Back to DBMA | Installation Help | FAQ
DbMail Administrator (DBMA) Main Menu Help
Global Mail System Administration

Are you having trouble? Send an email message for help.
Search Online Help

The best place to perform most functions is from the User Account Window

Index

  1. There are seven Help Resources accompanying this software, including search (above).
  2. DBMA functions in three primary regimes:
  3. Adding Users
    • See also "Configuration" or "Speedups to accelerate the process of adding users."
  4. Adding Aliases
    • See also User Account Window
  5. Auto Replies
    • Vacation
    • Please heed warnings about mail loops.
  6. Blind Copies
    • Using the "Forward" or "Edit" forwards function to create BCCs
  7. Configuring DBMA
    • All configuration is done from the GUI
    • DBMA can be 'Hard-Coded' by root to restrict access to a single Group Admin.
  8. Database Cleanup
    • Fix or accelerate delete status
    • Remove 'orphans'
    • Delete unattached old mail
    • Correct error's in Group Assignments of Aliases
  9. DBMA MTA Admin
    • Administer Postfix, Sendmail, Exim etc. from DBMA
  10. DBMA MTA Access
    • Whitelist / Blacklist in real time without restarting your MTA nor remapping hashes.
  11. Deleting Aliases
    • Deleting all of a user's aliases in one action.
    • Editing, or single deletions.
  12. Deleting Users
    • Removing users completely from the system
    • Removing entire Groups of Users
  13. Finding Users
    • Smart search finds the user and opens a User Account Window
    • Works with user name or full address as account name
  14. Forwards
    • Creating BCCs
    • Converting a forward to an alias.
    • Move an alias from one account to another
  15. Forwards - Deleting or Editing
  16. Forwards - Listing
    • List global mail forwards
  17. Limiting List Displays
    • For larger enterprises
  18. Listing Group Aliases
    • Focussing on single groups of users
  19. Listing Global Aliases
    • Find: Orphans
    • Forwards
    • Display every entry in the alias table
  20. Listing Group Users
    • Open a full featured administration window accessing all user accounts in a given group
  21. Listing Global Users
    • Open a full-featured adminstration window listing all users on the system.
    • Limit list size for larger enterprises
  22. Listing Global Notifications
    • Notify someone when new mail arrives.
  23. Redirecting Aliases
    • Recycle existing aliases
    • Redirect mail to internal or external destinations
  24. Sending Mail Notifications
    • Notify external or internal recipient when mail arrives on any selected account
  25. Messaging users.
    • DBMA both sends and receives mail
    • Notify users of quota increases, password changes etceteras.
    • Send mail anywhere on the planet from DBMA
  26. Password Encryption
    • Several tools both explain and automate password encryption in the database
    • Note: SASL Users must turn encryption off and use plaintext passwords in DbMail
  27. Removing Notifcations
    • Remove mail notifications from the User Account Window or from Global Admin (Main) Window
  28. Recent Logins
    • Track recent logins
    • Check for and monitor abandoned accounts
    • Monitor User IPs and POP/IMAP before SMTP security issues
  29. Sending Mail
    • Send Mail GUI available from "Modify (User) Account Window or Global Admin (Main)"
  30. Sharing Mail Folders (ACLs)
    • Full featured IMAP Shared Folders
    • Complete control and management of user access rights
    • #User and #Public shared mail folders
  31. Speed-Up Tools
    • See also "Configuration" for a number of one-time-use automated processes for speeding up system building and migration
  32. User Account Window
    • Most administration will be done from the User Account Window
      and the "Modify User Account" window
    • Creating mail notifications
    • Sharing #User Folders
    • Adding or Removing Access to #Public Shared Folders
    • Creating or Editing Aliases
    • Adding forwards
    • Adding BCCs
    • Changing Encryption Types
    • Changing Mail Quotas
    • Changing User Passwords
    • Changing User Group ID
    • Modifying or Deleting User Account
    • Monitoring qutas
    • Mail header and body search and access:
    • for finding and UNdeleting a critical message a user inadvertantly deleted;
    • troubleshooting mail headers when a delivery breaks;
    • evaluating anti-spam/virus software deployments;
    • reading your administrative mail;
    • running 'echo' mail tests....
    • providing help-phone assistance to users in the identification or removal of SPAM, 'message-jams', viruses; and so on....
  33. User Mapping
    • User mapping allows a wide range of user management. Block a user's access altogether as in turning off an account. Specified users can be allowed IMAP only or POP only. Login format can be re-mapped. This is where you do that.
General Functions
Find Users and Open User Account Window

DBMA User Search

There are many styles of username. It can be "first_part@last_part"; it can be "first_part" only; just a number; a first and last name; a first and last name seperated by a dot or an understroke; and many other permutations.

DBMA User Search seeks a specific user -- the one whose account you wish to administer. Nothing else. The result will be a User Account Window or a "cannot find it" message.

DBMA User Search will seek a user using any specific information input that is tied to the user directly. That includes the user's name, the user's number or one of any number of the users email aliases. You can enter a user number (user_idnr) or a name (userid) or an alias (as in full email address) to fetch an Account Window for that user. If you enter an email address that is not in fact a username but is in fact an alias of a user (i.e.: user john has alias [email protected]) DBMA will server the User Account Window to which that alias is currently attached.

This search function appears throughout the various GUI windows. It will open a User Account Window if it finds the user you seek. From that account window you can manage the user's account, deal with message issues, email the user, search mail, manage aliases, ACLs, passwords, mail quotas, encryption, and more.
General Functions from a User Account Window
List Group Users)
This is the primary tool for listing users in the RestrictGroup configuration. Enter the group number to list all users in that group. This function appears throughout the various GUI windows in all versions. In the Main Menu window a drop down list of all the groups stored in the database will default to the default group and allow you to select any other group stored in the database.
List Group Aliases
General Functions from a User Account Window
Select the group number on the Main menu from the drop menu to list all aliases in that group (hard-coded in the Restrict Group configuration. This function appears throughout the various GUI windows.
Users
Add User
Open a user interface for adding users. Users This function has a number of preset default options which can be set from "Configuration". Default presets include auto-generate password, auto-generate alias, group, and password encryption method. FEATURE NOTE: When auto-create alias has been set to "1" in the 'Configuration Options', the 'Add User' interface recycles after typing the user name and pressing "Add New User". In this manner even a large group of users can be populated into the database in minutes. Otherwise, if the auto-create processes have not been configured, the Add User function causes a proof-reading and modification window to open with the new data set out.

