1 Topic by sruthin.tk

  • sruthin.tk
  • Member
  • Offline
  • Registered: 2014-11-24
  • Posts: 4

Topic: How can i disable ipbased access roundcube mail after instaling iredma

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:

====
Iredmail version:::0.8.7
mysql
Linux::centos 6.5


Hai.
I have installed iredmail on centos 6.5.Everything work fine.But  i want to disable roundcubemail accessing by server ip.I mean afte installing redmail i can accessing roundcubemail by using server ip or mail.example.in(mail.example.in is my hostname.)Now i want to disable ip based accessing.What to do.its very urgent.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by hdco (edited by hdco 2014-11-25 14:01:20)

  • hdco
  • Member
  • Offline
  • From: Vancouver, BC
  • Registered: 2014-10-02
  • Posts: 44

Re: How can i disable ipbased access roundcube mail after instaling iredma

Wrap all of iRedMail's Apache hosts in a VirtualHost block with ServerName set to your domain. Then, set a catch-all (no ServerName) host to redirect to your domain, so other points of access are corrected. You could also just serve up an error.

3 Reply by sruthin.tk

  • sruthin.tk
  • Member
  • Offline
  • Registered: 2014-11-24
  • Posts: 4

Re: How can i disable ipbased access roundcube mail after instaling iredma

Please give me the virtualhost setup.please

4 Reply by hdco (edited by hdco 2014-11-25 14:13:27)

  • hdco
  • Member
  • Offline
  • From: Vancouver, BC
  • Registered: 2014-10-02
  • Posts: 44

Re: How can i disable ipbased access roundcube mail after instaling iredma

Oh, turns out virtual hosts are already used - just no ServerName. This being the case, you just need to open Apache's sites-enabled/000-default.conf file (different in CentOS maybe?), and replace the top part. (Replace example "yourdomain.com" of course)

<VirtualHost *:80>
        ServerAdmin webmaster@yourdomain.com
        DocumentRoot /var/www

With this:

<VirtualHost *:80>
        Redirect 301 / https://mail.yourdomain.com/
</VirtualHost>

<VirtualHost *:80>
        ServerAdmin webmaster@yourdomain.com
        ServerName mail.yourdomain.com
        DocumentRoot /var/www

What I'm doing here is adding a ServerName to the default host, which tells Apache "do this when this host is used", it's what allows multiple hosts/domains to share an IP. Then above it, I'm adding a second host without a ServerName to catch every other domain (be it the IP address, or some other domain pointed to your IP). It simply redirects to your actual domain, but you could also add a DocumentRoot to an error page instead if you prefer.

Repeat in the SSL file (sites-enabled/default-ssl on Debian) on port 443, and copy over the SSL lines (SSLEngine, SSLCertificateFile, SSLCertificateKeyFile) into the new host. You won't get many people past the certificate warning, but might as well.

If you get a warning about _default_ VirtualHost overlap, replace _default_:443 with *:443 and add NameVirtualHost *:443 to the top.

I'm more of an nginx person so someone chime in if there's a better way of doing this.