DBMA - HELP with Useage and Installation

For all DbMail versions

DBMA Configuration For Win32 and Unix Admins, PostgreSQL or MySQL

> cp *.DB ../
> cd ../
> tar -xvf DBMA_SQL_V2.tar
> mv *.DB dbmailadministrator/
> chown -R HTTPD_user:HTTPD_Group ~/dbmailadministrator/*

  1) Untar (tar xvf DBMA_SQL_V2.tar) the tarball
     from HTTPD document root or from your cgi-bin, as you wish.
     example: /usr/local/www/dbmailadministrator
	      /usr/local/www/cgi-bin/dbmailadministrator

              download tarball to /usr/local/www/
              cd /usr/local/www/
              tar -xvf DBMA_SQL_V2.tar

  2) chown files to your HTTPD user:group and chmod 755 *.cgi
     i.e.: chown -R www:www ~/dbmailadministrator/*

  3) With the sole exception of 'hard-coding' a "RESTRICTGroupID"
     mode (see below), all configuration is done from the GUI.

  4) Point your browser to /dbmailadministrator/

  5) i) If the programme fails to start, check that the shebang
     line (#!c:/perl/bin/perl.exe) in DBMA.cgi points to your PERL and that
     you have the necesary modules installed. (See top of README.)

     ii) chown files to your HTTPD user:group and chmod 755 *.cgi
     (if you are very lucky the tarball's defaults may be fine.)
 
  6) make certain all files and directories are readable and writeable
     by the httpd user:group

  8) This package includes a maillog search feature for trouble
     shooting. dbma_logsearch.cgi doesn't need configuration
     as it will look for your logs or you can simply enter the
     location from the user interface. Make certain your maillog
     is readable by the HTTPD's user:group. Remember that Logs
     are rotated by crontab so permissions may need updating.

  9) DO NOT make this tool available to Public web access!

Troubleshooting?

• You are locked out. (Please see security notes for Help with Passwords. Meanwhile the default username is dbmail and the password is dbmail. Generate your own new password NOW. Use the following command adjusted to the location of htpasswd on your system:
  > /usr/local/bin/htpasswd -cb .htpasswd user secret)
• You made an error in your typing of config information. (Proof read again please and check that your config is correct.)
• Your host cannot resolve the SQL server name you specified. (Change to an IP number or fix your hosts and/or DNS zone files)
• SQL User Name rejected. Perhaps the limited priviledges user name and password you are using for your database has only localhost authority on the database server. (Change the user privs on the database to include the host you are running DBMA from or try a different user.)

Check your PERL

DBMA Troubleshooting Summary

1) Are you using PERL 5.6 or better with DBI and DBD installed for your database?
• CGI::Carp (should be in your PERL already)
• NET::SMTP (part of libnet which should be in your PERL)
• Digest::MD5 (should be in your PERL already)
2) Is your web space script-enabled (i.e.: ExecCGI) (read DBMA_security.htm)?
3) Have you correctly configured DBMA with your Database details?
4) Have you correctly set the correct database type?
5) Have you correctly set the versioning for DbMail?
6) Do you have a database client installed?

Privacy Warning

Using DBMA

Please change your default password (dbmail:dbmail and dbma:dbma for Win32) as soon as possible. See security for more details. Password protection should be enabled in your HTTP Daemon configuration file (i.e.: httpd.conf).

DBMA enables an Administrator to 'hard-code' DBMA to restrict administrative access to a single DbMail "Group" (client_idnr).

This is ideal for Help Desk or Level One Support situations where you want personnel to perform mail user management on a select group of DbMail accounts without providing full DbMail database view or access.

You can also use DBMA (RESTRICTGroupID mode) on a end-to-end secure and authenticated Web resource (authenticated SSL) with which your external customers' Administrator or internal/remote departments' Administrator could manage their own DbMail accounts. In the case where there are only single known users of the resource you could easily use a self-issued High Grade Encryption (AES-256 256-bit) server certificate if you don't have nor want the cost of a 'store-bought' Server Cert (i.e. Thawte, VeriSign, SSL, etc.). (http://www.ssl.com/ now offers an SSL128SCG2.5 single-domain Cert for under $100. USD).

Multiple instances of DBMA can be used to Administer multiple "DbMail Groups/Clients" by designated personnel without any overlap and with only a restricted view or access to a single group (client_idnr) of mail accounts for each designated "Group/Client" Administrator.