When adding a user and alias, DBMA will check the RFC compliance of the email address. (Note: You do not have to set an alias at this time.) If for some reason, like a fallback alias for a LAN (i.e.: @LANdomain.int), you can bypass the alias checking "on" Force Bypass RFC-Compliant Alias Check. This is generally not a good practise for production systems.

Delete User / Group
Open an interface to delete a single user or an entire group of users. You need to know the name or ID number of the user. Deleting users can also be done from Group Lists or from the User Account Window.
Email A User
Send an email to any user. Be careful not to send the user an encrypted password. It won't do them any good. This feature allows a notice to be sent to the user when a mail quota has been reset, a password changed, or any administrative function you may wish to advise the user about.
Aliases
Add AliasesAliases
Opens a user interface to add an alias for a user. This is most rapidly performed from the "Modify User Account Window" or from the Group List.
Global Administrators can also add a domain alias for an entire group from this window. This will work in either case where the user name is stored as a single name or a full email address.
Delete Aliases
Opens a user interface to allow deletion of specific aliases.
List All Aliases
List all aliases and forwards in the database. DBMA will seek out and if found display at the top of the list any 'Orphan' aliases it might find with options to edit or delete them. Aliases and forwards are also listed, limited in number to (default 200) what is set in the "Show X Lines" block.
Forwards
Add ForwardForwards
Select Add Forward.

Like everything else, the best place to perform user administration in DBMA is from the User Account Window. Ideally you would type the user name into the Search Box and go to the User Account Window. Select "Modify.." to adminster the key elements displayed before you. Alternatively, you can use the global "Add Forward" function. By selecting the "Add Forward" option from the Main screen, you will open a panel in which you must type all entries somewhat blind. If you are sure of the 'from' and 'to' address you wish to use, that will work fine. DBMA will only recycle existing email addresses. This current DBMA functionality and methodology is derived from DBMA-users experience where a forward is most often a decision to shift delivery from one place to another, hence, recycle the working alias--add more if needed. It is also a great way to to do BCC's. DBMA will check that the email address in the "From" box is valid and located on the system. For the "Foward to:" parameter you can enter a user name, a user number or an email address. DBMA will verify both user ID numbers and user names.

Some people confuse Aliases with Forwards. If for example, you have an account named "Webmaster" and you want user "billy.bishop" to receive the mail for webmaster, this is better achieved as an Alias. There is less room for error in this management method. To create that alias, open the User Account Window for billy.bishop, select "Modify billy.bishop's Account" and create the "webmaster" Alias there.

Here is an important note about editing forwards. This is the real pay-off for reading the help files. Any place you see "edit" or "forward" beside an email address, you have the opportunity to send mail for that address anywhere you like. You can even convert the forward back to an alias for any account. Make sure that you have the "From" address correctly entered -- DBMA validates on the basis of the alias ID number and will send you back to the start if there is no match on the system. Next, you can enter a username, a user ID number or an email address as the recipient ("Forward to:"). DBMA will check if the user number or name exists on the system and give you a final option to edit your entry before commiting. Lets say you have a mail forward for "webmaster" delivering mail to [email protected]. Bobby is heading out for vacation and you now want to redirect mail back to the webmaster's account. You simply type "webmaster" in the "Forward to:" text box and DBMA will convert the forward back to an email alias for 'Webmaster'.

Beside every alias listing in the Modify User Account Window, is a button labelled "Forward". That also means EDIT. If you want to move an alias over to another account, select "Forward" and instead of typing an email address in the deliver to box, enter the user name of the account you wish re-assign that alias to.


Creating BCCs (Blind Carbon Copies)
Go to the User's Account Window in DBMA (DbMail Administrator), press 'Modify' and create two identical aliases (click click) then scroll to one of the duplicates, selecting "forward" and type the mail address, user name or user ID number you want the BCC to be sent to. Done.

Delete Forward
Open user interface to delete a mail forward.
List All Forwards
Open user interface to list all mail forwards. From you can either edit or delete items.
Mail Notifications
Add Auto NotifyMail Notifications
This also is best done from the User Account Window. By selecting "Add Auto Notify" from the main window in the Global Admin mode, open a user interface to add a mail notification for any user. If you know the name or ID of the user, you can proceed. If not, open the User Account Window. When the user (established by the User ID number stored in the database, the "Notify Address" stored in the database is sent a "NEW MAIL" received notice.
From each User Account Window you can create auto notifications for that user.
Delete Auto Notify
Open user interface to delete a mail notification for a user.
List Auto Notifications
List all auto notifications.
Global Function
List All Users All Groups
List every user in the database. Be sure to set the number you want to display in the "Show x Lines block". Once your list is opened youGlobal Function can re-order the list (i.e.: Current Mail Size, Last Login etc.) in a manner of your choosing to locate the users you seek, or increase the number of lines to be displayed. If you have 10,000 users or more in your system, the "Show x Lines block" will be handy feature. In the alternative you can set "Show x Lines block" to a number larger than your user list and use that for all operations.
Database Cleanup
Look for all changes made by this tool in the statistics column (bottom left) as: "Number of deletes pending".

1) First DBMA will match aliases to users and fix client_idnr (GroupID) where the alias has the wrong client_idnr (GroupID).

2) Through a serious of SQL queries and commands, DBMA sets message status 003 for all mail marked for deletion. That will escalate the deletion process. Status for messages flagged for deletion in some cases could be 000, 001,or 002 depending on the DbMail version you are using. As well as clearing up some previous issues with older DbMail versions this tool accelerates the cleanup process nicely.

