Symptoms

  1. Create a custom CNAME record for accessing webmail from customer control panel

    CNAME   webmail.example.com.    webmail.provider.com    3600    Manual   Active  Yes
    
  2. Access https://webmail.example.com and get the error message:

    This page was disabled by security reason. You can log into webmail using POA CP or url like 'webmail.yourdomain'. Username and Password text box disabled
    

What is the correct way to setup webmail to work in customer's domain with proper branding without the need to login to CCP?

Cause

This is expected behavior, resulting from incorrect configuration.

It should not be necessary to add manual CNAME or A records for webmail.domain.tld.

Resolution

How it should work:

  1. There must be a server in the system (usually it is branding CP server) that must have webmail_login (type=other) OA package installed. Refer to Mail Hosting module deployment guide for detailed instructions how install webmail servce in OA environment.

  2. After package installation it creates the following configuration file on the branding server:

    <VIRTUALHOST 11.11.11.11:80>
    <IfModule mod_ssl.c>
      SSLEngine off
    </IfModule>
      SERVERNAME 11.11.11.11
      SERVERALIAS webmail.*
      DOCUMENTROOT /tmp
      REWRITEENGINE on
      REWRITECOND %{HTTP_HOST} ^webmail.*
      REWRITERULE ^(.*)$ http://10.10.10.10:8080/servlet/WebMailRedirector?host=%{HTTP_HOST} [P]
    </VIRTUALHOST>
    
    <IfModule mod_ssl.c>
    <VIRTUALHOST 11.11.11.11:443>
      SSLEngine on
      SSLCertificateFile /usr/local/pem/etc/apache/httpsd.pem
      SERVERNAME 11.11.11.11
      SERVERALIAS webmail.*
      DOCUMENTROOT /tmp
      REWRITEENGINE on
      REWRITECOND %{HTTP_HOST} ^webmail.*
      REWRITERULE ^(.*)$ http://10.10.10.10:8080/servlet/WebMailRedirector?host=%{HTTP_HOST} [P]
    </VIRTUALHOST>
    </IfModule>
    
  3. With this configuration in place, when Qmail subscription is created and Qmail hosting is added to domain, OA automatically creates "A" record for webmail.domain.tld pointing to the IP address of the proxy server. When customer goes to http://webmail.domain.tld, he is redirected to http://10.10.10.10:8080/servlet/WebMailRedirector?host=%{HTTP_HOST} which in turn redirects customer to appropriate branded webmail login form.

Make sure that there is a server with webmail_login package present in the system. The following query in database can be used to check this:

SELECT * FROM components WHERE pkg_id IN (SELECT pkg_id from packages where name = 'webmail_login');

If no such hosts are found - install webmail_login package to a server (usually branding control panel server). For new subscriptions appropriate A record will be added automatically during service provisioning. For existing ones it will be necessary to add the records manually.

Internal content

Link on internal Article