How to make webmail.domain.com secure (SSL) for every user/account?

[HighFly]

Hello,

We've integrated many years ago the default webmail.domain.com feature as described here: http://help.directadmin.com/item.php?id=92.

How can we make this solution secure via SSL? Currently we have https://servername.ourdomainname.com/roundcube working. But how can we make it possible that customers are rerouted to this Secure Link?

Thanks in advance for any help.

 

[zEitEr]

Hello,

If you want https://webmail.customer-domain.com/, then you should either buy a SSL cert for every webmail.domain.com, or use self-signed and ask your customers to ignore warning about SSL cert error.

If you want to redirect from all http://webmail.customer-domain.com/ to https://servername.ourdomainname.com/roundcube then use either apache redirects or mod_rewrite. Just put it somewhere between<VirtualHost |IP|:80> and </VirtualHost>

<VirtualHost |IP|:80>
   ServerName webmail.|DOMAIN|
   ServerAdmin |ADMIN|
   DocumentRoot /var/www/html/squirrelmail
   CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
   CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
   ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log
 </VirtualHost>

 

[NoBaloney2]

If you want https://webmail.customer-domain.com/, then you should either buy a SSL cert for every webmail.domain.com

I'm not sure how this would work. Where would you put the Certificates?

I've been directing my clients in my setup emails to use https://host.example.com/webmail, but I like your redirect idea and may start using it.

Jeff

 

[zEitEr]

I'm not sure how this would work. Where would you put the Certificates?

I'd admit that, I don't know any other way how could it be used server wide, but with private (dedicated) IPs, if talking about a valid SSL cert for every webmail's host. So if to follow the theory that everything is possible, then there might be a solution, which is unknown to me yet (for now).

 

[HighFly]

If you want to redirect from all http://webmail.customer-domain.com/ to https://servername.ourdomainname.com/roundcube then use either apache redirects or mod_rewrite. Just put it somewhere between<VirtualHost |IP|:80> and </VirtualHost>

Can you give me an example of how to set the code between the <VirtualHost> </VirtualHost>?

Thx in advance!

 

[zEitEr]

Sorry, but your question puzzled me. Are you really asking how to open the file in a file editor and put your custom code between the two lines? Or are you willing to know, what exact code to put there?

 

[NoBaloney2]

I'd admit that, I don't know any other way how could it be used server wide, but with private (dedicated) IPs, if talking about a valid SSL cert for every webmail's host. So if to follow the theory that everything is possible, then there might be a solution, which is unknown to me yet (for now).

I suppose it can be done by creating webmail.example.com as a separate domain (not a subdomain) for each user, protected by it's own Certificate); it seems excessive.

Jeff

 

[scsi]

Not needed at all. You can create a single ssl site for webmail and forward all requests there.

 

[NoBaloney2]

Of course. Which is what we do. My understanding that this isn't what the original poster wants. Perhaps I'm wrong.

Jeff

 

[HighFly]

Sorry, but your question puzzled me. Are you really asking how to open the file in a file editor and put your custom code between the two lines?

No no... i understand the use of editor, like nano, vi or mcedit. ... Apologizes for my bad english!

Or are you willing to know, what exact code to put there?

Yes please, because i've been looking, but unsure what to write exactly and on what position.

My current virtual_host2.conf (located in /usr/local/directadmin/data/templates/custom) is like this:

|?DOCROOT=`HOME`/domains/`DOMAIN`/public_html|
|?OPEN_BASEDIR_PATH=`HOME`/:/tmp:/usr/local/lib/php/|
<VirtualHost |IP|:80>
|CUSTOM|
|?CGI=ScriptAlias /cgi-bin/ `DOCROOT`/cgi-bin/|
        ServerName www.|DOMAIN|
        ServerAlias www.|DOMAIN| |DOMAIN| |SERVER_ALIASES|
        ServerAdmin |ADMIN|
        DocumentRoot |DOCROOT|
        |CGI|

        |USECANONICALNAME|

        SuexecUserGroup |USER| |GROUP|
        CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
        CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
        ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log

        <Directory |DOCROOT|>
                Options +Includes -Indexes
|*if CLI="1"|
                php_admin_flag engine |PHP|
                <IfModule !mod_php6.c>
                        php_admin_flag safe_mode |SAFE_MODE|
                </IfModule>
                php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN|'
|*endif|
|*if OPEN_BASEDIR="ON"|
                php_admin_value open_basedir |OPEN_BASEDIR_PATH|
|*endif|
|*if SUPHP="1"|
                suPHP_Engine |PHP|
                suPHP_UserGroup |USER| |GROUP|
|*endif|
        </Directory>
|HANDLERS|
|MIMETYPES|

</VirtualHost>
<VirtualHost |IP|:80>
  ServerName webmail.|DOMAIN|
  ServerAdmin |ADMIN|
  DocumentRoot /var/www/html/roundcube
  CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
  CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
  ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log
</VirtualHost>

 

[HighFly]

Of course. Which is what we do. My understanding that this isn't what the original poster wants. Perhaps I'm wrong.