3) DBMA also marks for deletion any completely orphaned messages having no mailbox nor owner. These orphans can occur due to vagaries in the database or the DBMS and the type of database you are using. Broken or incomplete indexes or cascading routines can cause this to happen as well as administrative errors. This tool allows you to manually perform the function of a schedules crontab utilities run. Note: If DBMA finds some orphaned messages it will first set their status to 001. Your command line (crontab) utility will then escalate them to 002 then 003 then delete them. You can speed that up by selecting 'Database Cleanup' a second time, and any orphaned messages marked 001 will be escalated to 003 and deleted from the database on the next Utility/Maintenance run. This two staged approach takes into consideration that this is a very rare occurrence; is likely caused by manually 'messing with the database'; and the fact that you may have by other means deleted a user, giving you time to manually recreate that user at the proper user_idnr. In future versions, DBMA will fully delete these immediately after reporting what if any exist .

4) DBMA deletes all unattached (orphaned) mailboxes.

5) For MySQL only, DBMA runs a defragmentation on the following tables by performing a 'null' alter table operation:

            dbmail_aliases
            dbmail_users
            dbmail_mailboxes
            dbmail_messages
            dbmail_messageblks
            dbmail_physmessage
            dbmail_subscription
Logins Last X Hours
Check recent logins. Selectable by hours. Shows POP/IMAP4-before-SMTP data as well as users' last logins (most recent by hours). All user logins can be tracked and sorted in the Global or Group User lists.
Global Functions - Configuration
Configuration
Configurations
Open a "Configuration Window" to set all configurations and options. Do "Primary Configuration" first and then do your "Preset Options" to your liking, after you are connected to the database.

When you first link to /dbmailadministrator/DBMA.cgi, DBMA immediately and automatically checks permissions on several key flat-file databases installed with the programme. If DBMA is not able to read or write to its own DB files, you will be so informed. Corrective action should be taken immediately. Firstly: The directory hosting this programme ( /dbmailadministrator/ ) must be writeable by the user:group of the HTTP Daemon (www:www, nobody:nobody etcetera.) DBMA will actually tell you the user the HTTPD is running as. Secondly: the files within this directory must be owned by the HTTPD user. Thirdly, all executeables must be executeable (chmod 755 *.cgi).

Configuration: This is a first step in setting up DBMA. There is no code to open and edit. DBMA should fly up a 'Configuration Window' immediately after correct installation. Please use care entering your database configuration information. It will save you time. Read each item before committing.

Options: include a number of automated functions including but not limited to auto-create password for new users; auto-create alias for new users; what statistics to display and their refresh rate; the default domain; what features you would like turned on, and more. Configurations has its own help notes in the Configuration Window. Come back to this resource for more detailed help on the features.
Encrypt Help
Opens a help window and encryption tool to explain and demonstrate the encryption methods used in DBMA. This is an interactive Help Tool which makes no changes to your system.
Show x00 Lines
Sets a maximum number of lines to display in lists. Important for very large mail systems.
Go!
Execute the 'checked' selection you have made.
Clear
Clear all 'selects' and statistics.
Global Functions - Access Control Lists
ACL / ACL List
IMAP4 Access Control Lists (ACL's) (RFC 2086) provide the option to share IMAP4 folders. If you do not have any shared folders, this is your tool to create them. DBMA first checks your system to make certain that the critical system accounts exist within Group 0. Since DBMA version 2.3.4 it is possible to delete the __public__ and 'anyone' account in order to create a 'start-over' scenario where ACLs have become somewhat botched by admin users 'hacking-in' with their ACL-aware MUA (Mail User Agents). It happens.

It should also be noted that within DBMA, the only person able to actually see full ACL permissions is the the global administrator with the ACList function.

Remember that once you have created the infrastructure and assigned some administrative rights (SETACL) to key trusted users, your Shared Folder Forest under #Users is likely to grow fast. #Public folders can be controlled exclusively by you, the Mail System Administrator, or you can give Administrative Access Rights to #Public/folders to trusted users or Group Admins.

How to Start Sharing Folders
Select "ACL" from the main screen. Type the name of the folder you wish to create and press "Create Shared Folder." DBMA will do the rest. DBMA will assign limited user access rights to "anyone". If "anyone or __public__ does not exist on your system, DBMA will create them for you.

The Global function screen for ACLs also has an Access Rights tool for manually adding a folder to a users ACL or updating any user for any shared folder. Be careful how you use this as it is a powerful and highly flexible tool.

Any User Account Window provides a means to manage specific user access rights to shared folders. You can permit users to have higher privileged access rights or even administration rights. To understand these rights, hold your cursor over the text block at the bottom which corresponds to the item for which you seek help. Or click help.

Once you have your shared folders set up and appropriate user rights assigned (for anyone), you will want to get your email client configured to subscribe to these folders. The internet is abound with opinions on what is the best email MUA (Mail User Agent - Email Client). If you are using Thunderbird or a fairly new Mozilla Mail, you are in luck. These MUAs will "subscribe" to the shared folders in a flash. You can drag and drop or copy to, move to or whatever you like in these folders.

Here is a usage example of IMAP4 Shared Folders. Let's say you have some pictures you want to show many people on your mail server. Create a folder or use what you have and create a message containing your pictures and save it in your drafts folder with a subject line "Pictures of me Winning The Lottery" or whatever. Next, select the email in your drafts folder and copy it to your "Common Shared Folder". Now 'anyone' has access. Hopefully your target audience is not using one of the ACL Shared Folders 'unfriendly' MUAs. You perhaps can share the following advice.

With Microsoft's Outlook Express and Outlook you will need to do a little coaxing. Select the account and click on "IMAP4 Folders". Don't try to first subscribe to #Public after you "Reset List". Instead, select just the sub folders of #Public and subscribe to them. Close the "Folders" window. Reset the list of folders. Next open "IMAP4 Folders" again and select #Public. Close. This two-step process of subscribing to the subfolders first and then later subscribing to the root #Public seems to work. You should be in business.

