Author Topic: Strange username authentication failure with dovecot (related to the www alias)  (Read 3832 times)

Offline thisisit3

  • Newbie
  • *
  • Posts: 7
I've got a CentOS 7 server with the latest roundcube that comes with it (roundcubemail-1.1.6-1.el7.noarch).

Its fully working, I can go to https://www.domain.tld/webmail/ and login fine. Roundcube connects with the Dovecot backend for IMAP and with Postfix for SMTP. So far so good.

BUT

I started getting reports that others couldn't login to roundcube and upon further investigation I found that:

https://www.domain.tld/webmail/    (works!)

https://domain.tld/webmail/  (does NOT work)


For some unknown reason, when the user accesses roundcube without the "www." alias, then roundcube fails to connect to Dovecot. Very strange.

Anyone seen this issue before?

Thank you.


PS:
Below is part of my "config.inc.php":

Code: [Select]
$config['username_domain'] = '%t';
$config['username_domain_forced'] = true;
$config['mail_domain'] = '%t';

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
%t = "host name without first part, e.g. %n=mail.domain.tld, %t=domain.tld"

which in reality means ignore anything before the first . so "www.domain.tld" becomes "domain.tld" and "doman.tld" becomes "tld"
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…

Offline thisisit3

  • Newbie
  • *
  • Posts: 7
Thank you for the quick reply, I appreciate it.

I see what really happens then, without the "www" the option %t makes the user login as "user@tld" which is of course wrong, thus all logins fail.

Would "%d" work better in my case and support logins with the "www" and without?

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
I think if I were you I would setup my webserver to redirect users from one url to the other before they actually get to the login screen that way I can build my config with known inputs.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…

Offline thisisit3

  • Newbie
  • *
  • Posts: 7
I agree with your suggestion, so I've already created a quick rule within the conf.d/roundcubemail.conf to force a redirect.

But as a precaution, shouldn't the "%t" parameter at least stop from returning just "tld" ? it would be nice if it stopped at just "domain.tld". Or maybe I'm wrong and some setups require a special kind of login like "user@tld".

Anyway, thank you for your help again, I appreciate it.

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
macros cannot be provided for every eventuality. depending on the exact variations of domain name for example you can use the 'include_host_config' option to use different configs for different domains.

BTW I notice that the link mentioned in the comments of that option is out of date. it should be https://github.com/roundcube/roundcubemail/wiki/Configuration:-Multi-Domain-Setup
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…