'username' => 'popuser',
'password' => 'mypassword'
),
'script' => 'procmail',
'scriptparams' => array(
'path_style' => 'maildir',
'variables' => array(
'MAILDIR' => '/var/qmail/mailnames/'.$split[1].'/'.$split[0].'/Maildir',
'DEFAULT' => '${MAILDIR}/'
)
)
);
But ingo didn’t write the new procmailrc file. I can login with the ftp password. So where is the problem and how can i solve it :-(
Stefan
To confirm, can you FTP to localhost as ‘popuser’ with the password you set? If so, can you change to /var/qmail/mailnames//, and upload a .procmailrc file manually?
If the above works, great! Next step – did you either update backend.php in both of the locations I mentioned above, or symlink them together?
Of course, i can change the file with put.
I don’t have the folder /etc/psa-horde…
Hmm, must not be on Debian/Ubuntu, or maybe they fixed their packaging.. :) Try doing a find in / for ingo, and then look for backend.php in multiple locations.
There are also ways to get ingo to turn on debug logging; the Horde FAQ’s should have info.