Sharing a Users' Folders
This is normally done with an ACL-friendly MUA but DBMA can help you create much of what the user can do from their MUA if it is easier to do it for them than explain how; or in the event that your user has made a mistake and you are on a repair mission.
In the drop-down display of available ACL-eligible folders in the User Account Window you will see all of the "#Public" folders plus all of the users folders. They are all eligible for sharing. Example for User Account Window for: Bob

#Public/common
bob/INBOX
bob/Trash
bob/Sent
bob/shared

If you select and add a set of Access Rights to "bob/shared", it will be available across the system under #Users but no one will be able to share it unless you assign Access Rights to additional users; or allow bob SETACL (Admin) rights for that folder and he can do it all for you.

You manage individual user rights from the User Account Window and manage #Public and #User rights from the global Access Control List Tools (select ACL on the Main Screen).
Assigning rights to #Users/folder can be done with the DBMA Access Control List Tools after the #User/folder has been shared from the User Account Window. The first step is to go to the User Account Window, create the shared folder by assigning the owner full Access Rights. Next you return to the DBMA ACL Tools and select the new shared #User/folder you created and one after another add the users needing access rights on this folder.

ACL Permissions set to 1-On or 0-Off
lookup: mailbox is visible to LIST/LSUB commands
read: SELECT the mailbox, perform CHECK, FETCH, PARTIAL SEARCH, COPY from mailbox
seen: keep seen/unseen information across session
write: STORE flags other than SEEN and DELETED
insert: perform APPEND, COPY into mailbox
post: send mail to submission address for mailbox
create: CREATE new sub-mailboxes in any implementation defined hierarchy
delete: STORE DELETED flag perform EXPUNGE
administer: perform SETACL

This Compares to the RFC 2086 - IMAP4 ACL extension definition
The ACL extension is present in any IMAP4 implementation which returns "ACL" as one of the supported capabilities to the CAPABILITY command. This is something DbMail does very well. It may be one of the best. An access control list is a set of identifier,rights pairs. Identifier is a US-ASCII string. The identifier anyone is reserved to refer to the universal identity (all authentications, including anonymous). All user name strings accepted by the LOGIN or AUTHENTICATE commands to authenticate to the IMAP4 server are reserved as identifiers for the corresponding user. Identifiers starting with a dash ("-") are reserved for "negative rights", described below. All other identifier strings are interpreted in an implementation- defined manner.
Rights is a string listing a (possibly empty) set of alphanumeric characters, each character listing a set of operations which is being controlled. Letters are reserved for ``standard'' rights, listed below. The set of standard rights may only be extended by a standards-track document. Digits are reserved for implementation or site defined rights. The currently defined standard rights are:
l - lookup (mailbox is visible to LIST/LSUB commands)
r - read (SELECT the mailbox, perform CHECK, FETCH, PARTIAL, SEARCH, COPY from mailbox)
s - keep seen/unseen information across sessions (STORE SEEN flag)
w - write (STORE flags other than SEEN and DELETED)
i - insert (perform APPEND, COPY into mailbox)
p - post (send mail to submission address for mailbox, not enforced by IMAP4 itself)
c - create (CREATE new sub-mailboxes in any implementation-defined hierarchy)
d - delete (STORE DELETED flag, perform EXPUNGE)
a - administer (perform SETACL)
acl help

Statistics and other Important Data
My Mail System
Provides a detailed account of your database including the number of: aliases, auto notifications, auto replies, deletes pending, mailboxes, message blocks, messages, physical messages, recent logins, users, and the database type.
My Domains
A listing of all domains used in aliases. You may see an additional listing here if you have "Use DBMA MTA Domains 1=YES, 0=NO" turned on. The second list is exactly what is stored on the DBMS for the use of your MTA. If the lists differ, it may be time to edit the your list on the database and remove the stale entries. If you are not using the "mydestination" option, if these are to be local accounts, make certain they are configured in your MTA. Here too is an opportunity to check against any spelling errors as they will show up prominently. If you spot a spelling error, select and copy the miss-spulled :o) domain and then select "List All Aliases" and do a browser search with the copied text. Then fix that alias and the user will starting getting mail again. (Checking spelling, though tedious, can be good thing.)
My Groups
1:) Shows every "group" of users (client_idnr) stored in your database.
2:) Which domains are in each group.
3:) How many users are in each group (if "Count Users Per Group" is turned on in Configuration)
4:) Total number of Groups and Users.

It is a wise idea to set aside Group 1 for pseudo accounts like abuse, postmaster, webmaster, privacy and so on. In that case, every domain on your system should appear in Group 1 as an alias to these pseudo-accounts. Here is where you can check this out. If you have seven domains then all seven should show up in your pseudo-account group. If not, fix it. Every domain must have a postmaster and abuse account to name just a couple.
Open Aliases
If DBMA finds an open alias (i.e.: @LANdomain.int) it will show WARN: fallback alias: *@domain.tld followed by what group it is in (i.e.: [3] ). This might need your attention if it is an error.
My DBMS
Status and process list for your DBMS. To appreciate this data requires a fairly good understanding of how your database management system (DBMS) works. Some or all of this information will be useful to you. Scroll to the bottom of the list to see the process list which will include information about all replication slaves and masters connected to this DBMS.
DBMA First Screen
User Account Window
This is the core of DBMA, our Mail User Account Window
This is why we do what we do in the mail side of IT. There are an estimated 750 million email accounts in the world in the early 2000s, and you are taking responsibility for mail delivery to and from many of them. In a nutshell, our job is to deliver their mail to their storage location. We are the new postmasters and these email account owners are our real customers. We'll treat them well.

The User Account Window (illustration below) is where you will spend most of your time so this is also where your DbMail Administrator (DBMA) is most feature rich.

From this Window you will most often jump to the Modify User Account Window.

