Skip to content

Plugins

Sleeps edited this page Jul 2, 2026 · 5 revisions

VExim Web UI Plugins

Version 2 (which arrived quickly) comes with modules, some of those are core modules that you need and some plugins that are helpful.

It is recommended that you use the vw:plugin command to install modules, it writes to a composer.local.json file so that when you update the main Web UI (git pull) it doesn't delete them by overwriting your composer.json.

They are all installed via the CLI, so login (or su) to the veximweb user account, cd into the vexim_web directory and run

php artisan vw:plugin list

To see what is available, you will see something like this:

ID Package Name Description Status
1 mrsleeps/vexim-web-plugin-pdns PowerDNS Integration Manage DNS records via PowerDNS API Available
2 mrsleeps/vexim-web-plugin-mailman3 Mailman 3 Mailing Lists Subscriber management via Mailman 3 REST API Available
3 mrsleeps/vexim-web-plugin-dmarc DMARC Integration View DMARC reports Available
4 mrsleeps/vexim-web-plugin-rspamd RSpamd Integration RSpamd management Available
5 mrsleeps/vexim-web-plugin-mtasts MTASTS Integration MTASTS management Available
6 mrsleeps/vexim-web-plugin-dnstools DNS Tools Various tools to check DNS records Available

You install a plugin by running the command:

php artisan vw:plugin install package/name

You can also replace the package/name with the ID (makes for less typing).

The current plugins are as follows:

PDNS

This is a plugin that interacts with a PowerDNS API. It lets you add DKIM, DMARC and SPF records to domains that are being used by Exim.

Install it by running the command:

php artisan vw:plugin install mrsleeps/vexim-web-plugin-pdns

This will download and install (via composer) and once finished you need to run

php artisan migrate

This install the necessary database tables.

Once you have done all of that you need to login to the web ui and look for the DNS entry in the left hand menu, under that should be a menu item saying Providers. Click on that then on the new page click the "New dns provider" button.

Fill out all the details, you'll need to know your api address and key. Your server id is usually localhost (unless you have changed it). Make sure the enabled toggle is on and if you want to use PDNS for all your dns magic you also need to toggle the default toggle to on.

That's it.. Installed.. By default you add DKIM records via the domains page.

It does have a CLI command which enables you to quickly add PDNS support to all domains, in the vexim_web directory you need to run

php artisan vw:sync-domains-to-dns

This sets all your domains to whatever provider you select (PDNS in this case, it's currently the only one).

This plugin links in nicely to the next plugin...

DNS Tools

DNS Tools provide some basic checking for DKIM, SPF and DMARC records. They can also generate for them for you.

Install it via:

php artisan vw:plugin install mrsleeps/vexim-web-plugin-dnstools

And then:

php artisan migrate

Then login to your web ui and under DNS you'll see a menu item called "Tools".

It's pretty self explanatory, there's a little drop down menu next to the domain that allows you to generate DKIM, DMARC and SPF records and auto publish them via dns.

It does also have a some jobs that run once a day and performs some very basic checks.

If you want to run them manually:

php artisan vw:spf-check

or

php artisan vw:dmarc-check

These are very basic checks that check if a record exists and is valid.

DMARC

This plugin allows you to receive and view DMARC reports.

Install it via:

php artisan vw:plugin install mrsleeps/vexim-web-plugin-dmarc

And then:

php artisan migrate

You will then need to setup addresses for the dmarc reports to deliver to, as default we have set it to be dmarc@domain.tld. What I do is have 1 account (local) of dmarc@my.maindomain.tld and then for every domain hosted on my server I forward dmarc@theirdomain.tld to dmarc@my.maindomain.tld.

So, create a new local account via the web ui and then edit the .env file in the vexim_web directory.

You need to add:

DMARC_IMAP_HOST=
DMARC_IMAP_PORT=
DMARC_IMAP_ENCRYPTION=
DMARC_IMAP_USERNAME=
DMARC_IMAP_PASSWORD=
DMARC_IMAP_VALIDATE_CERT=false
DMARC_IMAP_DEBUG=false

Change those to your newly created dmarc reporting email account.

Now you need to forward dmarc@hostedomains.tld to that account, you can either do that manually (yawn) or you can use our CLI command:

php artisan vw:setup-dmarc-aliases

This will go through the database and add a forward/alias address of dmarc@ to every single domain in your system.

Update your DMARC dns records to set the reporting address to be dmarc@domain.tld and wait for the emails to flow in.

RSpamD

RSpamD is an alternative to SpamAssassin (which I hate). It's faster, more lightweight, way more modern and can do a lot more out of the box.

I've provided some very basic config files in docs/rspamd to help you get started. Installing and configuring RSpamD is not something I'm going to cover in this doc, it assume you have it all up and running beforehand. There's plenty of tutorials out there to help you.

Anyways, to install the plugin.. As always run:

php artisan vw:plugin install mrsleeps/vexim-web-plugin-rspamd

And then:

php artisan migrate

I've provided some scripts that will interact with your VExim Web UI install, currently just supports whitelisting and blacklisting. To get them working, look for the lua scripts I have provided and the vexim.conf. Copy those to your rspamd folder (keep theme in the folders I've have them in). You will now need an API token (yeah, we have an API). Run:

php artisan vw:create-rspamd-token user_id

Not sure of your id? Run:

php artisan vw:users list

Add that token (including the bit before the |) to your modules.local.d/vexim.conf file along with the hostname (include the https://) and restart rspamd. Now when you get an email it will ping the API to get the user settings.

MTA-STS

MTA-STS (Mail Transfer Agent Strict Transport Security) is an email security standard that helps ensure emails are sent securely between mail servers. It basically tells other mail servers: "Only deliver email to me over an encrypted (TLS) connection." and lets them verify they're connecting to the correct mail server, helping prevent attackers from intercepting or redirecting email.

It works by publishing a DNS TXT record that lets other mail servers know you use secure connections and then you also need a txt file at https://mta-sts.yourdomain.com/.well-known/mta-sts.txt.

This plugin takes the pain out of setting that up.

Install it via:

php artisan vw:plugin install mrsleeps/vexim-web-plugin-mtasts

And then add

MTA_STS_MODE=

to your .env file. You can either have enforce or testing. Recommend you start with testing.

You will now also need to setup the vhosts on your webserver (kinda has to be on the same server as your Exim install). To make it easier, I've provided a sample NGINX config under docs/nginx/mtasts.conf. It accepts mta-sts.domain requests for any domain that has the dns for that pointing at your server.

Then you need to add the records to the domains DNS. Firstly, add a text record of:

_mta-sts.domain

and the value of:

v=STSv1; id={SOMEIDNUMBER}

I use a timestamp for {SOMEIDNUMBER}, it's not in DNS Tools yet, but it's coming!

That's it..

Mailman 3

The MM3 plugin allows basic control over your Mailman 3 lists. Sadly, there are no PRs for support MM3 via LMTP so this module is pretty pointless until we figure that out.

However, if you want to have a look it's easy to install.

To install you need to run:

php artisan vw:plugin install mrsleeps/vexim-web-plugin-pdns

and then

php artisan migrate

Then add the following to your .env file:

MAILMAN_HOST=localhost
MAILMAN_PORT=8001 ## This is your api port
MAILMAN_USERNAME=
MAILMAN_PASSWORD=
MAILMAN_API_VERSION=3.1
MAILMAN_TIMEOUT=30

Once they are correctly added the Mailman 3 plugin will synch your lists (currently only manually, click the synch button).

Kind of pointless until I get it working, last time I tried MM3 took down my test server.. It's a bloated resource hungry mess.

Clone this wiki locally