1

Topic: General question about alias domains

==== Required information ====
- iRedMail version: 0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: RH 6.6
- Related log if you're reporting an issue:
====
Hello,
I have general question about alias domains.
I've seen article http://www.iredmail.org/docs/ldap.add.mail.alias.html and I know it will probably meet all my requirements.
The only question is:
If I have domains example1.com example2.com example3.com
Can user use all email addresses (user@example1.com. user@example2.com, user@example3.com)  to log in to services (webmail pop3 etc)

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: General question about alias domains

iRedMail forces client to use only primary domain to login.

Since all emails sent to user@[example1.com, example2.com, example3.com] are delivered to the same mailbox, you don't need to login to different account to access mailbox, so how about update webmail/Postfix setting to allow user to send email as another user?

3

Re: General question about alias domains

It's possible,
What should I set ?
I'll be using roundcube and probably sogo for some users.

4

Re: General question about alias domains

1) To allow user to send email as different user, you have to remove 'reject_sender_login_mismatch' in /etc/postfix/main.cf. Restarting Postfix service is required.

If you still want to reject email with different 'From:' and sasl username, please enable iRedAPD plugin 'reject_sender_login_mismatch' in /opt/iredapd/settings.py.

2) Set Roundcube setting 'identities_level' to 0 in /var/www/roundcubemail/config/config.inc.php (or main.inc.php if you're running an old Roundcube release).

5 (edited by misieq 2014-12-30 16:59:19)

Re: General question about alias domains

ZhangHuangbin wrote:

1) To allow user to send email as different user, you have to remove 'reject_sender_login_mismatch' in /etc/postfix/main.cf. Restarting Postfix service is required.

If you still want to reject email with different 'From:' and sasl username, please enable iRedAPD plugin 'reject_sender_login_mismatch' in /opt/iredapd/settings.py.

2) Set Roundcube setting 'identities_level' to 0 in /var/www/roundcubemail/config/config.inc.php (or main.inc.php if you're running an old Roundcube release).

If I disable reject_sender_login_mismatch in postfix the user will be able to send email as anybody. Am I right?
Does iRedAPD plugin will protect it?

What about adding another mail attribute in LDAP? - I've read on SOGo mailing list it should work.

6

Re: General question about alias domains

misieq wrote:

If I disable reject_sender_login_mismatch in postfix the user will be able to send email as anybody. Am I right?

YES.

misieq wrote:

Does iRedAPD plugin will protect it?

YES. that's what this plugin is used for.

misieq wrote:

What about adding another mail attribute in LDAP? - I've read on SOGo mailing list it should work.

What do you mean "add another mail attribute"? what does it suppose to be used for?

7

Re: General question about alias domains

OK. I wasn't precise enough.
I have domain and alias domains so my user has a mail field and some shadowAddress fields.
eg mail=user@domain1.com, shadowAddress=user@domain2.com, shadowAddress=user@domain3.com
As I can see it's possible to login to postfix/dovecot/www using any of these addresses.
If yes that solves my problem.

8

Re: General question about alias domains

Do you mean you want to allow primary domain and users under this primary domain to send as alias domain users and emails specified in mail+shadowAddress?

9

Re: General question about alias domains

Well, you got it now.

With the latest iRedAPD, you can enable plugin 'reject_sender_login_mismatch' and set below parameters in iRedAPD config file /opt/iredapd/settings.py:

# List users or domains you want to allow login mismatch.
ALLOWED_LOGIN_MISMATCH_SENDERS = ['domain.com', 'user@domain.com']

# Strict restriction. Default is True.
ALLOWED_LOGIN_MISMATCH_STRICTLY = True

Below is comment lines in plugin file, it explains what it does:

# *) Set whether or not strictly allow sender to send as one of user alias
#    addresses. Default is True.
#
#       ALLOWED_LOGIN_MISMATCH_STRICTLY = True
#
#    or
#
#       ALLOWED_LOGIN_MISMATCH_STRICTLY = False
#
#    - With OpenLDAP backend, user alias address is stored in attribute
#      'shadowAddress' of user object
#
#    - With MySQL/PostgreSQL backends, user alias address is username part +
#      alias domain name. For example, if primary domain 'primary.com' has
#      two alias domains: 'alias-1.com', 'alias-2.com'. User 'user@primary.com'
#      is allowed to send email as:
#
#       + user@primary.com
#       + user@alias-1.com
#       + user@alias-2.com

Hope it's what you want.

10

Re: General question about alias domains

ZhangHuangbin wrote:

Do you mean you want to allow primary domain and users under this primary domain to send as alias domain users and emails specified in mail+shadowAddress?

Yes, exactly.
I've made some tests and looked into ldap connection files and it seems to be working out of the box.
Thanks!