Or you may have a user who is a magnet for viruses and unparsebale messages so you may spend time seaching for problem mail or tracking delivery issues, all of which are done from the User Account Window.

You can select and open user mailboxes for troubleshooting jammed mail, undelating mail accidentally deleted, tracking virus and spam issues, searching all mailboxes; adding or updating ACLs if your system uses that feature; creating an auto notification; sending the account owner a report of the changes accomplished in a mail message; doing what you do.


Mail box icons open to a Mail search, delete or undelete tool.
Mail search is available from any users mail box and the search will be conducted within that mail box. Look for the mailbox icon beside the mailbox name you seek and click it to open the contents list.

'Delete mail' sets the status flag to 003 so it is wiped out on the next maintenance pass. (Don't delete mail without cause nor permission.) All flags are visible in any mail box so an erroneously marked (for delete) can be spotted quickly. Individual mail can be undeleted or deleted; all mail in any mail box can be deleted or undeleted.

The "Modify" User Account Window allows you to edit the User Name; change the Password; change the Encryption Type ( plain, md5sum, md5 or crypt); Change Passwords; Change Mailbox Quota Size; and Add an Email Aliases.

If Auto Create User for New Alias in your configuration is set to "1", DBMA will generate the username for any alias you create which does not have an account. This specialized feature is intended for systems where the MTA relies on using the first_part of the email address to verify user exists and not the alias. The user created will have an unknown encrypted password. Mail will go to whatever account you have entered the alias for. An example of this useage would be in the Administrator's account where all admin mail will eventually go. By quickly typing a dozen or so pseudo-account aliases, like abuse, daemon, dns, noc, webmaster, privacy etceteras, you have created non-priviledged inaccessable accounts for each pseudo-account with all their mail going to the Administrator. It is also a precursor method for systems requiring some form of key-pair Authenticated Sender ID. The default is "0", off.

Here's an example of how it works, if configured "On". If you are in the Modify User Account Window for "Rick" and you add an alias for "[email protected]" AND there is no such user as "ricky", DBMA will automatically create the user with a NO ACCESS password only if this option is set to "1" in the Configuration Window". Why? Again, if your MTA is configured to lookup local recipients in the dbmail_users.uderid table and not the dbmail_aliases.alias table, you should create a user for every alias. It is done both ways today in the email world.

Every 'human' user should have an account. (Pseudo-accounts may be aliased in your MTAs aliases table or pointed to real human users with DbMail). The account may not even have mailboxes which receive mail, being aliased or forwarded to another account or system, but to manage users properly; maintain best practices; preserve privacy and security posture; every user should have an account whether they receive mail or not. This is how you keep track of employees coming and going; password terminations; maintain correct billing operations; manage mail quota's, track alias asignments, forwards and redirections, and so on. An email alias that would allow "Rick" to use his nickname "Ricky" is an example of an email address for which there may not be a corresponding user named "Ricky" It's Rick's account. If your MTA is doing username lookups on the first part of the email address however, you will need to create that account. When you create an email alias, you will be assigning it to an account with an associated action. It may then be forwarded to another server outside of your MTA domains. Know your system and how it works.

'User Account Window' with all features turned on. If you are not using features, turn them off in the Configuration Window to reduce the clutter.

User Account Window
Auto Replies
Only use Auto Reply in DBMail V 2.2.x or greater on a public-service production machine. In all this is a DoS vulnerability and can easily get away from its manager. DBMail V 2.2.x using LibSieve sets stop and start limits which is very good and provides a lot of protection. Set the stop date realistically and not ten years down the road. In any case it can cause you a lot of annoyance and even bring your system down. Be wary.
Auto Reply is a thing of the past. The world is more tuned to 'Hot Spots', PDA, e-phones, e-watches and text messaging. Auto replies make people crazy like the old, tacky, tape-recorded answering machines you can barely understand. Get a loop going with one of your pseudo-users aliased to an account you now have on Auto-Raply vacation and your email world will grow darker. You can have text messaging installed in your teeth pretty soon so you'll never miss a single message.
For those who must have AutoReply:
  1. Open a User Account Window for the mail user wanting an auto-reply.
  2. Check what if any aliases it may have.
  3. If it has institutional or pseudo-accounts aliased to it, move those aliases to point back to their own mailboxes. (For example, if webmaster was aliased to "Harry", delete that alias in "Harry"'s account and then open webmaster's account which heretofore had no email addresses or aliases and create the alias for "webmaster" in "webmaster's account".)
  4. Once all the aliases except 'mailuser @ yourdomain.tld' are removed, go to the DBMA Main Screen and select "List all Forwards".
  5. Delete the forwards for this account.
  6. This is somewhat redundant but you should do it anyway. Double check everything by selecting "all Aliases in this Group" for this user's group number. The only way something would appear there for this user is if it is old, stale, junk pointing to the user's ID number; some alias was once misspelled and ever since has been overlooked. Those can come back to haunt you.
  7. Now open a User Account Window for the user and complete the auto reply form. First select and remove the instructional text, typing in the message, then set the start date / stop date (DBMA automatically sets both dates to the current moment); and now press the "AutoReply" button.
  8. The User Account Window will return showing the new setting. Check that it is what you intended.
  9. To run a test: click the "Modify 'user' Account" button and when the Modify User Account Window opens, click on "Send 'user' A Message". A new window will open with preformatted text which you will alter to have your address as the from address and text to explain what you have just done. Press "Send" and a new window will open saying "OK.. message sent etc": You need to remember to turn off this Auto Reply at some date and time so put that information in the subject line. Send it again, this time to yourself.
  10. Now check your mail box for both an Auto Reply message and the one you sent to yourself. Send another message from your MUA to the account and make sure you get an Auto Reply.
User Maps
myname inet:10.0.0.2:143 myname
In the illustrated case above for "myname" where a user "myname" is given the
"allow" sockaddr of "inet:10.0.0.2:143 -- myname's account access is set as IMAP and the dbmail clienthandlers will know to use the imap socket:inet:10.0.0.2:143 for "myname" logins.


