Disable domains creation

jazzl0ver · June 25, 2021, 9:22am

Hi,

Is there a chance to restrict creating users in certain domains only? Often admin people mistype our domain name and thus creating unusable accounts. Thanks!

Alex

alento · June 25, 2021, 10:54am

Not with MiaB natively, no. Although I would think that anyone given admin privileges on your MiaB would be smart enough to check that the new email account was correct when they create it…

You can install the script created by @murgero on shared hosting to be limited to the one domain if this is really a problem. Let me know if this is something you need set up or hosted.

jazzl0ver · June 25, 2021, 11:16am

Unfortunately, not.

Thanks for your suggestion, I’ll check the script out!

alento · June 25, 2021, 12:15pm

Just to insure that there is no confusion, the script is NOT installed on the MiaB server but instead has to be hosted elsewhere.

murgero · July 28, 2021, 6:21pm

I’d like to point out I no longer maintain the script - it may not be secure these days. Just as a heads up. MIAB has some basic documentation on it’s API which can be used to make your own Web UI however.

bcadmin · October 20, 2022, 2:39pm

Over a year later (sorry!): is there perhaps a new way to restrict the domains for email creation?

I am a newbie, just testing MIAB (I love it so far) and I have tried to add an email from a domain for which I have not even created an MX record (in fact its option is “no email” in namecheap), nor modified any other DNS records. To my surprise, the email was created and seems to be working for sending (not receiving probably).

Somehow I feel this opens possibilities for scammers to impersonate someone under their domain, so apart from securing my login I would like to also restrict allowable domains to only a handful.
Any help would be appreciated, thanks!

alento · October 20, 2022, 6:00pm

Is this question in regards to Mail-in-a-Box or the script by @Murgero for account management?

bcadmin · October 20, 2022, 8:16pm

Mail-in-a-box since that script has not been maintained, as I understand?

alento · October 21, 2022, 1:21pm

Correct on the maintenance of @mugero’s script.

MiaB does not have such a mechanism nor does literally any mail server setup. I assume that the prevailing thought is “why would someone set up email for a domain that they do not control”? Well, of course we know why this would be done by potentially dishonest people. Hence the creation of DKIM, SPF, and DMARC to assist in preventing spoofing.