Can I create username@domain.tld usernames for existing username.domain users?

OK, so that subject about sums it up. I’ve read just about every post on this and haven’t found an answer. I still have a lot of email accounts set up with username.domain. Newer email clients stupidly require username@domain.tld for the username.

To make this easier for both me and the customer, I’d like to leave the old username.domaiin in place and create a user, username@domain.tld which uses the same directory and same userid and groupid to make this a simple process. Will Virtualnin handle my doing that or does it require username-domain.tld?

This would be much easier than moving the mail to another temp mailbox, deleting the old mailbox, moving the email back to the recreated mailbox and then dealing with the customer to help them reconfigure their PC, Laptop, tablet and phone.

I think it probably will Just Work (adding identical entries to /etc/passwd with just the name changed from user.domain to user@domain.tld).

Maybe try it with a test domain and user first? There are things that might get weird: Changing usernames in Virtualmin/Webmin (there’s probably a config option somewhere in the domain that makes Virtualmin aware of these magic usernames…it’s been a long time since I thought about it or looked at the code). But, mostly Webmin and Virtualmin consider the passwd file to be the source of truth with regard to users. Maybe/probably Virtualmin will also report the wrong name as the one to use for IMAP/FTP/etc. (in the Users page in Virtualmin) unless told the given domain is using the user@domain.tld format. I’ll have to poke around to figure out whether there is an option for that per-domain or if it’s always automagically detected (but, if you test and it looks right in that page, I guess we’ve established it’s automagic).

Edit: Regardless, you definitely don’t need to recreate all the users. I’m sure there are, tops, two or three places you need to poke to make it work (and maybe only one, /etc/passwd).

There should be better ways of doing it. There seems to be an option under Server Templates, especially for it, and it seems flexibly configurable.

Screenshot from 2020-01-06 14-02-582560×1440 324 KB

Format for usernames that include domain
When a username has the domain name appended, this option selects the format. Not all options are available on all OS platforms, as some characters are not allowed in usernames. Whether the domain name is the full username, i.e. “virtualmin.com”, or just the first part, i.e. “virtualmin”, is dictated by the Domain name style in usernames option on the Module Config page.
The username@domain option is not recommended unless you are migrating users from another system that already uses it. The Postfix mail server has problems with SMTP authentication by users with an @ in the username, and requires that an extra Unix user be created for each mailbox for mail delivery to work.

More over, I can confirm, that using @ in that option (is set by default) already creates an extra user:

1. Create new user
   

   

   image1506×900 125 KB

2. After user is created:
   

   

   image1507×376 61.9 KB

3. After user is created (in User and Groups module):
   

   

   image1507×1178 248 KB

Technically, I think (not tested), you can simply duplicate and modify the lines on /etc/shadow and /etc/passwd files:

image1065×155 41.3 KB

Oh well, close. I edited passwd and shadow. I copied the user.domain (no tld) and created user@domain.tld in both files. Apparently, and this seems to ring some very old bell, Virtualmin keys off of the - in user-domain.tld. What I wound up with when looking at Mail and FTP Users in Virtualmin was an added account, so I now have user.domain and user@domain.tld. user@domain.tld shows the proper quota used but gives mail size as None. Looking further, I found that under Primary email address enabled was set to ‘No’. I changed this to yes and then there was no mail in user.domain. Checking that, I saw that ‘Primary email address’ was changed to ‘No’.

I’m not so bothered about how much I need to do to keep my customers happy, but it looks like I’m going need to get rid of the old user.domain username which means they have to fix all devices connecting when the email client forces the use of user@domain.tld.

Yes, Outlook now seems to require this, but it does seem there are more than one Outlook 365s floating around. Also, the default email program on my Android phone required this (I chose another email app). I’m not enjoying this new world of dumbed down software. Please let me override the stupidity. Not to mention losing the bit of security by obscurity when the email address is not the username. Doh! Ok, sorry, rant mode off.

If there are more ideas, I’m all ears.

@Ilia Server Templates only apply to newly created things. It does not change existing entities (domains, users, whatever).

Yes, @Joe.

I am wondering why @dumorian doesn’t have it setup by default?

Older installations didn’t use this format as the default. He mentioned he had changed it to the new format.

I completely missed his previous reply.

I discussed it with Jamie and he said that there is no inbuilt functionality for it. It’s not easy/fast to implement and it’s not used by many users.

You can simply copy/paste/edit needed users manually in /etc/passwd and /etc/shadow files.

If there are many users to take care of, you would need to automate it somehow.

I would say no… You would have to re-create the email for user with correct settings simple is that.

I don’t think that’s strictly necessary. Just creating the extra names in passwd/shadow should get most of the way there, if not all the way. Virtualmin only stores metadata outside of the standard config files when it needs to…and I don’t think it needs for for usernames.

Right. For a number of years, pretty much since Jamie first implemented the user@domain.tld ability, I have used that. Lately, especially with the new Outlook forcing the email address as the username, I’m hitting a new wave of needing to change these old email accounts. We’ve had some of our clients since the 90s. I try not to rock the boat with email. Maybe I should have. Most accounts are on IMAP now and many have mobile devices added. When I have to dump the old username.domain format, it means they have to fix all of their devices. I was simply hoping there was a way to avoid that for our customers. But hey, it’s certainly not my fault or any fault of Jamie’s. Blame the new world of dumbed down softwares.

I think Jamie has said it all, in that it is not an easy fix. I get that.

I am however a bit stubborn when moving email about. I use imapsync for this. It is slow, but it does several checks in the process. Last nights move of a 6G account found almost 10k dupes. So a good bit of cleanup happened in the process… a cleanup that I suppose could trip up some email clients. It did take a couple of hours to do its work.

