Restrict RoundCube login username to one domain

Restrict RoundCube login username to one domain

Roundcube is a client software to access IMAP mailboxes. If you already came to this post, then I’m sure you’ve figured out that RoundCube does not restrict domains in the login form, which means that as long as your username and password are OK, you can basically use any domain you like in your username field. Exc: @gmail.com, @yahoo.com etc.

This is not something that Roundcube deals with, because it should be taken care of on your IMAP server configuration, and if the IMAP server does not check for your full username (domain included), and allows access with any other domain, you get access :). However, even if it’s taken care of on your IMAP server, handling this in RoundCube will prevent an unnecessary request to your IMAP server.

One of the configuration options in Roundcube helps you append the domain to a clean username login.
Exc: if in your username field you type only the username “username” without the “@domain.com” then roundcube can help  you by appending the “@domain.com”. This is helpful only for IMAP servers that require full e-mail addresses for login. You can specify this by editing $rcmail_config[‘username_domain’] variable in config/defaults.inc.php

By default that variable is blank as below:

$config['username_domain'] = '';

Above that variable, you’ll find a short description on what options can be set to this variable, one of which you might assume it is:

%d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)

But in cases when your roundcube installation is in a different host/domain server than your original domain that is needed to authenticate in your IMAP server, that will not help, therefore use your domain as follows:

$config['username_domain'] = 'yourdomain.com';

Now if you type “username” (without the domain) in the username field, roundcube will append “@yourdomain.com” and the request to your IMAP server will have your username sent as “username@yourdomain.com”, otherwise if you already specify the domain in your username field, it will make the login request with the specified domain which in this case can be anything (@gmail.com, @yahoo.com etc). Continue reading “Restrict RoundCube login username to one domain”