http:// qmail.jms1.net / scripts / rules / sqlite.shtml

Setting up an SQLite database

This page documents how to set up an SQLite database for use with the qmail rules interface.


Installing SQLite

SQLite is usually included in the operating system's repositories. If this is the case, you should install it from there, so that the server can be upgraded easily when security issues are found.

For example, under the RedHat-flavoured distributions (i.e. RedHat Enterprise, Fedora, CentOS, etc.) you can run a command like this to install the server:

# yum install sqlite

The specific package name may vary, but the procedure should be very similar.

If your system doesn't have a package repository from which to install the software, you can always download the source code and follow the directions to build it on your system.


Decide where to put the database file

SQLite stores all of the data for a "database" within a single file. The permissions and ownership on this file are important. Both Apache and qmail-smtpd need the following permissions:

On my test system, Apache runs CGI scripts as the "apache" user, and qmail-smtpd runs as the "qmaild" user. In order to set up the permissions, I created a group called "rulesdb" and added these two userids to it.

# groupadd rulesdb
# usermod -a -G rulesdb apache
# usermod -a -G rulesdb qmaild

After doing this, I restarted the processes which run as these userids, so that they would gain their new group memberships (and therefore be able to access the file.)

# svc -t /service/qmail-smtp* # /etc/init.d/httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ]

Because the system is related to qmail, I think it makes sense to store the file under the /var/qmail directory somewhere. On my test system, I created a /var/qmail/rules directory, containing a file called rules.sqlite. You can obviously do whatever you like on your own system, however this is the directory and filename I'll be using on this web page.

While testing this setup, I discovered that, even though the qmail-smtpd process runs as the qmaild user, whcih is a member of the rulesdb group, the process doesn't inherit the supplementary group IDs of the userid as which it runs. This is because when tcpserver "becomes" the requested uid and gid after bind()-ing to the listening socket, it does not also pick up the supplementary gid's of the uid.

Because Apache DOES pick up the supplementary gid's of it's anonymous user, we can make the files accessible to both Apache and qmail-smtpd by making them owned by the qmaild user and the rulesdb group, and making them both owner- and group-writable.

The actual commands I ended up using are shown below.


Creating the database file

You should already have downloaded the files and run the ./fix-permissions.sh script.

To set up the SQLite database file, do the following:

Once this is done, the database will be ready for the web interface to be used to start creating rules.


The Perl DBD::SQLite Module

In order for Perl to connect to an SQLite database file, you need to make sure that the DBD::SQLite module is installed correctly.

The standard RedHat/CentOS repositories don't have a package for the DBD::SQLite module. However, you can install it from CPAN:

# perl -MCPAN -e install DBD::SQLite


The G4DBCONN Value

When configuring the web interface and the mail script, you will need to set the value of the G4DBCONN environment variable. For an SQLite database, the value needs to look like this:

SetEnv G4DBCONN "dbi:SQLite:dbname=/full/path/to/database.file"