Default User Email

pologoalie8908 · January 2, 2024, 8:37pm

So when a new server(domain) is created, the username for it is the Second Level Domain name. ie: janescandles.com gets the username, janescandles.

But what also happens is the email that is made for it is: janescandles@janescandles.com.

I wanted to make it where the email that is created is admin@janescandles.com

Other email addresses can be made later on, for like support@janescandles.com for example.

Then when the site admin goes to webmail.janescandles.com, they would just type in admin for the user name, and the password. (not even sure if this part is possible, because frommy testing, the user would need to put in the user name of janescandles)

forlotto · January 3, 2024, 5:38am

This is normal mode of operation.

This way one email rules them all the rest are aliases that way as the admin you have no need to check 10 emails if this makes sense.

All aliases go to your janescandles@janescandles.com email no matter which one it is I typically create admin@x.com support@x.com and all of the emails can be viewed at the roundcube admin address. This way one person can wear many hats and manage it all from a single inbox. So all of the email aliases resolve to the main email.

pologoalie8908 · January 3, 2024, 12:34pm

Hmmm. So then maybe i change the Virtualmin>System Settings>Server Templates>Default Settings>Mail for Domain

And edit the aliases created to limit them to what I want for my users? So if I only wanted to have an admin@janescandles.com and support@janescandles.com.

I could get ride of postmaster, webmaster, abuse and postmaster?

pologoalie8908 · January 3, 2024, 2:12pm

And then i guess make new users who i want to have isolated email accounts, like maybe marketing. Who may not need access to support or admin email accounts.

Stegan · January 3, 2024, 3:53pm

Not sure that is a good idea. They are added for good reason. What harm are they doing?

pologoalie8908 · January 3, 2024, 4:39pm

so from a security perspective, if i know a domain is hosted on virtualmin, then i know the default username is the same as the second level domain name. janescandles.com user name is known to the world. so at that point, it seems that a brute force password attack would be easier to perform if the username is known.

forlotto · January 3, 2024, 5:51pm

You could enable 2FA if you don’t believe you can choose a suitable password that cannot be easily brute forced as you say you can also make sure that logins can only be allowed from a specific IP if your remote this will require you to have a static IP from your provider, however if you are running this on metal on your network you could just allow logins from your local network. There are many possible ways to provide decent security if that is the concern. Hrmmm I’m not sure about individualizing email accounts never had the want or need to do so. You may be able to use google or zoho or something to do this and add the required records they require they will allow control to this level although I know its possible to do with roundcube I’m just not certain how its done per say.

calport · January 3, 2024, 5:54pm

You could use fail2ban to thwart brute force attacks. If you are not using it, you must.

See Fail2ban on a Virtualmin Server – Virtualmin

Joe · January 4, 2024, 12:30am

ssh and Webmin have brute force protection built in. But fail2ban can help respond to multi-protocol attacks (e.g. trying to log in to several services to evade brute force detection/protection, since the same user might have ssh, Webmin, mail, FTP, etc. access with the same user and password).

system · March 4, 2024, 12:30am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.