# postfixadmin redirects

## trscookie

Hello All,

I have set up postfixadmin (2.3.3) on my server, which has multiple domains. For security I have forced HTTPS however now when I attempt to log in to postfixadmin it just takes me straight back to the login page :S

Does anybody have any ideas what I can do to stop this and just get it to log in? The really weird thing is, if I get my password wrong it notifies me of my error however when i get it correct it just takes me back to the login prompt.

I have also tried setting: $CONF['postfix_admin_url'] = 'https://mydomain.com/postfixadmin' to "" however this takes me back to "https://mydomain.com/login.php"

Here is my postfix config.ini.php:

```

$CONF['configured'] = true;

$CONF['setup_password'] = 'YYYYYYYYYYYYYY:XXXXXXXXXXXXXXXXXXXXXXXXX';

$CONF['postfix_admin_url'] = 'https://mydomain.com/postfixadmin';

$CONF['postfix_admin_path'] = dirname(__FILE__);

$CONF['default_language'] = 'en';

$CONF['database_type'] = 'mysqli';

$CONF['database_host'] = 'localhost';

$CONF['database_user'] = 'postfix';

$CONF['database_password'] = 'mypassword';

$CONF['database_name'] = 'postfix';

$CONF['database_prefix'] = '';

$CONF['database_tables'] = array (

    'admin' => 'admin',

    'alias' => 'alias',

    'alias_domain' => 'alias_domain',

    'config' => 'config',

    'domain' => 'domain',

    'domain_admins' => 'domain_admins',

    'fetchmail' => 'fetchmail',

    'log' => 'log',

    'mailbox' => 'mailbox',

    'vacation' => 'vacation',

    'vacation_notification' => 'vacation_notification',

    'quota' => 'quota',

    'quota2' => 'quota2',

);

$CONF['admin_email'] = 'admin@mydomain.com';

$CONF['smtp_server'] = 'localhost';

$CONF['smtp_port'] = '25';

$CONF['encrypt'] = 'dovecot:CRAM-MD5';

$CONF['authlib_default_flavor'] = 'md5raw';

$CONF['dovecotpw'] = "/usr/sbin/dovecotpw";

$CONF['min_password_length'] = 5;

$CONF['generate_password'] = 'NO';

$CONF['show_password'] = 'NO';

$CONF['page_size'] = '10';

$CONF['default_aliases'] = array (

    'abuse' => 'admin@mydomain.com',

    'hostmaster' => 'admin@mydomain.com',

    'postmaster' => 'admin@mydomain.com',

    'webmaster' => 'admin@mydomain.com'

);

$CONF['domain_path'] = 'YES';

$CONF['domain_in_mailbox'] = 'NO';

$CONF['maildir_name_hook'] = 'NO';

$CONF['aliases'] = '100';

$CONF['mailboxes'] = '100';

$CONF['maxquota'] = '100';

$CONF['quota'] = 'YES';

$CONF['quota_multiplier'] = '1024000';

$CONF['transport'] = 'NO';

$CONF['transport_options'] = array (

);

$CONF['transport_default'] = 'virtual';

$CONF['vacation'] = 'NO';

$CONF['vacation_domain'] = 'autoreply.change-this-to-your.domain.tld';

$CONF['vacation_control'] ='YES';

$CONF['vacation_control_admin'] = 'YES';

$CONF['alias_control'] = 'NO';

$CONF['alias_control_admin'] = 'NO';

$CONF['special_alias_control'] = 'NO';

$CONF['alias_goto_limit'] = '0';

$CONF['alias_domain'] = 'YES';

$CONF['backup'] = 'YES';

$CONF['sendmail'] = 'YES';

$CONF['logging'] = 'YES';

$CONF['fetchmail'] = 'NO';

$CONF['fetchmail_extra_options'] = 'NO';

$CONF['show_header_text'] = 'NO';

$CONF['header_text'] = ':: Postfix Admin ::';

$CONF['show_footer_text'] = 'YES';

$CONF['footer_text'] = 'Return to change-this-to-your.domain.tld';

$CONF['welcome_text'] = <<<EOM

Hi,

Welcome to your new account.

EOM;

$CONF['emailcheck_resolve_domain']='YES';

$CONF['show_status']='NO';

$CONF['show_status_key']='NO';

$CONF['show_status_text']='&nbsp;&nbsp;';

$CONF['show_undeliverable']='NO';

$CONF['show_undeliverable_color']='tomato';

$CONF['show_undeliverable_exceptions']=array("unixmail.domain.ext","exchangeserver.domain.ext","gmail.com");

$CONF['show_popimap']='NO';

$CONF['show_popimap_color']='darkgrey';

$CONF['show_custom_domains']=array("subdomain.domain.ext","domain2.ext");

$CONF['show_custom_colors']=array("lightgreen","lightblue");

$CONF['recipient_delimiter'] = "";

$CONF['create_mailbox_subdirs_prefix']='INBOX.';

$CONF['used_quotas'] = 'YES';

$CONF['new_quota_table'] = 'NO';

$CONF['theme_logo'] = 'images/logo-default.png';

$CONF['theme_css'] = 'css/default.css';

$CONF['xmlrpc_enabled'] = false;

if (file_exists(dirname(__FILE__) . '/config.local.php')) {

    include(dirname(__FILE__) . '/config.local.php');

}