Hi Jeff,

Not sure anymore if you and SCSI mean something different. Maybe some more information from my site.

Currently customers can login to webmail (unsecure) via:
http://webmail.customer-a-domain.com
http://webmail.customer-b-domain.com
http://webmail.customer-c-domain.com

I want all customers (automatically) rerouted to https://servername.ourdomainname.com/roundcube (secure).

I think zEitEr's have the solution, only i'm unsure which code to use exactly.

Anyway, all you people in this post, thanks for your help! And apologizes for any misunderstanding!

 

[zEitEr]

@Jeff,

I'm not sure how this would work. Where would you put the Certificates?

Recently I found this

http://www.directadmin.com/features.php?id=1100
http://www.directadmin.com/forum/showthread.php?t=41976&page=1

Though it seems you know about SNI.

@HighFly,

No no... i understand the use of editor, like nano, vi or mcedit. ... Apologizes for my bad english!
Yes please, because i've been looking, but unsure what to write exactly and on what position.

The second example from here http://help.directadmin.com/item.php?id=37
Put it somewhere in

<VirtualHost |IP|:80>
  ServerName webmail.|DOMAIN|
  ServerAdmin |ADMIN|
  DocumentRoot /var/www/html/roundcube
  CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
  CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
  ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log
</VirtualHost>

it does not really matter where exactly.

 

[NoBaloney2]

http://www.directadmin.com/features.php?id=1100
http://www.directadmin.com/forum/showthread.php?t=41976&page=1

Though it seems you know about SNI.

It seems I've forgotten what I knew .

I do believe this would work but I still don't know if everything needed (see the apache wiki) is included in CustomBuild. Have you checked? Has anyone?

Jeff

 

[zEitEr]

@Jeff,

I do believe this would work but I still don't know if everything needed (see the apache wiki) is included in CustomBuild. Have you checked? Has anyone?

Not, yet. I've found this only recently by chance. And I haven't gone into details.

 

[scsi]

All you need is a virtualhost with

ServerAlias webmail.*
RedirectPermanent / https://webmail.domain.com/roundcube

 

[pucky]

No no... i understand the use of editor, like nano, vi or mcedit. ... Apologizes for my bad english!



Yes please, because i've been looking, but unsure what to write exactly and on what position.

My current virtual_host2.conf (located in /usr/local/directadmin/data/templates/custom) is like this:

|?DOCROOT=`HOME`/domains/`DOMAIN`/public_html|
|?OPEN_BASEDIR_PATH=`HOME`/:/tmp:/usr/local/lib/php/|
<VirtualHost |IP|:80>
|CUSTOM|
|?CGI=ScriptAlias /cgi-bin/ `DOCROOT`/cgi-bin/|
        ServerName www.|DOMAIN|
        ServerAlias www.|DOMAIN| |DOMAIN| |SERVER_ALIASES|
        ServerAdmin |ADMIN|
        DocumentRoot |DOCROOT|
        |CGI|

        |USECANONICALNAME|

        SuexecUserGroup |USER| |GROUP|
        CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
        CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
        ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log

        <Directory |DOCROOT|>
                Options +Includes -Indexes
|*if CLI="1"|
                php_admin_flag engine |PHP|
                <IfModule !mod_php6.c>
                        php_admin_flag safe_mode |SAFE_MODE|
                </IfModule>
                php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN|'
|*endif|
|*if OPEN_BASEDIR="ON"|
                php_admin_value open_basedir |OPEN_BASEDIR_PATH|
|*endif|
|*if SUPHP="1"|
                suPHP_Engine |PHP|
                suPHP_UserGroup |USER| |GROUP|
|*endif|
        </Directory>
|HANDLERS|
|MIMETYPES|

</VirtualHost>
<VirtualHost |IP|:80>
  ServerName webmail.|DOMAIN|
  ServerAdmin |ADMIN|
  DocumentRoot /var/www/html/roundcube
  CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
  CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
  ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log
</VirtualHost>

Can you elaborate on this setup? I mean, mod_ruin2 directives seem to be missing.