User Mapping
This feature is available in DBMail Version 2.2 and later.

User mapping has a diverse range of applications including IP, domain and username maps.

Usermapping in this case works on the basis of establishing a per-user sockaddr (example: inet:10.0.0.1:143) and passing it to the dbmail clienthandlers.

DbMailAdministrator allows you to configure user mapping in any manner and for any purpose you choose from the User's Account Window. Below are are just a few examples of how you might do this.

DBMA allows any ASCII character to be entered so any configuration you can make work can be implemented with this tool.

It is strongly suggested you be very specific about entering sockets and be wary of routed solutions where an outside IP is NAT'd to a LAN IP. In that case the socket on the LAN mail host is its LAN address, not the routed address and your socket would be something like inet:172.16.1.1:143 where routable IP xxx.xxx.xxx.xxx translated is 172.16.1.1


If myname is the account name (dbmail_users.userid) and you want the user to be able to login uniquely as [email protected] you would change the first (dbmail_usermap.login) name to [email protected] which tells dbmail clienthandlers " When [email protected] logs in, use dbmail_users.userid=myname and socket inet:10.0.0.2:143.

LOCK User Account
In the case where a user has been temporarily banned from using the system for fetching or managing their mail, select "LOCK" and press the "User Maps" button and they are locked out.

CLEAR User Maps
If you have made a mistake or wish to reverse an account lock you can clear the usermap settings to a one to one mapping (default) by selecting "CLEAR" and pressing "User Maps".

Example where there are multiple users wishing to have the same local name and where mail is delivered to mailboxes on the basis of an alias lookup. In this case it is fairly clear what the admin is doing. All of these "John"'s are on the same server, but different domains. User Mapping is helping this system do virtual domain mail in some of it's potentially trickiest parts.
Login Socket Deny Socket Deny Account Name
[email protected] inet:172.20.21.16:143 johnanderson
[email protected] inet:172.20.21.16:110 johnfrustaglio
[email protected] inet:172.20.21.16:110 john_reynolds
[email protected] inet:172.20.21.16:143 john_petrowalla
User Map Tool
col names: login sock_allow sock_deny userid
ANY inet:10.0.0.2:143 %[email protected]
1: Maps logins on single IP to an expanded form forcing first_part@domain logins even if first_part only is the stored username
ANY inet:223.223.223.1:110 %s
2: No users on IP 223.223.223.1 will be allowed access on port 110 (POP3)
ANY inet:223.223.223.29:143 %[email protected]
3: No users on IP 223.223.223.20 at domain.tld will be allowed access on port 143 (IMAP)
UserA UserA
4: For UserA above this provides one to one mapping regardless of IP address and port. "CLEAR" usermap results in this.
UserB inet:127.0.0.1:143 inet:10.1.1.1:110 UserB
5: UserB above will be able to logon to the specified IP address on port 143 (IMAP) but will be denied access on port 110 (POP3)
UserC inet:0.0.0.0:0 UserC
6: UserC above is denied all access. Selecting "LOCK" and pressing "User Maps" automatically sets these parameters for you.



DBMA MTA Admin

DBMA will continue to expand in the area of MTA Admin. Currently most MTA configurations can be managed by DBMA including blacklist/whitelist, access, helo_checks, transport, virtual domains and destinations.

DBMA MTA Domains and per-domain Transport Management

DBMA will store your domains (and 'transport') in the database within a table named DBMA_MTA if you select "1" (YES) in the Configuration Window's, Options section.

It is a blazing fast, simple way to manage virtual mail domains. Add a new alias with a unique domain and the MTA knows about it instantly. DBMA auto-extracts domains from email aliases and allows you to manually enter others.

The default configuration setting for this feature is "0" (NO). You must set this to "1" (Yes) to enable the feature and use the "Create DBMA_MTA Tables" button to create the necesary database schema. Then you must create one or two MTA configuration files (see below) (depending on whether you use both domains and transports or just MTA Domains). This applies for both MySQL and PostgreSQL; for any version of DbMail; and can be used for any MTA capable of connecting to an SQL DBMS. The table contains a domain name and a transport.

DBMA sorts through your system's email aliases and extracts the domain names. It sorts and filters, strips and compares and when a new domain is added to the system, it writes the new data into the database. DBMA does not write domains to the database unless there has been a change. You may manually add or delete domains from the 'DBMA MTA Admin :: Domains and Transports' window.

DBMA "My Domains" panel (Main) displays the current status of domains DBMA has found and stored in the MTA database table. Compare them and watch out for any spelling or typo errors which may have crept in.

What is this for? Your Mail Transfer Agent (i.e.: Postfix) can be configured to use this table as the list of domains that the machine considers itself the final destination for. Why is that a good thing? Because from then on, anytime a domain is added to your server via DBMA, all that is required of you is to enter the alias within the DBMA User Account Window, or Add User tool and your MTA immediately has the new domain and does not need to be restarted (which has a huge performance penalty); things happen faster, easier . Everything else after turning the feature on and reconfiguring your MTA to use your DBMA is automatic (apart from making the obvious DNS changes) while you have full administrative override from the configuration window.

Note. If MTA Domains is turned on in DBMA BUT IF YOU HAVE NOT YET CONFIGURED YOUR MTA, it has ZERO EFFECT.

Do These 7 Steps Starting From "Configurations" Once Connected to the Database

1. Change the Option Value toUse DBMA MTA Domains 1=YES, 0=NO

2. Press

3. Press and DBMA will create the table within which your domains will be stored.

4. A message should appear: DBMA has succcessfully created database tables and inserted your MTA domains plus default DBMail LMTPD transports. If this is an update, the DBMA_MTA table has been dropped and re-created with default settings. You may add transport configurations or edit the DBMail LMTPD defaults on a per domain basis if you desire. Select the "MTA" icon which should now appear at the top right (if "Use MTA" is set to "1") and check your stored MTA domains before switching over your MTA. Configuration settings must have "Use MTA..." set to "1" and your MTA must be configured accordingly. DBMA has also created or checked the existance of the DBMA_MTA_ACCESS (black / white lists) table. If this an update of your MTA Tables, DBMA did not alter your MTA ACCESS table which likely contains an accumulation of data. If this is the first time you have used this tool, you will need to migrate (using the DBMA 'migrate' tool) into your Access table, or enter from a keyboard, the data you wish the MTA to act upon. Click the "MTA" icon at the top right and then select 'Go To MTA Access'.

