Host default domain: SSL certificate and mail-related features

Yes, we’ve changed it to happen during the Virtualmin installation time. The goal was to pre-create an SSL certificate for the hostname and provide users with a better initial experience on the first login, avoiding errors related to self-signed SSL certificate. It might sound simple, but it’s quite complex to get everything right.

Additionally, the latest changes can prevent users from easily enabling mail-related features for a domain name that matches the hostname within certain configurations, regardless of whether the domain was created automatically during installation time or manually later.

@Joe, is this what we wanted in terms of hosting a default hostname virtual domain, right? I mean, having an ability to disable mail-related features for host default domain (i.e. domain that matches the hostname) on certain systems?

I’ve been reflecting on it (again), and it may be confusing for some users why the mail for their host10.example.com domain has to be disabled? We can give them a million reasons, but I doubt anyone would listen, and practice has made it very clear.

I wouldn’t be surprised if some admins wanted mail work (in a straightforward way) for addresses like dns@host10.example.com.

Why not?

What stops us from leaving things as is, i.e. allowing mail-related features to be enabled for host default domain?

If we don’t:

  1. What exactly is going to break?
  2. Which exact Postfix and/or network configuration would cause mail delivery issues with host default domain (i.e. hostname placed in virtual map)?

I myself never faced any issues when having a hostname placed into /etc/postfix/virtual map file, i.e. the following works just fine across numerous systems:

root@alma9-pro:/etc# hostname

host.alma9-pro.virtualmin.dev

My /etc/postfix/virtual file has:

root@alma9-pro:/etc# cat /etc/postfix/virtual | grep 'host.alma9-pro.virtualmin.dev'

host.alma9-pro.virtualmin.dev	  host.alma9-pro.virtualmin.dev
dns@host.alma9-pro.virtualmin.dev dns\@host.alma9-pro.virtualmin.dev

My main.cf file has:

root@alma9-pro:/etc# cat /etc/postfix/main.cf | grep -E '^(myhostname|mydestination|resolve_dequoted_address)'

myhostname = host.alma9-pro.virtualmin.dev
mydestination = $myhostname, host.alma9-pro.virtualmin.dev, localhost.$mydomain, localhost
resolve_dequoted_address = no

The same configuration I have on another Ubuntu 22.04 system, which also work just fine.

With all the recent Virtualmin patches, we now have an API to control when the mail feature for the default domain (i.e., the hostname) should be allowed or disallowed. To be honest, I prefer to keep it always enabled unless it’s specifically disabled in the Virtualmin Config during installation.

So, what specific configurations should be considered risky enough to disable the mail feature for the default domain?