Substitution of Plesk administrated Webserver?

OMG…Thats absolutely necessary. Because I use this separated addresses really.
A typical case is admin_xyz@mancestry.de and admin_xyz@dargels.de
Or info@myancestry.de and info@dargels.de and info@abc.de
abc.de is possibly not owned by me.

There’s a feature request about this and a solution but I didn’t test.
It seems you need to create a pseudouser to have a separate mailbox and then map the right address to the pseudouser.

@davidep

This is a requirement from 2018. He seems to have fallen into oblivion. Do we now have a chance to make the mail server really multi-domain capable?
In the meantime, I would try the workaround with the custom template. How do I have to proceed concretely?

You need a template-custom and an additional file, please check this gist: then run signal-event nethserver-mail-server-save You can authenticate as pseud01@example.com and become “john”

Is it possible to create different mail accounts on the client side with common mail clients?
The goal is that on the client side the user “User1” can impersonate “user1@aaaa.tld” and “user1@bbbb.tld” and manage separate mail accounts. He should also be able to log in as “user1@aaaa.tld” and “user1@bbbb.tld” in SoGo or Roundcube and send mails under this identity. It would not be sufficient to be able to log in as “User1” and find all mails from “user1@aaaa.tld” and “user1@bbbb.tld” in one inbox.

@capote

Hi Marko

This is possible, without problems. At least using NethServer, NextCloud and Roundcube.
I can’t confirm SoGo or WebTop as I don’t use both.

In Roundcube you need to set the user ID and who the user is sending as.

In a multidomain setup, the most common use case is for the webmaster@domainname.com mail, but also for the info@domainname.com mail account. Other accounts can have conflicts, but the two mentionned will ALWAYS have conflicts on a multidomain setup, so these need to be done right.

My 2 cents
Andy

2 Likes

H Andy, you give me hope …

A) external DNS-Provider

  1. domain1.tld (current Nethserver installation)

    •	domain1.tld. 		86400 	IN 	A 	123.456.111
    •	*.domain1.tld.	    86400	IN	A	123.456.111
    •	www.domain1.tld. 	86400	IN 	A 	123.456.111
    •	imap.domain1.tld. 	86400	IN 	A 	123.456.111
    •	smtp.domain1.tld. 	86400	IN 	A 	123.456.111
    •	wp.domain1-tld. 	86400	IN 	A 	123.456.111
    •	srv01-domain1.tld. 	86400	IN 	A 	123.456.111
    •	domain1.tld. 		86400 	IN 	MX 	10 domain1.tld.
    •	_dmarc. domain1.tld.86400	IN	TXT	"v=DMARC1; p=quarantine"
    •	default._domainkey. domain1.tld. 86400	IN	TXT	( "v=DKIM1; k=rsa; " "p=ML2BIg…" " +jIB…" ) 
    
  2. domain2.tld (existing Plesk installation, should be migrated to nethserver)

    •	domain2.tld. 				86400 	IN 	A 	123.456.222
    …
    •	domain2.tld. 			86400 	IN 	MX 	10 domain2.tld.
    •	*._tcp. domain2.tld.		86400	IN	TLSA	3 1 1 987abc321…
    •	_imaps._tcp. domain2.tld.	86400	IN	SRV	0 0 993 domain2.tld.
    •	_pop3s._tcp. domain2.tld.	86400	IN	SRV	0 0 995 domain2.tld.
    •	_smtps._tcp. domain2.tld.	86400	IN	SRV	0 0 465 domain2.tld.
    

B) Nethserver-Configuration

  1. Server name: srv01-domain1.tld ( = 123.456.111)
  2. virtual hosts (Nethserver —> Web Server —> virtual hosts)
    • default (/var/www/html/) = 127.0.0.1
    • wp.domain1.tld (/var/lib/nethserver/vhost/aa111)/) = 123.456.111
    • domain2.tld (/var/lib/nethserver/vhost/bb222)/) = 127.0.0.1
  3. Mail Domains (Nethserver —> Email —> Domains):
    • domain1.tld as Standard-Domain (DKIM configured)
    Status Check: Port 25 o.k. || DKIM-Record o.k. || MX-Record o.k. || IP reverse o.k.)
    • domain2.tld as Alias-Domain (DKIM not configured)
    Status Check: Port 25 unreachable || DKIM-Record missing record || MX-Record o.k. || IP reverse o.k.)
    → The differences between an alias domain and a standard domain and their effects on server configuration and client configuration are not explained in the manual.

C) User Management

  1. System User (LDAP):
    • admin (groups: domain admins)
    • user1 (groups: domain mail)
    • user2 (groups: domain admins; mail)
  2. Addresses:
    • admin@domain1.tld (buildt in)
    • user1@domain1.tld (buildt in)
    • user2@domain1.tld (buildt in)
    • user2@domain2.tld (buildt in) Destination: user2
    • postmaster@ (Wildcard) Destination: root
  3. Mailboxes:
    • admin (Aliases: admin@domain01.tld and user2@domain2.tld)
    • user1
    • user2
  1. existing Mail stores (/var/lib/nethserver/vmail):
    • /root/
    • /vmail/
    • /vmail@domain1.tld/
    • /admin@domain1.tld/
    • /user1@domain1.tld/
    • /user2@domain1.tld/
  2. missing Mail stores (/var/lib/nethserver/vmail):
    • /user2@domain2.tld/ (because redirected to user2, that means to user2@domain1.tld)
    D) What I Need:
    • Some users with existing mail addresses and unique mailboxs on domain2.tld
    • user2@domain2.tld,…user6@domain2.tld, , …