To implement this mode, DBMA is first configured like normal in the configurations GUI. Then "root" opens the main script (DBMA.cgi) in a text editor; a comment hash mark is removed; and the client_idnr number for the group to which DBMA will be restricted is entered. (Detailed instructions are in the top of the script.) At this point no further GUI access is available to the configurations window nor global list/add/delete/etc. functions. Administration rights exist only for the single group you enable. The README in the tarball has further info.

• RESTRICTGroupID mode (see http://dbma.mobrien.com/DBMA-FAQ.htm for full details)
• - removes access to all Global Functions
• - removes access to DBMA Configuration GUI
• - limits administration access to a single group
• - prevents duplicate user accounts across mail Groups
• - returns a notice and denies access when the group
• administrator's search returns a user outside his/her assigned group

In the (default) unrestricted configuration, DBMA enables full access to your entire DbMail system database for managing users, finding mail, etc. and is relatively unchanged.

1. Scalability. Like DbMail, DBMA is vastly scalable. Millions of users can be accomodated depending on the scope of your database servers (or cluster). You might notice some terms of reference in DBMA (GUI names) differ slightly from the table and field names used in the DbMail database. DBMA is a management tool as well as a customer support tool. DBMA favours the use of 'friendly' terminology which fits the most likely usage by front line Level One Support people and by the 'machine room' mail team. "Group" refers to the 'dbmail_users' field 'clientid', for example. In the case of an ISP, each user is a client. You might consider organizing your clients/users into geographic groups or net segment groups or whatever you like, to keep the total number of users broken up into manageable lots of up to 1000-1500 accounts per group.  With just 999 groups you can manage as many email accounts as some countries have internet users. Both DbMail and the DBMA GUI are highly scalable.
2. By using simple "radio check buttons" and pressing "Go" DBMA lets you add or delete users, aliases, forwards, notifications, check mail limits, monitor IMAP mailboxes, and more as well as show and modify single users or display a list of all existing users in any group or all groups displaying all information including current mail stats. 
3. Deleting the user removes the account as well as all aliases and auto notifications for that user. Heed the 'Alert' popup asking "Are you sure you want to do this?" Once deleted, all aliases, forwards, mailboxes and mail associated with the deleted user are GONE for good.
4. Message Management Problems with undeleted messages in DbMail? With the preponderance of email clients and perhaps after numerous rejigging of the DbMail database through various upgrades, you may find that messages marked by a user for deletion are not having their status reset. Look for changes in the MAIN MENU statistics column: "Number of deletes pending" DBMA (since V2.1.2) will accomplish this with a single check "Update delete status" box and "Go".
5. Find the orphaned messages DBMA is a good fixer.

   This 'Update Delete Status function' runs a scan of the database looking for three basic problems.
   1. messages marked delete by the client but status is still 000;
   2. messages having no 'owner mailbox' and
   3. messages unattached to a user.
   
   These are three issues which DBMA users have emailed me about. From DBMA user feedback I deduce this is sometimes caused by mucking around in the datatbase with an editor like MySQLCC, PHPMyAdmin or phpPgAdmin. There may also be issues with some patched/migrated database schemas; and surely there's the gremlins and quirks.
   
   If DBMA finds some orphaned messages DBMA will, with gentle grace, set their dbmail_messages.status to a mere 001 and their deleted_flag to a certain "1" preparing them for the ultimacy of the maintenance cleanup.
   
   Look at the "Number of deletes pending:" column of the DBMA statistics (Main menu) to observe any changes after doing "Update Delete Status".
   
   Why status 001?
   You are the real 'administrator' and must be afforded a chance to review what you have done.
   
   If you don't like '001', go nuts, repeat the action and they will all be set to '003', the final bell. The next crontab 'dbmail-util -d' removes them from the database. (You may someday benefit from this two-step flexibility.)
   
   NOTE: The Update delete status function is not available to "Group Administrators" under the RESTRICTGroupID constrict.
   

