1
Unique domain login screens
Question asked by Michael Schuler - June 11, 2015 at 5:41 AM
Answered
I have upgraded to SmarterMail 14 and overall it's working great and the new features are excellent. I've been trying to get the customized login screens to work but cannot seem to get the additions I've made to a specific domain to show up - instead it just pulls in the global custom settings.
 
I'm wondering if there's a step I'm missing in my initial setup for the domain and/or IIS in order to properly identify which domain I'm hitting so SmarterMail knows and can apply the custom settings. Is there any specific method to attaching which address domain goes to which domain in SmarterMail (i.e. webmail.domain.com goes to the SmarterMail settings for domain.com)?
 
Thanks!
Mike

10 Replies

Reply to Thread
0
Bruce Barnes Replied
June 11, 2015 at 6:53 AM
Mike, et al;

If you are using a unique IP address per domain, you won't have any problems with creating a unique login screen per domain, but, unless we are mega providers, we are probably paying dearly for the few public IP addresses we have available and, unless the customer is very large, or we have a very special relationship with them, don't want to give up a public IP address for custom login screens.
 
If you use only a single IP address, then you will be able to create multiple IIS records which can call up the SmarterMail login interface and, via the custom CSS screens, create custom login pages.
 
An alternative is to create an external login screen, with the look and feel of the domain, and use that as the jump-off point for the domain, with date entered into that screen being pushed to the SmarterMail login.
 
See: the "employee login" at the bottom right-hand corner, of this page:  http://antiochtownshipil.gov/ as an example.
 
Note that this code is located on the customer's website.  This could also be adapted, with some clever IIS header configurations, to use a custom page on the SmarterMail server and do the same thing.
 
Here's the code for the call:
 
<h3 align="center"><strong>Employee Login</strong></h3>
                        <a href="https://securemail.chicagonettech.com" target="_blank" >
                        <h3 align="center"><strong><br />
                          <img src="images/SmarterMail.gif" alt="SmarterMail Webmail Login" width="80" height="80" /></strong></h3>
                        <table align="center">
                          <form action="https://securemail.chicagonettech.com/Login.aspx" method="post" name="mailform" target="_blank" id="mailform">
                            <input type="hidden" name="shortcutLink" value="autologin" id="shortcutLink" />
                            <tr>
                              <!-- Username Login Field -->
                              <td class="entry">E-Mail Address:</td>
                              <td><input type="text" name="email" id="email" /></td>
                            </tr>
                            <tr>
                              <!-- Password Login Field -->
                              <td>Password:</td>
                              <td><input name="password" type="password" id="password" /></td>
                            </tr>
                            <tr>
                              <!-- Submit Button -->
                              <td colspan="3"><div align="center">
                                  <input name="submit1" type="submit" id="submit1" value="WebMail Login" />
                                </div></td>
                            </tr>
                          </form>
                        </table>
                        </a>
 
Here's what the code looks like in a GUI code editor:
Webmail Login Form
Webmail Login Form
If the domain user enters his or her credentials into the form, and then clicks on WebMail Login, the credentials are passed directly to SmarterMail, and the user never sees the ChicagoNetTech login screen.
 
Here's what the code looks like on the client's website:
 
SmarterMail Login Example from Client Website
SmarterMail Login Example from Client Website
In the event that the client enters invalid information in the login fields, or if the client clicks WebMail login with no data in the form, the client is re-directed to the ChicagoNetTech SmarterMail login page.
 
Additionally, when the client logs out of SmarterMail, they are returned to their website's home page.
 
This solution offers a complete branding package, with the SmarterMail login integrated into the Client's website and saves a ton of support issues with their staff because they have a single point of login for everything - their website.
 
With some additional code checking, invalid password attempts could be directed back to be retried on the client's website, vs via the SmarterMail web interface.  The same is true for password recovery or changes:  with some additional coding or input checking, a complete, branded solution, could be developed for a customer, allowing them to maintain all webmail access directly from their website.
 
Additionally, some additional input checking could prevent a user from ever seeing the SmarterMail login landing page.
 
If you, or anyone else, requires assistance in the implementation, or further development of this code, for a particular client, please contact me directly.
 
If you create enhancements to the code, please share them back to me so I can create a central repository of these enhancements in our ChicagoNetTech portal.
 
