Virtual Domain Logins with Exim4u

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Virtual Domain Logins with Exim4u

Odhiambo Washington

Hi Gordon,

I have traced this issue and found what needs to be done.

In webmail/imp/config/hooks.php, there is this function which is disabled/commented out by default:

// if (!function_exists('_imp_hook_vinfo')) {
// function _imp_hook_vinfo($type = 'username')
// {
// $vdomain = getenv('HTTP_HOST');
// $vdomain = preg_replace('|^mail\.|i', '', $vdomain);
// $vdomain = String::lower($vdomain);
//
// if ($type == 'username') {
// return preg_replace('|\.|', '_', $_SESSION['imp']['user'] . '_' . $vdomain);
// } elseif ($type == 'vdomain') {
// return $vdomain;
// } else {
// return PEAR::raiseError('invalid type: ' . $type);
// }
// }
// }

If you need virtual domain users to login, using just username instead of username@domain, there are a number of things to consider.

1. If you use one virtual host for all the domains you host, then each domain will need to have a DNS A record, like webmail.DOMAIN.NAME
2. IIRC, this will require Apache to use NameVirtualHost *:PORT and ALL webmail.DOMAIN.NAME will have to point to this vhost.

This line:
$vdomain = preg_replace('|^mail\.|i', '', $vdomain);

Should then be changed to:
$vdomain = preg_replace('|^webmail\.|i', '', $vdomain);


And this line:
return preg_replace('|\.|', '_', $_SESSION['imp']['user'] . '_' . $vdomain);

Should be made to look like:

return preg_replace('|\.|', '.', $_SESSION['imp']['user'] . '@' . $vdomain);

Actually, I see that what that line does is that it replaces @ with and underscore and any dots in the domain portion with and underscore too.
Such that if I went to http://webmail.wash.or.ke (which is the root for my webmail tree) and I put in the username johndoe, then what is submitted by IMP to the IMAP server as the login name becomes johndoe_wash_or_ke. I don't know why they do this (perhaps some security issue) but I changed mine as shown, so that the login name submitted is [hidden email]

3. You also need to edit webmail/imp/config/conf.php line 50 and change this line:

    $conf['hooks']['vinfo'] = false;

To  $conf['hooks']['vinfo'] = true;

Someone needs to tell me the danger posed by my having return preg_replace('|\.|', '.', $_SESSION['imp']['user'] . '@' . $vdomain);
I just did not need the replacements and to be honest I don't understand the dangers of doing this.

Someone who knows php better should tell me.

PS: I don't know if these changes affect the other groupware components. Someone should tell me:-)


--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Damn!!


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Virtual Domain Logins with Exim4u

gldickens3
Administrator
Hi Odhiambo,

Great find!  Please keep us posted and let us know how it works out in
the long run.

Thanks for reporting this!

Gordon



On 10/25/2010 07:54 AM, Odhiambo Washington wrote:

>
> Hi Gordon,
>
> I have traced this issue and found what needs to be done.
>
> In webmail/imp/config/hooks.php, there is this function which is
> disabled/commented out by default:
>
> // if (!function_exists('_imp_hook_vinfo')) {
> // function _imp_hook_vinfo($type = 'username')
> // {
> // $vdomain = getenv('HTTP_HOST');
> // $vdomain = preg_replace('|^mail\.|i', '', $vdomain);
> // $vdomain = String::lower($vdomain);
> //
> // if ($type == 'username') {
> // return preg_replace('|\.|', '_', $_SESSION['imp']['user'] . '_' .
> $vdomain);
> // } elseif ($type == 'vdomain') {
> // return $vdomain;
> // } else {
> // return PEAR::raiseError('invalid type: ' . $type);
> // }
> // }
> // }
>
> If you need virtual domain users to login, using just username instead
> of username@domain, there are a number of things to consider.
>
> 1. If you use one virtual host for all the domains you host, then each
> domain will need to have a DNS A record, like webmail.DOMAIN.NAME
> <http://webmail.DOMAIN.NAME>
> 2. IIRC, this will require Apache to use NameVirtualHost *:PORT and ALL
> webmail.DOMAIN.NAME <http://webmail.DOMAIN.NAME> will have to point to
> this vhost.
>
> This line:
> $vdomain = preg_replace('|^mail\.|i', '', $vdomain);
>
> Should then be changed to:
> $vdomain = preg_replace('|^webmail\.|i', '', $vdomain);
>
>
> And this line:
> return preg_replace('|\.|', '_', $_SESSION['imp']['user'] . '_' . $vdomain);
>
> Should be made to look like:
>
> return preg_replace('|\.|', '.', $_SESSION['imp']['user'] . '@' . $vdomain);
>
> Actually, I see that what that line does is that it replaces @ with and
> underscore and any dots in the domain portion with and underscore too.
> Such that if I went to http://webmail.wash.or.ke (which is the root for
> my webmail tree) and I put in the username johndoe, then what is
> submitted by IMP to the IMAP server as the login name becomes
> johndoe_wash_or_ke. I don't know why they do this (perhaps some security
> issue) but I changed mine as shown, so that the login name submitted is
> [hidden email] <mailto:[hidden email]>
>
> 3. You also need to edit webmail/imp/config/conf.php line 50 and change
> this line:
>
>      $conf['hooks']['vinfo'] = false;
>
> To  $conf['hooks']['vinfo'] = true;
>
> Someone needs to tell me the danger posed by my having return
> preg_replace('|\.|', '.', $_SESSION['imp']['user'] . '@' . $vdomain);
> I just did not need the replacements and to be honest I don't understand
> the dangers of doing this.
>
> Someone who knows php better should tell me.
>
> PS: I don't know if these changes affect the other groupware components.
> Someone should tell me:-)
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254733744121/+254722743223
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> Damn!!
>
>
>
> _______________________________________________
> users mailing list
> [hidden email]
> https://exim4u.org/mailman/listinfo/users


