search

mjl- / mox

modern full-featured open source secure mail server for low-maintenance self-hosted email
https://www.xmox.nl
MIT License
3.71k stars 113 forks source link

Feature request: Webmail on custom domains. #67

Closed x8x closed 1 year ago

x8x commented 1 year ago

Now if Mox is running under mail.domain.com and I set up mail accounts for domain another-domain.com, webmail access would always be under mail.domain.com/webmail/.

It would be nice to have an option to have webmail available also at mail.another-domain.com/webmail/

Hum.. and while at it also the user account settings page at mail.another-domain.com/

mjl- commented 1 year ago

Now if Mox is running under mail.domain.com and I set up mail accounts for domain another-domain.com, webmail access would always be under mail.domain.com/webmail/.

It would be nice to have an option to have webmail available also at mail.another-domain.com/webmail/

Hum.. and while at it also the user account settings page at mail.another-domain.com/

This is certainly on the list. Along with per-domain client settings, for IMAP and SMTP server. The current client configs all reference the host name. For multi-domain setups, this isn't great because if a domain needs to be moved, all client configs would need to be updated. I'll bump this todo up a bit. (:

x8x commented 1 year ago

Is it correct to assume that you intend to utilize SNI to enable per-domain client settings for IMAP and SMTP on a single server IP? If my understanding is correct, there can only be one reverse DNS entry for an IP address, which used to be a critical factor in avoiding being flagged as a malicious email server.

mjl- commented 1 year ago

Is it correct to assume that you intend to utilize SNI to enable per-domain client settings for IMAP and SMTP on a single server IP? If my understanding is correct, there can only be one reverse DNS entry for an IP address, which used to be a critical factor in avoiding being flagged as a malicious email server.

Outgoing email would still always be coming from the mail server host name, independent of domain (SMTP EHLO will always mention the host name, not necessarily the domain name for sending). The reverse DNS checks done by the external receiving mail server should stay valid.

The MX record of each hosted domain would also still reference the actual mail server host name, independent of the hosted domain name. Changing the MX record is not a problem when a domain would need to be moved in the future, and it keeps the incoming SMTP config simpler. Incoming SMTP on port 25 could do SNI (assuming any sender using STARTTLS either does not validate TLS certs or uses SNI), and for deliveries reverse DNS doesn't matter, but I think per-domain TLS certificates on port 25 would only complicate matters, and not help anyone.

I plan to only have the per-domain TLS certificates in the IMAPS and Submissions listeners. They are the only ones that mail clients use (SMTP-receiving mail servers have no concern with these). The IMAP/Submission hostname will probably be mail. by default, with "mail" being CNAME to the host name. Those will be the names configured in email clients. And if a domain needs to move, changing the CNAME record will keep client configs working.

x8x commented 1 year ago

Closing this issue since the requested feature has been added to the roadmap.

Thank you for the details!