5. From the Main Menu, you should now be looking at the list of domains stored in your database in the "My domains" panel of the DBMA Main window.

6. DBMA will automatically add a domain to the DBMA_MTA.mydestination row for every alias you will or have already created.

You must remember to add an alias for the FQDN of the host (to PREVENT LOOPS) and any other name the host goes by. As well, the postmaster@ the domain literal: the IP address of the mail host (i.e.: [email protected]) is a requirement of all mail servers.

Once DBMA MTA Admin is initiated, the Configurations Window will always have a section for adding and deleting domains. You can link the "DBMA MTA Admin" from the "MTA" icon at the top right of the "Main" DBMA menu.

Manual additions: This is a good place to add $myhostname if it is not already among your postmaster or pseudo-account aliases. (IT SHOULD BE: Postmaster must accept mail at the domain literal, and at each host name by which the server can be accessed.) (IP addresses as domains look like this for Postfix: "[127.0.0.1]")

Obviously if you are trying to delete a domain, and it is still in among your aliases, it will return right back again. (Keep your setup clean.) If you add a domain, it will stay there in the database until you delete it. If you delete a domain

7. Finally you must configure your MTA to use xxSQL data for 'deliver to' domains and/or transports. Examples are set out below. Try to use multiple RDBM servers (primary plus mirror, whatever you like) to avoid a Single Point of Failure (SPOF).



Completed the above configuration?
Congratulations, sort of.... Nothing here works unless your MTA is compiled --with-XXsql and configured to use MySQL or PostgreSQL data. The MTA must be told to use DBMA_MTA for destination and/or virtual domains and per-domain transports or whatever you wish to use. It will need to know the database type; table and field names; user name and password; and so on...

Below are some configuration pointers which will be helpful for a range of MTA choices. Postfix is the most popular MTA with DBMail so the focus is on Postfix however even within Postfix there are numerous configuration approaches and many ways you can use the "DBMA MTA Admin" GUI and data. The same is true of all MTAs.

Note about MTA Syntax: The domains stored in the 'DBMA_MTA' table are those extracted by DBMA from your aliases plus any you enter manually. If your mail transfer agent is configured to use this 'DBMA MTA Admin' feature, these are the domains for which your MTA accepts mail. The syntax of wildcards, IPs or domain literals is identical to what you would use in your MTA config file. Please check your MTA documentation if you are in doubt. Consult with your System Administrator for DNS MX records and other related DNS/SPF/RBL/DomainKey issues?

Add or Delete Domains:

Should a domain continually reappear even though you wish that domain removed, that is your warning that a user still has an alias using the deprecated domain and apparently is expecting mail at that address. Remove or update the old alias.


Mailbox Transport:

Each DBMA_MTA destination domain has a transport configuration attached to it. A default is already created to use dbmail-lmtpd on port 24. The DbMail lmtpd is an awesome transport; use it if possible. Change it at your discretion to enable the use of anti-spam, anti-virus, mail-policy, or DbMail delivery tool (SMTP) (and a million other possibilities). You do this by editing the item in DBMA MTA Admin :: Domains and Transports. Type what you want and press edit.

Re-Create MTA_Domains

You can completely rebuild MTA Domains. For wholesale changes you can recreate the table as often as needed by pressing the "Create DBMA_MTA Tables" button. This will reconstruct the MTA domains list from all the aliases stored on the system and reset to lmtp:24 all transport settings. Remember to re-enter any domain literals or wildcards your MTA needs.

The default 'transport' is:

dbmail-lmtp:127.0.0.1:24

Setting Up Transport
Certainly you can use the MTA Domains feature for your MTA without using xxSQL-based Transports. If you are only using the DBMail LMTP daemon (dbmail-lmtp:127.0.0.1:24), it makes sense to leave this single line in your main configuration file and only use the DBMA_MTA.mydestination column for your domains.
in main.cf:
=========
mailbox_transport = mysql:/etc/postfix/transport.cf
transport.cf
===========
user=dbmail
password=dbmail
dbname=dbmail
hosts=127.0.0.1
table=DBMA_MTA
select_field=transport
where_field=mydestination


Checking this in Postfix we'll use the 'Postmap' command. From the command line type the following substituting a domain you know to be in the database.
The command line:
% postmap -q localhost mysql:/etc/postfix/transport.cf
will return:
% dbmail-lmtp:127.0.0.1:24


Postix's 'master.cf' needs a little configuring. If you don't have something like the following in master.cf, you should. Please check the documentation for your MTA type and version to fully understand its configuration needs for using XXsql configs. It is also possible to set up some fairly fancy to do multi-domain hosting with 'virtual transport domains' and 'virtual mailbox maps' using the DBMA_MTA tools. We'll get you started on the basics.
master.cf
========
dbmail-lmtp unix    -   -       n       -       -       lmtp
dbmail-smtp unix    -   n       n       -       -       pipe
     flags=  user=dbmail:dbmail
     argv=/usr/local/sbin/dbmail-smtp -d ${recipient}

Examples of 'literals' and '$wildcard' domains to be entered manually:
(You wouldn't necesarily use them all.)

