Sanity check on using username@doman.tld format

7 posts / 0 new
Last post
#1 Fri, 09/22/2006 - 04:37
jpenix

Sanity check on using username@doman.tld format

Joe, Jamie, in Virtualmin's current state is it reasonable to be considering using username@domain.tld as the default name format for all users created in the system?

I know there were Postfix issues, but you've said that those were solved - was that a result of an improvement in the Postfix code or a workaround that you've developed? I see at least one outstanding but on the issue (#356), but wonder what other hidden surprises I'm likely to find.

Given a clean install, is it wise to opt for @ usernames, or is that functionality really more of a kludge to appease users switching from other control panels? I'm working on such a migration, but in this case the customer and users have agreed to go through the username change. But if they don't have to I'd sure rather not make them.

Fri, 09/22/2006 - 09:37
Joe
Joe's picture

Hey Joshua,

Postfix has not changed, and won't be changed, according to Wietse. The reasons for Postfix not allowing @ in usernames are valid, so it'll never be recommended. It's just an unfortunate fact of life that it seems common to use usernames of this format, and that Sendmail allows them--though I noted last time I looked at the cPanel docs that it isn't the default, even there, and Plesk also offers several username delimiter types...so there's nowhere that it is necessary to use this format of username.

Our solution to the problem is a kludge, but it is one that seems to work fine (and it actually avoids the problems that led to Wietse removing @ username support from Postfix). Issue 356 is, I believe, fixed in the current Usermin, but I might be wrong. I'm pretty sure there was a second bug filed for the same issue, and this particular one just didn't get closed. I'll have to look into it to be sure.

The solution we use is to create and manage two usernames for every user. One for Postfix that uses a sane format (no @), and another for Usermin, Dovecot POP3/IMAP, and optionally SSH access, which has the @. Actually either name will work for the other services, but only the non-@ name will work for Postfix mail delivery (and this comes from the virtual maps file, so no one ever sees it except Postfix and our tools that have to manage it). I believe even SMTP auth for outgoing Postfix service will work with the @ username (but I don't remember if I've personally confirmed that). Oh, yeah, other webmail products will also generally work with the @ usernames.

There is now quite a bit of code in Virtualmin, Webmin, and Usermin to keep up with all of this stuff...but it seems to be working well now. Probably.

In short, it's never going to be recommended because it's just plain wrong. But, we're not above doing wrong to make our customers happy. ;-)

So, if you go that route and run into problems, we will try to fix them. So far, we've never found any problems are insurmountable and hopefully we won't find any that are. So, if it'll increase customer confusion to change, then don't change. But if you're starting with all new user accounts, it's better not to.

--

Check out the forum guidelines!

Sat, 09/30/2006 - 01:19 (Reply to #2)
jpenix

Thanks very much for the detailed reply. In this case we'd like to reduce customer confusion, so we're going to go ahead and use the user@domain format. I'll keep you updated with any issues. :)

Thu, 03/08/2007 - 15:32 (Reply to #3)
joshorchard

Joe,

I've been reading about this subject and trying to find the reason why Wietse doesn't allow the username with @ symbols in them. I've also tried with your latest (or should I say a client did as I recommend he use Virtualmin) and found that @ still don't work with SASL authentication against Postfix. Is there any more information you could send me or direct me towards why this is a problem? I'll continue my search but your forum was the first I found with any reported problems with these types of usernames. Also curious as to how you fix the problem.

Thanks,

Josh

Thu, 03/08/2007 - 16:29 (Reply to #4)
joshorchard

Found the info. Thanks.

Mon, 03/19/2007 - 03:31
LonDoh

Josh,

where did you find the info please?

Mon, 03/19/2007 - 03:41 (Reply to #6)
Joe
Joe's picture

It's in the FAQ:

http://www.virtualmin.com/faq/one-faq?faq_id=1511#51230

Second paragraph.

I'll be updating the Virtualmin Professional virtualmin-base package to make this change in the next release sometime this week.

--

Check out the forum guidelines!

Topic locked