 - Bruce
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Matt Petty Replied
June 11, 2015 at 8:29 AM
Employee Post
Unfortunately without any other alternatives that I can think of the only way we can identify which domain Login Display to show is parsing out and using the URL at the top of the browser.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Michael Schuler Replied
June 11, 2015 at 8:30 AM
Bruce,
 
Thank you for the detailed walkthrough! In my install, I actually do have two unique IPs for the two domains I use with SmarterMail. Each IP is assigned to a different site set up in IIS but both are pointed to the same MRS folder on the server. This is all following the process for setting up the IIS site from SmarterMail's help as well.
 
One thing I'm wondering is that (for example) we have the domain in SmarterMail set up with example.com. However, the URL for the webmail is webmail.example.com. I'm not sure how the code behind the login file decides which customizations to apply but could this confuse it and possibly just revert back to the global custom login options?
 
-Mike
0
Bruce Barnes Replied
June 15, 2015 at 1:49 AM
As an FYI: CNAMES for MX are now prohibited by the IETF, because they cause double DNS lookups. Weve seen issues with non-delivery of e-mail, caused by the use of CNAMES, and the time it takes for DNS to do the double lookup may be contributing to your problems.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Bruce Barnes Replied
June 15, 2015 at 5:28 AM
If you have an A or HOST NAME and you also have a CNAME pointing to the same record, the HOST record will be IGNORED.
 
This is because BIND, the most commonly used DNS server in UNIX, will not process the record.  Many newer DNS servers will also ignore them.
 
CNAMES should no longer be used for anything.
 

2.4 CNAME records

A CNAME record is not allowed to coexist with any other data. In other words, if suzy.podunk.xx is an alias for sue.podunk.xx, you can't also have an MX record for suzy.podunk.edu, or an A record, or even a TXT record.
 
Especially do not try to combine CNAMEs and NS records like this!: podunk.xx. IN NS ns1 IN NS ns2 IN CNAME mary
 
mary IN A 1.2.3.4
 
This is often attempted by inexperienced administrators as an obvious way to allow your domain name to also be a host.
 
However, DNS servers like BIND will see the CNAME and refuse to add any other resources for that name. Since no other records are allowed to coexist with a CNAME, the NS entries are ignored. Therefore all the hosts in the podunk.xx domain are ignored as well!
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
1
Matt Petty Replied
June 18, 2015 at 12:25 PM
Employee Post
There was an issue where it was trying to grab subdomains (webmail, mail) and trying to include them in it's lookup for domains on SmarterMail in which case it would return the global login display info if set.

It will be fixed in today's minor build which will be out very soon.
 
This is probably effecting a lot of people so thanks for reporting it. Glad I was able to work with you guys on getting this quickly fixed.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
2
Michael Schuler Replied
June 19, 2015 at 8:00 PM
Matt,
 
Thanks for the update on the release. I just completed the minor version upgrade and now everything is working great!
 
Thanks again and have a good weekend!
 
Mike
0
Tony Loosle Replied
August 10, 2015 at 4:51 PM
where is the original documentation on how to implement this?
 
thanks
t
 
0
Nicolas Le Merle Replied
August 25, 2015 at 1:13 PM
I have been working on a cool concept where I have developed my own unique login page, which uses various web methods to log a user in :) Its working really great and my clients have really responded well to the fancy new change!
 
I am now able to copy and paste this easily and re skin & re brand for clients as they wish and even host the page on their own domain!
 
 
Login Screen
 
Login Screen 2
0
Colton Morrison Replied
December 16, 2015 at 3:50 PM
Do I understand this correctly? Are you saying if we add a Binding in IIS (with Server Name Indication Required?) then SmarterMail will parse mail.mydnsname.com and realize mydnsname.com is the SmarterMail domain with custom branding and it takes me to that custom login page?
 
Basing that off your reply, Matt:
We currently parse the url and match it to a domain and show that domain's login display information.
mail.smartertools.com -> (parsed) -> smartertools.com
mail.somethingelse.org ->(parsed) -> somethingelse.org
Does that also work for any subdomain such as: webmail.mydnsname.com or inbox.mydnsname.com?
I'm on 14.2 and it's not working with IIS Bindings and DNS records functional. Those XML files you mentioned seem to be correct.
 
Anything else I'm missing?
Thanks

Reply to Thread