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Virtual Domain Logins with Exim4u

Odhiambo Washington
Hello Gordon,

This works for me quite well. Actually, to handle multiple domains with a single vhost, I just added the other domains as ServerAlias to the vhost.

I went looking for more information on the same and found this rather interesting post:


So, I am certain that my changes against the substitution of [\.|@] with _ is not really harmful. But I will go ahead and ask this on imp users list just to be sure.


On Tue, Oct 26, 2010 at 4:16 AM, Gordon Dickens <[hidden email]> wrote:
Hi Odhiambo,

Great find!  Please keep us posted and let us know how it works out in
the long run.

Thanks for reporting this!

Gordon



On 10/25/2010 07:54 AM, Odhiambo Washington wrote:
>
> Hi Gordon,
>
> I have traced this issue and found what needs to be done.
>
> In webmail/imp/config/hooks.php, there is this function which is
> disabled/commented out by default:
>
> // if (!function_exists('_imp_hook_vinfo')) {
> // function _imp_hook_vinfo($type = 'username')
> // {
> // $vdomain = getenv('HTTP_HOST');
> // $vdomain = preg_replace('|^mail\.|i', '', $vdomain);
> // $vdomain = String::lower($vdomain);
> //
> // if ($type == 'username') {
> // return preg_replace('|\.|', '_', $_SESSION['imp']['user'] . '_' .
> $vdomain);
> // } elseif ($type == 'vdomain') {
> // return $vdomain;
> // } else {
> // return PEAR::raiseError('invalid type: ' . $type);
> // }
> // }
> // }
>
> If you need virtual domain users to login, using just username instead
> of username@domain, there are a number of things to consider.
>
> 1. If you use one virtual host for all the domains you host, then each
> domain will need to have a DNS A record, like webmail.DOMAIN.NAME
> <http://webmail.DOMAIN.NAME>
> 2. IIRC, this will require Apache to use NameVirtualHost *:PORT and ALL
> webmail.DOMAIN.NAME <http://webmail.DOMAIN.NAME> will have to point to
> this vhost.
>
> This line:
> $vdomain = preg_replace('|^mail\.|i', '', $vdomain);
>
> Should then be changed to:
> $vdomain = preg_replace('|^webmail\.|i', '', $vdomain);
>
>
> And this line:
> return preg_replace('|\.|', '_', $_SESSION['imp']['user'] . '_' . $vdomain);
>
> Should be made to look like:
>
> return preg_replace('|\.|', '.', $_SESSION['imp']['user'] . '@' . $vdomain);
>
> Actually, I see that what that line does is that it replaces @ with and
> underscore and any dots in the domain portion with and underscore too.
> Such that if I went to http://webmail.wash.or.ke (which is the root for
> my webmail tree) and I put in the username johndoe, then what is
> submitted by IMP to the IMAP server as the login name becomes
> johndoe_wash_or_ke. I don't know why they do this (perhaps some security
> issue) but I changed mine as shown, so that the login name submitted is
> [hidden email] <mailto:[hidden email]>
>
> 3. You also need to edit webmail/imp/config/conf.php line 50 and change
> this line:
>
>      $conf['hooks']['vinfo'] = false;
>
> To  $conf['hooks']['vinfo'] = true;
>
> Someone needs to tell me the danger posed by my having return
> preg_replace('|\.|', '.', $_SESSION['imp']['user'] . '@' . $vdomain);
> I just did not need the replacements and to be honest I don't understand
> the dangers of doing this.
>
> Someone who knows php better should tell me.
>
> PS: I don't know if these changes affect the other groupware components.
> Someone should tell me:-)
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254733744121/+254722743223
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> Damn!!
>
>
>
> _______________________________________________
> users mailing list
> [hidden email]
> https://exim4u.org/mailman/listinfo/users


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users



--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Damn!!


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users