$mydomain
mail.$mydomain
$myhostname
[127.0.0.1]
[192.168.100.20] # Example LAN address if applies
[216.239.57.107] # Example WAN address if applies


mydestination in Postfix:

main.cf
---------
mydestination = mysql:/etc/postfix/mydestination.cf



You can also do this in main.cf such that all 'housekeeping' destinations are in the main config and all virtual domains are auto-generated by DBMA MTA Admin. You won't need to add any manual destinations in 'DBMA MTA Admin'. Check your Version's documentation for syntax
mydestination = mycriticaldomain.com [127.0.0.1] [localhost] [131.107.1.71],
 mysql:/etc/postfix/mydestination.cf

mydestination.cf Postfix Pre-Version 2.2
----------------
user = dbmail
password = dbmail
dbname = dbmail
hosts = 127.0.0.1 192.168.1.1 # Add your replicating mirror DBMS to avoid Single Point Of Failure
table = DBMA_MTA
select_field = mydestination
where_field = mydestination

mydestination.cf Postfix Version 2.2 and newer
----------------
user = dbmail
password = dbmail
dbname = dbmail
hosts = 127.0.0.1 192.168.1.1 # Add your replicating mirror DBMS to avoid single point of failure
query = SELECT mydestination FROM DBMA_MTA WHERE mydestination like '%s'



Hopefully it may help you to configure Sendmail, Exim and other MTA's knowing the Table Schema added to the dbmail database:

CREATE TABLE DBMA_MTA (
mydestination varchar(35) NOT NULL default '',
transport varchar(128) NOT NULL default '',
UNIQUE KEY mydestination (mydestination)
) TYPE=MyISAM;

+---------------+--------------+------+-----+---------+-------+
| Field         | Type         | Null | Key | Default | Extra |
+---------------+--------------+------+-----+---------+-------+
| mydestination | varchar(35)  |      | PRI |         |       |
| transport     | varchar(128) |      |     |         |       |
+---------------+--------------+------+-----+---------+-------+

The advantage in handling this from the database is that you do not need to reload postfix when a domain is added or removed. Postfix, and likely other MTAs lose performance in such a case. Also you will have a single action capability of adding domains just by creating an alias. As an Administrator, anything that puts management and control of events more firmly in your grasp, is a move forward.


DBMA MTA ACCESS - A Powerful 'Whitelist / Blacklist Tool'

For fine-grained tuning or as a complete replacement for your MTA's access lists, this tool will replace optional MTA config flat files like access, sender_access, client_access, helo_access etceteras. Your MTA must be compiled *--with-XXsql* and configured to use MySQL or PostgreSQL. If you already use MTA Domains for your destination addresses and or mail transport, the appropriate tables for this feature exist. With this tool, you create the 'sender' / 'action' directive for the MTA.

The DBMA_MTA_Access table contains two fields of importance: a.) 'sender' and b.) 'action' directive.

The 'sender' field in any case would contain the domain or IP address requiring action.

The 'action' directive could be one of at least three directives: a.) REJECT, b.) OK, c.) reject_unverified_sender with the option of using any text string your MTA understands (i.e.: error code plus message) in the latter.

In simple terms this is your global white-list/black-list resource. How you use it is is a matter of your preference. The following examples for Postfix may make this decision clear for you right away as you compare what follows to your current configuration:

in Postfix's main.cf
===================
smtpd_recipient_restrictions =
.../
check_client_access mysql:/etc/postfix/DBMA_MTA_Access.cf,
check_sender_access mysql:/etc/postfix/DBMA_MTA_Access.cf,
\...

where DBMA_MTA_Access.cf looks like:
DBMA_MTA_Access.cf
================
user=dbmail
password=dbmail
dbname=dbmail
hosts=127.0.0.1
table=DBMA_MTA_ACCESS
select_field=action
where_field=sender

Checking this is easy with Postfix. From the command line type the following substituting a "sender" domain you know to be in the database, or enter one first using DBMA MTA Admin.

The command line:
% postmap -q evilhackers.com mysql:/etc/postfix/DBMA_MTA_Access.cf
will return:
% REJECT
Sendmail and other MTAs have a catchall access file where Mail relay access is controlled. The Default is to reject mail unless the destination is local, or listed in /etc/mail/local-host-names but you can control that further with the 'access' file. This is another case where DBMA_MTA_ACESSS can be a replacement.
Enter the 'sender' domain and type the 'action' directive in the 'other' text box and you will be able to create in effect what follows:
FREE.STEALTH.MAILER@            550 We don't accept mail from spammers
another.source.of.spam          REJECT                      
okay.cyberspammer.com           OK                          
128.32                          RELAY                                

The database table for DBMA_MTA_Access may eventually contain hundreds if not thousands (hopefully not!) of domains you may wish denied access or specifically whitelisted. The Unique key for 'sender', the domain or IP needing an action makes this method most desireable over flat files contained within your MTA configuration namespace. If you enter a domain or IP already contained within the database, DBMA will determine that fact and update the action for you. For that reason you do not need to 'pull' a list of senders and actions every time you administer this tool. The fact you are opening the GUI would indicate that the sender is not already on your reject list and needs attention. Nevertheless you can select the option to view all rows within the database and in some cases you could go and pour yourself a coffee and wait for the page to load if you have blacklisted whole countries by individual IPs :o) on one of those 'bad-email-days'.

The DBMA_MTA_Access database table looks like this in MysQL, a little different in PgSQL:
CREATE TABLE  DBMA_MTA_Access  (
myid  int(5) NOT NULL auto_increment,
sender  varchar(128) NOT NULL default '',
action  varchar(25) NOT NULL default 'REJECT',
PRIMARY KEY  (myid),
UNIQUE KEY  sender  (sender)
) TYPE=MyISAM COMMENT='MTA acces table' AUTO_INCREMENT=1 ;
+--------+--------------+------+-----+---------+----------------+
| Field  | Type         | Null | Key | Default | Extra          |
+--------+--------------+------+-----+---------+----------------+
| myid   | int(5)       |      | PRI | NULL    | auto_increment |
| sender | varchar(128) |      | UNI |         |                |
| action | varchar(25)  |      |     | REJECT  |                |
+--------+--------------+------+-----+---------+----------------+