E) What should I do?
a) If I create the system the user (LDAP) like user5, user6, …they automatically get the mail address user5@domain1.tld, user6@domain1.tld…
b) If I create an additional mail address “user5@domain2.tld”, “user6@domain2.tld”, … I have to specify a destination, redirecting to an existing system user…and this system user is related to a mail address and mail store with “domain1.tld”
c) I am completely at a loss as to what to do now.
Does anything change in the described behavior if I change the A-record from domain2.tld to the new Nethserver and then create the vhost, system and mail-user or is it indifferent? Which MX-record do I have to create then? MX 10 domain1.tld or MX 10 domain2.tld?
d) How do i have to configure my mail client to create a mailbox for user5@domain2.tld and send and receive mails exclusively for user5@domain2.tld?

Could you explain how do you resolved this kind of problem, or better how I shell resolve my problems?
Possibly I still have a thinking error. @mrmarkuz disillusioned me now I have hope again.

best regards, Marko

@capote

Hi Marko

Create users in the form of:

dom1_webmaster -> webmaster@domain1.de
dom2_webmaster -> webmaster@domain2.de
dom3_webmaster -> webmaster@domain3.de

or (eg)

dom1_marko_dargel -> marko.dargel@domain1.de
dom2_marko_dargel -> marko.dargel@domain2.de
dom3_marko_dargel -> marko.dargel@domain3.de

The first part is the actual username, this can recieve mail, but as no one knows about it, it’s never used. This is basically just a username, for clients to log in…

The second part is the email alias (What is actually used for reception of mails.
Outgoing is set in the client. (Thunderbird, Mac Mail, Outlook, etc.)
If using Webmail like Roundcube, just set that for each user in roundcube. (Settings / Identity)

This should solve your mail / user account problems, or at least suggest a naming convention which works!

My 2 cents
Andy

PS: personally, i put the domain-identifier at the end: username_dom1…

1 Like

Hy Andy. thats a hot tipp!
I will try it.

What is your advice? Should I change the DNS-record before or after the Nethserver configuration?
I would prefer a change after the Nethserver configuration, because my existing server can work without interruption.

@capote

A DNS always takes time before it is “available” on the internet. A key in this is TTL (Time To Live, or how long can the record last for…). Usually you set TTL lower a week or more before the move…
After a successful move, TTL is set higher again.

As long as your nethserver can resolve itself in the meantime, do Nethserver first, and DNS later.

1 Like

Yes, I had already reduced as a precaution.

@capote

Well then, get your mail users configured and test it out!

Keep eg an XL sheet with the mail mappings…

My 2 cents
Andy

1 Like

@Andy_Wismer … You’re the best!
Mail switch is done, all works fine.
Right now I’m struggling with the final Wordpress migration. Something is not working as expected.

@capote

Hi

Glad the mail stuff works!

Wordpress Migration:

There are usually two things to check when migrating WP:

The WP Config file, for Database Access (User, DB-Name, DB-Password)
Inside the Database: The path to the WP Installation. See the table Options…

The last thing to check is the permissions, that needs to be the apache user, as Michel-André said, or you’ll get update issues with WP…

My 2 cents
Andy

1 Like

Also my wordpress site is up.It was a backup restoring issue.
Thank you all for your support.

Within the next days, I will tune some details and try the reverse proxy.

Marko

1 Like

Hi Marko,

For vhosts:

We need to add a piece of code to the wp-config.php configuration file, so that WordPress has no problem performing certain functions, such as updating, or it will be unable to locate the content directory and will display an error message.

For a functional solution, see the WordPress page: Unable to locate the content directory at URL: Wordpress : Impossible de localiser le répertoire de contenu - Web Formation. This URL is no longer available.

At the end of wp-config.php:

if(is_admin()){
    add_filter('filesystem_method', create_function('$a', 'return "direct";' ));    
    define( 'FS_CHMOD_DIR', 0751 );
}

Not needed for /var/www./html/wp-config.php.

If you don’t add those lines with vhosts, sometime WordPress will work but also sometime will not.

Michel-André

yes, I saw this in Chapter III/5.1 and added it at the end of wp-config.php

What I didn’t realize is Chapter III/7 (/etc/httpd/conf.d/z_well-known.conf ) because I was unsure how to map my hosts here.

best regards, Marko

Hi Marko,

Let’s Encrypt will always use the default site: /var/www/html/.well-known directory and not the vhost’s .well-known directory.

Michel-André

EDITION:
Maybe it is because the default site is the first one in the list.
I never tried with the vhost domain name as the first one in the list.

1 Like

Hi all,

Is there someone who can confirm this ?

There should be a way to ask for more than one certificate; one for the default site and other one for each vhost.

I never tried it but, there is a a way to assign each certificate to each domain in the GUI (980):
Virtual hosts → Edit

image

Michel-André

You can request more LE certs and use them in the vhosts.

See screenshot.

1 Like

Hi Markus,

Does the certificate challenges used the .well-known of the vhost or the one from the default /var/www/html/.well-known ?

Michel-André

The one in /var/www/html/.well-known.
It’s defined in /etc/httpd/conf.d/letsencrypt.conf.

2 Likes