Thanks for all the input on this. It sounds like the answer is that there is not a way.

What? That’s not what I said!

I think you can just add those extra entries to /etc/passwd and /etc/shadow. That’s not that hard. It’s just not built into Virtualmin.

• another one just bite the dust - you should love the Queen! - anyway I would still educate user to setup server in mather they want from start before anything else is deployed…

Joe, so are you saying to add both username-domain.tld and username@domain.tld? As I said previously, when I added only username@domain.tld virtualmin showed it as having no email and set to not receive email for that account. When I set it to receive email, username.domain had no email and it was set to not receive email automagically.

I can backup a virtserver with old style usernames and restore it over to another server to do more testing on this if you things adding both will work.

Thanks,
John

Unborn,

I’ve been using Webmin since before Virtualmin existed. We have clients that have been with us for around those 20 years. Those systems back then did not allow username@domain.tld and didn’t until Jamie did some magic. At that point I set those servers to create the username@domain.tld with username-domain.tld usernames. But, we still have clients that have been with us pretty much from day one. I try really hard not to force changes upon them. Email setups are a pain to them. Unfortunately and stupidly many email programs require that the email address be the username so I’m then forced to make this change, which forces them to update all of their devices logging in to the mailserver. I say stupidly because is removes a level of security by obscurity… yes weak, but this trend does make it easier for hackers to try to break in to email accounts. All they need now is emaiil addresses for the most part. That’s easy. Usernames makes them work harder. Will they bother to try to break in if they have to go the extra step to find usernames? Not that it is all that bard, but it is harder.

Yes, all of may email account are and have been created using this username@domain.tld since it was available. I bet I still have 100 or more email accounts using the old username.domain username. I deal with this when the customer needs it. It is a lot of work, often times requiring remote logins to their computers and then additional support for phones and such.

I am the user and I am at least somewhat educated.

I suppose you didn’t read my original post on this. I am truly sorry if some of my frustration, mostly directed at those coding email clients, seemed to land on you.

John

Then you need to automate it (write a script), that will insert after:

user1-debug-debian9-1:$6$78390143$qHWYqA80hQf:18268::::::

with

user1@debug-debian9-1:$6$78390143$qHWYqA80hQf:18268::::::

…making it look like:

user1-debug-debian9-1:$6$78390143$qHWYqA80hQf:18268::::::
user1@debug-debian9-1:$6$78390143$qHWYqA80hQf:18268::::::

Yes, you absolutely need both. A user named username@domain.tld is not supported by all tools (Postfix, for example), so they both have to exist and share a UID and home. The entries need to be identical except for the name. This is why we don’t really like this user format (but it’s the default now, anyway, because everybody wants it and some mail clients make it very hard or maybe even impossible to do anything else).

There may also be some magic in the virtual map in Postfix (but maybe not, since Postfix, I think, has to use the user.domain or user-domain or whatever names)…lemme see if I can find a system that has each type of user so I can see for sure.

You definitely don’t need to re-create them, though. If it’s not worked so far, I’m sure it’s just a minor tweak to get it working. It really isn’t a super complicated implementation it just looks weird because of the doubled entries in /etc/passwd and /etc/shadow.

Edit: Also, the other (non-@) name needs to match whatever it was before. Don’t change that one. That’s how Postfix knows where to deliver, so if you change it you have to modify Postfix configuration. Virtualmin may figure it out the same way, I dunno.

I backed up an account and restored it to a different server so as not to effect the user’s account.

One of the email accounts is owned by user username.domain (no tld)
I edited passwd and shadow copying the username.domain line and changed username.domain to username-domain.tld and username@domain.tld. All good.

Looking at the users under this domain, I then had a new user showing which was username@domain.tld like I would expect. However, it was not enabled and showed no email. I enabled it and it then showed email while username.domain was automatically disabled. Postfix virtusers updated correctly when I enabled the username@domain.tld email account showing both of the new names added to passwd and shadow.

Before enabling that new @ account, I set up an account in an email client and connected as expected. After enabling the @ user, the email client refused to connect. Error logs show dovecot auth failures.

Now, since I cannot seem to keep username.domain active and since the owner of that email directory is username.domain, this seems to be a correct response from the server.

If I change the login back to username.domain while the mailbox is not enabled, the email client login fails as there is no entry for it in Postfix virt tables.

I’m just not seeing a way to have username.domain and username-domain.tld and username@domain.tld all functioning at the same time. I am left believing this is a behind the scenes bit of coding to make it work and it only works with - in combo with @. That makes sense to me as well. I did not add username.domain to the virt table as I would think if it even works, it would leave the account in a very odd state or more fragile and confusing in the future.

Also of interest, I can’t chown the username.domain directory to be owned by username-domain.tld nor username@domain.tld. I get no errors when issues the command, but ls -al shows it still belongs to username.domain.

For the other comments. I don’t care how hard it is for me to perform the work. I am simply trying to prevent the inconvenience to my customers who have to reconfigure all of their email clients.

Joe,
Positively more than one email client now requires the username to be the email address. The latest Outlook seems to have removed any way to override that. I’ve been on those computers and looked in both the standard email setup area and the personalities area and it forced email address as username. Well, maybe I could manually edit the .ost or something. But it is not available through any interface. Also the mail app that shipped with my Android phone had no ability to set a username. It simply used the email address… no option to override. I installed a different email app.

Thanks for all the help on this. It took magic to make this work at all… an alias so to speak. Janie had to decide on what the username format should be for the @ address. It seems that is hardcoded somewhere and I respect that decision and the difficulty with changing or expanding that.