The cause of the problem is now clear.
This is what @Ron_E_James_D.O read from the raw email:
https://thisisatestdomain.com:10000/virtualmin-password-recovery/email.cgi?id=3D02522c4fbf049a85511636a7a52d167a
As @Ron_E_James_D.O has correctly pointed out, if =3D is replaced by = then the URL works.
As @verne pointed out, the email needs to be viewed in an email viewer.
I looked at a sample password reset email in Thunderbird as plain text. There was no ‘=3D’. I looked at the source from Thunderbird and the ‘=3D’ was present.
But the raw email also stated “This is a multi-part message in MIME format” and also stated
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
I also put the mail through a spam analysis. It was considered multipart/mixed without a non textual part.
Technically there is no bug because the raw email specifcally said its text part is quoted-printable.
Short of sending the raw email as just plain text without any MIME encoding, the problem cannot be fixed from the perspective of reading it raw.
It is difficult to argue there is a bug, since the raw email specifcally stated its text form was encoded.
But I do agree the points raised are valid. I think at the least Virtualmin should include in their documentation that the raw from of the mail is encoded and specifcally state that ‘=3D’ should be replaced by ‘=’ if using the raw email.
So I think @Ron_E_James_D.O should raise an issue in Github for the documentation to be improved.
As per request, redirection is the name of a web server feature to take a destination URL and return a response to look elsewhere. It is not applicable here.
By the way I have created a post for another way to spin up Virtualmin instances at A friendly introduction to virtualising Virtualmin on Ubuntu with Incus