[imp] Sean D & Jason Lohrenz - revisiting imp on plesk?

Tobias Eigen tobias at kabissa.org
Wed Jul 14 19:00:58 PDT 2004 

Hi Sean, 

You've got it pretty much right. Thanks for your efforts to think yourself into
my situation! :-) 

> ok.. coming in late in the discussion has my head spinning.

Not so late - but sometimes I do feel like my requirements must be totally
unusual since nobody ever complains here or in the plesk support forums.. it's
good to hear that my situation makes sense to somebody. :-) 

> Jason is right the cert issue is a drawback if you've paid for a proper cert
> you 
> may want a standalone horde install to accomadate it. I see you want it more
> 
> like Plesk 5 but i never used Plesk 5 so i'm at a loss there, I came into it
> at 
> Plesk 6.

Well, I do kind of like the webmail.* setup for those organizations hosting on
my server who do want to use their own domain webmail, and offer it to their
staff. It is slick. But I don't want to force everybody to use an interface
that will give confusing and disconcerting error messages, and I like offering
a single webmail login on the Kabissa homepage for my members. 
 
> Let me first clarify your goals... correct me if i'm wrong here.
> 
> 1.) you want to have one url that all your virtual hosts use for their
> webmail. 
> (because you bought a cert for it). e.g. if your biz is called
> acmehosting.com 
> you want everyone to use "http://www.acmehosting.com/webmail" even if they
> are 
> trying to access the email for bobsworld.com

Yeah, that's it - except I do have the cert set up for
https://webmail.kabissa.org (our main webmail URL) as well as for
https://www.kabissa.org
 
> 2.) you want them to login with full email addresses only (this would actally
> be 
> required for what i'm thinking you need). and the realm and maildomain must
> get 
> set appropriately based on the username (parsed from the email addy they used
> as 
> their username)

You got it. I noticed with Squirrelmail this seems to happen automatically - is
this not the case for IMP? 
 
> 3.)  you want no security prompts for https (in other words you want to use
> your 
>   purchased cert).

Yep, you got it. 
 
> fear not!  i believe this is entirely possible (will require some tweaking
> for 
> sure)
> 
> i need to know what the CN (common name) is on your cert.  I am a real moron
> 
> when it comes to certs but i believe if you purchased a cert with a CN of 
> webmail.acmehosting.com and try to use it for www.acmehosting.com/webmail
> then 
> you will get a warning about domains not mathcing the CN?  (maybe somebody
> who 
> knows more can answer this one) what i dont know is if you purchase the cert
> 
> with a CN of only "acmehosting.com" and then use it for www.acmehosting.com
> or 
> webmail.acmehosting.com do you still get the warning...?

I've got the cert working successfully on webmail.kabissa.org. 
 
> some facts:
> 1.) yes plesks webmail uses just one cert for all domains, but its not true
> that 
> you cant change it.  You just cant change it through plesk so they will tell
> 
> you, you cant do it.  Plesk wants you to pretend there is no such thing as a
> 
> shell or apache configs.  the plesk cert its using is
> /etc/httpd/conf/httpd.pem

Yep - this is what I've done. 

> 2.) plesk's imp DOES use some simple apache calls (i think i pasted the code
> 
> into one of my earlier posts) to grab the domain name from the url the user
> put 
> in the browser (i.e. webmail.SOMEDOMAIN.com) and then set the "realm" and 
> "maildomain" to somedomain.com.

Yeah, this is what seems so silly to me. Makes more sense now that they're not
allowing people to log into IMP on other domains on the same server, but it
still seems screwy to use the web address to determine the email addresses. For
our needs, it is better to use the domain name of the actual email account to
figure this out. I actually hacked the webmail on plesk 5 to get the domain
name from the plesk database after the login. That was a kludge I was never
happy with, and doesn't work anymore anyway since the upgrade. 

> 3.) you CAN change a setting in plesk to force your users to use their full 
> email addy when logging in (not just for webmail, but pop3 and imap as well)
> if 
> you do this it opens up your options a bit for horde.
> 
> if you can do #3 above then i think you should do the following:
> 
> stand-alone horde install using your cert and tweaked out to set the
> maildomain 
> from the username (i.e. full email addy).  or not at all perhaps as i dont 
> believe either the realm or maildomain are required (realm would not be
> needed 
> as the username would HAVE to be the full email addy, therefore every users 
> mysql settings would be unique without adding anything to the end of the
> username)
> 
> if not... then i'll have ot think some more.

Yeah, we're on the same page methinks. Seems to me my next step is to set up a
plain vanilla imp installation and see what happens when I log into it with
full email addresses. My hope would be that existing account prefs etc will be
found and mysql settings will be unique, and that for new imp users the default
reply-to address would be correct. I'm not so confident that this will be the
case. 

If you have further ideas, let me know - I'll give it a go now. 

Many thanks for your input. 

Cheers, 

Tobias

More information about the imp mailing list