6. Mail search, delete or undelete. Mail search is available from any users mail box and the search will be conducted within that Mailbox. Delete sets the status flag to 003 so it is wiped out on the next maintenance pass. All flags are visible in any mail box so an erroneously marked (for delete) can be spotted quickly. Individual mail can be undeleted or deleted, all mail in any mail box can be deleted or undeleted.
7. Remove separate aliases by User ID (even if the user no longer exists) or by complete alias. Some orphaned rows may exist in your database between dbmail-utils / dbmail-maintenance crontab runs. More often than not this is an admin-user error. Hush. DBMA can help you monitor and oust straggler aliases. Just type the full alias and press "Delete Alias" and presto it's gone. In the alternative you can type the UserID and press "Delete All Aliases" and zap, they are all gone.
8. Forwards including external address forwards like [email protected] ==> [email protected] are accomplished by checking 'Add Forwards' and pressing the "SQL Tool" button from the Admin page. You will get another GUI window which is self-explanatory on adding email internal and external forwards. You can also list all the forwards and delete any which need to go.
9. I already have a "Bob" as user. Let's face it, public email addresses uniquely identify each person on planet earth. As a mail administrator or postmaster you already realize that folks take their email address and their email seriously and personally. Very much so. Keeping the mail running and folks happy is your aim but you will encounter many heretofore inconceivable complaints or requests from users. It's nice to know you are ready for most anything.
   So, the new user wants the name "bob" in his email address, empatically. You already have a "bob" (or whatever the request may be) at another virtual domain and this new user who wants to be "bob" won't take no for an answer. No problem. Use DBMA with "Add User" checked to open an "(Add) User" window. Type a uniqe name like "boblastname" for the "User Name", enter the new Bob's password and "Client (Group) ID" then enter the email address as "[email protected]". Bob must login with account name "boblastname" but his email address is "[email protected]". All mail for "[email protected]" will go to the mailbox of "boblastname" and the other "Bob" is unscathed by all this.. You can have as many "bob's @ different_domains.tld" as you like.
10. Encryption. Many people will find that plain text passwords are sufficient for email user accounts. If that is not true for you, DBMA will encrypt your passwords compatible with dbmail. Choose from md5-hash, md5sum or crypt.
11. Auto Notify is accomplished by knowing the UserID number of the user you want to cause a notification. Enter the UserID number and the full email address of the mail box you want a notification sent to. It will work like a charm.
12. A simple way to add an alias is to call up the user in a manner of your choosing and then use the "Modify..." button. In the window which appears, without changing any of the main entries, add an alias to the "alias" text window at the bottom and press "Update". A similar window will popup again showing the change. You can repeat the above over again to add more aliases very quickly.
13. Search for  users can be accomplished using the email address, the user name or the user ID number. Your most unequivocal method uses the ID number.
14. You can view all users in all groups by selecting "List all users all group" and pressing the "Go!" button, but if you have 100 groups each with a thousand users, you won't be seeing the list for quite some time. To be more selective, in  the top row of functions, enter the group (ClientID) number and press either the "Users" or "Aliases" buttons. An alphabetical list will appear. Click the name of the user or alias you wish to modify and a data page for that user will open. If it proves true that this is the user you seek, press the "Modify User" button and make your changes, updates or whatever.
15. List Aliases GUI helps you manage scores of information and functions; forwards or aliased accounts and more. You can list every alias but if the numbers are high you should limit the display to under 1500 users. The ideal method is to list aliases by groups. Mail forwarders can also be listed separately. Each alias listing has a link to a data window or a search function. In the case of an external forward you obviously will not find the alias as a user account but in the case where you have [email protected] forwarded to [email protected], the two links will take you to the User Data Window for the two corresponding user accounts. Did you follow that? Each line has two links. The mail for x@x goes to xx@xx. It is possible that the link on the right is an external address. Clicking it will fetch an "account doesn't exist" message. On the other hand, accounts like "noc", "dns", "abuse", "privacy" etc are likely aliased to the addresses of persons or titles. The DBMA Alias List GUI allows you to quickly select which Account window you wish to open, the account with mail forwarded (left link), or the account where the mail goes to (right link).
16. Distributing your NewsLetter with forwarding. If you are creating forward aliases like "[email protected]" to be forwarded to each and every user at "@ourdomain.tld" you might forget to actually create the account "newsletterfromtheprez", but if you thought "Flubber" had bouncing problems, watch what happens with this scenario when things go wrong. In other words, if you are going to create a "newsletter" alias for mail distribution to various mail account groups, for each "newsletter" forwarder, create a full user account for your "newsletter".
17. To view the data for a single user, type the user's name or ID number beside the "User Search " button and press that button. From there you can modify or even delete the user.

Don't Allow Public Access To This Tool

Listing Users

Each user listing is a link to the user's data page. 

• In the above User List Window screenshot you would click the user link on the left side to open a user data window.
• Select "Configurations" for a data page setting out configration and technical specifics about your DBMA installation and your system's, PERL as well as your database.
• Restrict the number of listings by using the radio check buttons in addition to your function selection.

More About Password Encryption

Readme