[imp] Sean D & Jason Lohrenz - revisiting imp on plesk?

[tobias at kabissa.org]

Hi Sean & all, 

OK, I've found the home of the plesk hack that is causing my problems - it's the
./imp/lib/PHP.php file, around where this line is found: 

$ServerName = preg_replace('/^webmail\./', '', preg_replace('/^www\./', '',
$headers['Host'])
);

I replaced the PHP.php file with the source version and now my login is
happening as expected. Login with full e-mail address even results in
preferences/addressbooks being found and from address being formed correctly. 

Now I just need to announce to my members that they will soon only be able to
login via their full e-mail address, and make that change via the Plesk control
panel. 

Best wishes and many thanks for your help, 

Tobias

Quoting Tobias Eigen <tobias at kabissa.org>:

> Hi Sean, 
> 
> You've got it pretty much right. Thanks for your efforts to think yourself
> into
> my situation! :-) 
> 
> > ok.. coming in late in the discussion has my head spinning.
> 
> Not so late - but sometimes I do feel like my requirements must be totally
> unusual since nobody ever complains here or in the plesk support forums..
> it's
> good to hear that my situation makes sense to somebody. :-) 
> 
> > Jason is right the cert issue is a drawback if you've paid for a proper
> cert
> > you 
> > may want a standalone horde install to accomadate it. I see you want it
> more
> > 
> > like Plesk 5 but i never used Plesk 5 so i'm at a loss there, I came into
> it
> > at 
> > Plesk 6.
> 
> Well, I do kind of like the webmail.* setup for those organizations hosting
> on
> my server who do want to use their own domain webmail, and offer it to their
> staff. It is slick. But I don't want to force everybody to use an interface
> that will give confusing and disconcerting error messages, and I like
> offering
> a single webmail login on the Kabissa homepage for my members. 
>  
> > Let me first clarify your goals... correct me if i'm wrong here.
> > 
> > 1.) you want to have one url that all your virtual hosts use for their
> > webmail. 
> > (because you bought a cert for it). e.g. if your biz is called
> > acmehosting.com 
> > you want everyone to use "http://www.acmehosting.com/webmail" even if they
> > are 
> > trying to access the email for bobsworld.com
> 
> Yeah, that's it - except I do have the cert set up for
> https://webmail.kabissa.org (our main webmail URL) as well as for
> https://www.kabissa.org
>  
> > 2.) you want them to login with full email addresses only (this would
> actally
> > be 
> > required for what i'm thinking you need). and the realm and maildomain
> must
> > get 
> > set appropriately based on the username (parsed from the email addy they
> used
> > as 
> > their username)
> 
> You got it. I noticed with Squirrelmail this seems to happen automatically -
> is
> this not the case for IMP? 
>  
> > 3.)  you want no security prompts for https (in other words you want to
> use
> > your 
> >   purchased cert).
> 
> Yep, you got it. 
>  
> > fear not!  i believe this is entirely possible (will require some tweaking
> > for 
> > sure)
> > 
> > i need to know what the CN (common name) is on your cert.  I am a real
> moron
> > 
> > when it comes to certs but i believe if you purchased a cert with a CN of 
> > webmail.acmehosting.com and try to use it for www.acmehosting.com/webmail
> > then 
> > you will get a warning about domains not mathcing the CN?  (maybe somebody
> > who 
> > knows more can answer this one) what i dont know is if you purchase the
> cert
> > 
> > with a CN of only "acmehosting.com" and then use it for
> www.acmehosting.com
> > or 
> > webmail.acmehosting.com do you still get the warning...?
> 
> I've got the cert working successfully on webmail.kabissa.org. 
>  
> > some facts:
> > 1.) yes plesks webmail uses just one cert for all domains, but its not
> true
> > that 
> > you cant change it.  You just cant change it through plesk so they will
> tell
> > 
> > you, you cant do it.  Plesk wants you to pretend there is no such thing as
> a
> > 
> > shell or apache configs.  the plesk cert its using is
> > /etc/httpd/conf/httpd.pem
> 
> Yep - this is what I've done. 
> 
> > 2.) plesk's imp DOES use some simple apache calls (i think i pasted the
> code
> > 
> > into one of my earlier posts) to grab the domain name from the url the
> user
> > put 
> > in the browser (i.e. webmail.SOMEDOMAIN.com) and then set the "realm" and 
> > "maildomain" to somedomain.com.
> 
> Yeah, this is what seems so silly to me. Makes more sense now that they're
> not
> allowing people to log into IMP on other domains on the same server, but it
> still seems screwy to use the web address to determine the email addresses.
> For
> our needs, it is better to use the domain name of the actual email account
> to
> figure this out. I actually hacked the webmail on plesk 5 to get the domain
> name from the plesk database after the login. That was a kludge I was never
> happy with, and doesn't work anymore anyway since the upgrade. 
> 
> > 3.) you CAN change a setting in plesk to force your users to use their full
> 
> > email addy when logging in (not just for webmail, but pop3 and imap as
> well)
> > if 
> > you do this it opens up your options a bit for horde.
> > 
> > if you can do #3 above then i think you should do the following:
> > 
> > stand-alone horde install using your cert and tweaked out to set the
> > maildomain 
> > from the username (i.e. full email addy).  or not at all perhaps as i dont
> 
> > believe either the realm or maildomain are required (realm would not be
> > needed 
> > as the username would HAVE to be the full email addy, therefore every users
> 
> > mysql settings would be unique without adding anything to the end of the
> > username)
> > 
> > if not... then i'll have ot think some more.
> 
> Yeah, we're on the same page methinks. Seems to me my next step is to set up
> a
> plain vanilla imp installation and see what happens when I log into it with
> full email addresses. My hope would be that existing account prefs etc will
> be
> found and mysql settings will be unique, and that for new imp users the
> default
> reply-to address would be correct. I'm not so confident that this will be
> the
> case. 
> 
> If you have further ideas, let me know - I'll give it a go now. 
> 
> Many thanks for your input. 
> 
> Cheers, 
> 
> Tobias
>