0

I currently have a server with postfix/dovecot/postfixadmin and squirrelmail running for multiple domains. I use mysql to store the account/domain details. However, if I go to the webmail of a domain on my server, I can login to all email accounts on any domain on my server. How can I make it only possible to login to a mailaccount using on the right domain? And if i've done this, is it also possible to allow to login to all mailaccounts using the ip-address of the server directly?

In short, I want that if a user goes to domain1.com/webmail he can only login to emailaccounts with @domain1.com, but if a user goes to A.B.C.D/webmail he can login to all emailaccounts on the server.

edit:
I think I wasn't clear enough in my post, so I will try to explain a little bit better what I have:
I have one postfix/squirrelmail installation, and squirrelmail can be accessed on any domain through domain.com/webmail (/webmail is aliased). But because I only have one installation, you can login on all domains on my server using any domain. So for example, if I have domain1.com and domain2.com, you can login with somemail@domain1.com at www.domain2.com/webmail. I dont want this. The only exception to this rule is that I want to be able to access the complete mailserver, so all emailadressess on all domains, using the ip-address of the server (A.B.C.D/webmail). Sorry if my question isn't clear, english is not my main language so I sometimes have some trouble explaining my problems in english.

Tiddo
  • 979
  • 1
  • 8
  • 16
  • @Tiddo - with all due respect, your question is broad in the sense that it will require configs for postfix, http, iptables, and possibly mysql and will be difficult to answer without significant documentation. Would you mind posing your question in a more detailed manner? That way, you'll receive more than generalized answers (and guesses) in return. – Patrick R Mar 28 '11 at 12:56
  • I'm at a loss why that configuration would even be useful. – Richard June Mar 28 '11 at 13:05
  • @Richard: I have several domains hosted for several different people. I want those people to be able to login to their email accounts ONLY on their own domain. But I have also several domains for myself, and I want to be able to login to all domains using 1 ip. @Patrick I will provide some more information later today, don't have much time now. Thanks for your replay! – Tiddo Mar 28 '11 at 13:14
  • @Tiddo, but are you doing all your mail / web hosting on a single server? – Richard June Mar 28 '11 at 13:40
  • @Richard: I am not a reseller, I am a student and part-time freelance webdeveloper, and I host the domains of my customers. Most websites are small (~max few hundred visitors p/m), so I don't need multiple dedicated servers, a VPS is more than enough for me now. – Tiddo Mar 28 '11 at 14:02
  • That makes even less sense then. Alias /webmail on all domains to a single installation *OR* install a seperate webmail installation on all domains and hard code the domain. I do hosting as well, I use ISPCP to manage the domains, I would recommend you look into something similar. If you like, I can set you up as a reseller on my server, contact me at rjune@oriontechnologysolutions.com – Richard June Mar 28 '11 at 16:47
  • /webmail is aliased. I only have one installation of squirrelmail running;) But I just want to restrict access to domain specific email accounts – Tiddo Mar 28 '11 at 20:59

1 Answers1

2

To do this you will need to change some code in Squirrelmail.

The page that does the login, from that you can with PHP look at the domain name and then make sure that only current domain is after the @. If you are not a PHP developer it could take some time to find out how to do this, and I do not really recommend this solution.

The thing you should do instead is to create one webmail that all users log in from and then SSL encrypt the page, to make sure that users do not send their e-mail credentials via clear text, and then redirect domain.com/webmail to e.g. https://ssl.yoursite.com/webmail

I have built several shared hosting environments hosting thousands of clients, but none of them are dedicated per-domain. All of them are placed on a secure location (simply because I refuse to build webmail access without SSL).

Now the reason why this should be the approach is, that users usually access their webmail from everywhere, which drastically increases the risk of someone sniffing network traffic, thus gaining access.

Nor would you like this to happen, because if that happens your server could be used as a source of unsolicited bulk e-mail (SPAM).

Frands Hansen
  • 4,617
  • 1
  • 16
  • 29
  • tx for your answer. I am a php developer so that won't be a problem, but I also agree with you that it isn't a really nice solution. I'll have to point out that I have only one webmail instance running, and that there is only one installation of squirrelmail. The different url just internally link to the same pages, in my case to /usr/share/squirrelmail/. But you're saying that I should redirect each url to one dedicated url? – Tiddo Mar 28 '11 at 22:32
  • Yeah. There is no problem in having /webmail on each domain, but redirect it to the same place, after all, your customers should be aware who their provider is ;) Also, you should have that single webmail place behind SSL. – Frands Hansen Mar 29 '11 at 10:38
  • ok, tx for your answer! – Tiddo Mar 29 '11 at 14:20