I currently have a server with postfix/dovecot/postfixadmin and squirrelmail running for multiple domains. I use mysql to store the account/domain details. However, if I go to the webmail of a domain on my server, I can login to all email accounts on any domain on my server. How can I make it only possible to login to a mailaccount using on the right domain? And if i've done this, is it also possible to allow to login to all mailaccounts using the ip-address of the server directly?
In short, I want that if a user goes to domain1.com/webmail he can only login to emailaccounts with @domain1.com, but if a user goes to A.B.C.D/webmail he can login to all emailaccounts on the server.
edit:
I think I wasn't clear enough in my post, so I will try to explain a little bit better what I have:
I have one postfix/squirrelmail installation, and squirrelmail can be accessed on any domain through domain.com/webmail (/webmail is aliased). But because I only have one installation, you can login on all domains on my server using any domain. So for example, if I have domain1.com and domain2.com, you can login with somemail@domain1.com at www.domain2.com/webmail. I dont want this. The only exception to this rule is that I want to be able to access the complete mailserver, so all emailadressess on all domains, using the ip-address of the server (A.B.C.D/webmail). Sorry if my question isn't clear, english is not my main language so I sometimes have some trouble explaining my problems in english.
Best Answer
To do this you will need to change some code in Squirrelmail.
The page that does the login, from that you can with PHP look at the domain name and then make sure that only current domain is after the @. If you are not a PHP developer it could take some time to find out how to do this, and I do not really recommend this solution.
The thing you should do instead is to create one webmail that all users log in from and then SSL encrypt the page, to make sure that users do not send their e-mail credentials via clear text, and then redirect domain.com/webmail to e.g. https://ssl.yoursite.com/webmail
I have built several shared hosting environments hosting thousands of clients, but none of them are dedicated per-domain. All of them are placed on a secure location (simply because I refuse to build webmail access without SSL).
Now the reason why this should be the approach is, that users usually access their webmail from everywhere, which drastically increases the risk of someone sniffing network traffic, thus gaining access.
Nor would you like this to happen, because if that happens your server could be used as a source of unsolicited bulk e-mail (SPAM).