```

HTTPD SSL config:

```

 <VirtualHost *:443>

   ServerName www.mydomain.com

   ServerAlias *.mydomain.com mydomain.co.uk *.mydomain.co.uk mydomain.com

   DocumentRoot /var/www/html/folder/mydomain

   ErrorLog logs/ssl_error_log

   TransferLog logs/ssl_access_log

   LogLevel warn

   SSLEngine on

   SSLProtocol all -SSLv2

   SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

   SSLCertificateFile /etc/pki/tls/certs/localhost.crt

   SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

   <Files ~ "\.(cgi|shtml|phtml|php3?)$">

       SSLOptions +StdEnvVars

   </Files>

   <Directory /usr/share/postfixadmin>

     SSLVerifyDepth 1

     Order deny,allow

     Allow from all

     Options Includes FollowSymLinks

   </Directory>

 

   SetEnvIf User-Agent ".*MSIE.*" \

            nokeepalive ssl-unclean-shutdown \

            downgrade-1.0 force-response-1.0

   CustomLog logs/ssl_request_log \

             "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 </VirtualHost>

```

I have also noticed that it is doing some re-direct, but Im not sure why and if this could be part of the issue:

```

$ curl -v -v -v https://mydomain.com/postfixadmin/login.php -k -d "fUsername=myname@mydomain.com&fPassword=mypassword"

* About to connect() to mydomain.com port 443 (#0)

*   Trying xx.xx.xx.48... connected

* Connected to mydomain.com (xx.xx.xx.48) port 443 (#0)

* successfully set certificate verify locations:

*   CAfile: none

  CApath: /etc/ssl/certs

* SSLv3, TLS handshake, Client hello (1):

* SSLv3, TLS handshake, Server hello (2):

* SSLv3, TLS handshake, CERT (11):

* SSLv3, TLS handshake, Server key exchange (12):

* SSLv3, TLS handshake, Server finished (14):

* SSLv3, TLS handshake, Client key exchange (16):

* SSLv3, TLS change cipher, Client hello (1):

* SSLv3, TLS handshake, Finished (20):

* SSLv3, TLS change cipher, Client hello (1):

* SSLv3, TLS handshake, Finished (20):

* SSL connection using DHE-RSA-AES256-SHA

* Server certificate:

*     subject: C=--; ST=SomeState; L=SomeCity; O=SomeOrganization; OU=SomeOrganizationalUnit; CN=servername.live-servers.net; emailAddress=root@servername.live-servers.net

*     start date: 2011-04-17 14:16:51 GMT

*     expire date: 2012-04-16 14:16:51 GMT

*     common name: servername.live-servers.net (does not match 'mydomain.com')

*     issuer: C=--; ST=SomeState; L=SomeCity; O=SomeOrganization; OU=SomeOrganizationalUnit; CN=servername.live-servers.net; emailAddress=root@servername.live-servers.net

*     SSL certificate verify result: self signed certificate (18), continuing anyway.

> POST /postfixadmin/login.php HTTP/1.1

> User-Agent: curl/7.19.7 (i486-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15

> Host: mydomain.com

> Accept: */*

> Content-Length: 57

> Content-Type: application/x-www-form-urlencoded

> 

< HTTP/1.1 302 Found

< Date: Tue, 16 Aug 2011 14:52:21 GMT

< Server: Apache/2.2.3 (CentOS)

< X-Powered-By: PHP/5.2.10

< Set-Cookie: PHPSESSID=8g9v6ad94qjj67kk74asdasd04n6; path=/

< Expires: Thu, 19 Nov 1981 08:52:00 GMT

< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

< Pragma: no-cache

< Set-Cookie: lang=deleted; expires=Mon, 16-Aug-2010 14:52:20 GMT

< Set-Cookie: PHPSESSID=iidomt0fiod13asdasdvlv8blb13; path=/

< Location: main.php

< Content-Length: 0

< Connection: close

< Content-Type: text/html; charset=UTF-8

< 

* Closing connection #0

* SSLv3, TLS alert, Client hello (1):

```

Many thanks in advance,

trscookie

----------

## trscookie

OK, after some digging around I discovered that it was because I had the following set:

```

User apache

Group apache

Group svn

Group www

```

Which I have changed to:

```

User apache

Group apache

#Group svn

#Group www

```

Which is working now, is there a way to allow multiple Groups in apache?

Many thanks,

trscookie.

----------

## boerKrelis

A file, dir, socket etc in the classic unix permission model is owned by one user and one user only, and one group and one group only.

A process runs as one user and one user only, and as one group and one group only.

In the apache config one specifies which user:group to run apache as.

It looks like you are trying to administer *group memberships* through your apache config. That is not how it works. Group membership is determined by /etc/group .

If you are trying to do what I think you are trying to do, you should

<code>

gpasswd -a apache svn

gpasswd -a apache www

</code>

as root, and restart apache.

----------

