2016-12-14 04:33:03 -06:00
<!DOCTYPE html>
< html >
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" / >
< title > iRedAdmin-Pro: Domain ownership verification< / title >
< link rel = "stylesheet" type = "text/css" href = "./css/markdown.css" / >
< / head >
< body >
2019-07-13 06:21:55 -05:00
2016-12-14 04:33:03 -06:00
< div id = "navigation" >
2017-11-16 21:48:44 -06:00
< a href = "https://www.iredmail.org" target = "_blank" >
2016-12-14 04:33:03 -06:00
< img alt = "iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>
< span > iRedMail< / span >
< / a >
// < a href = "./index.html" > Document Index< / a > < / div > < h1 id = "iredadmin-pro-domain-ownership-verification" > iRedAdmin-Pro: Domain ownership verification< / h1 >
< div class = "toc" >
< ul >
< li > < a href = "#iredadmin-pro-domain-ownership-verification" > iRedAdmin-Pro: Domain ownership verification< / a > < ul >
< li > < a href = "#summary" > Summary< / a > < / li >
< li > < a href = "#how-to-enable-or-disable-domain-ownership-verification" > How to enable or disable domain ownership verification< / a > < / li >
< li > < a href = "#how-to-verify-domain-ownership" > How to verify domain ownership< / a > < / li >
< / ul >
< / li >
< / ul >
< / div >
< h2 id = "summary" > Summary< / h2 >
< p > Since iRedAdmin-Pro-SQL-2.5.0 and iRedAdmin-Pro-LDAP-2.7.0, it's able to grant
2017-01-17 21:08:43 -06:00
normal domain admin permission to create new mail domains. All new domains
added by normal domain admin require domain ownership verification by deafult,
to ensure:< / p >
2016-12-14 04:33:03 -06:00
< ul >
2018-12-11 08:57:56 -06:00
< li > the newly added mail domain name is a valid domain name on internet< / li >
2016-12-14 04:33:03 -06:00
< li > the domain admin have the required privileges in the domain to manage the
2017-01-17 21:08:43 -06:00
email services< / li >
2016-12-14 04:33:03 -06:00
< / ul >
< p > Mail services are disabled for pending domains, and will be activated
2017-01-17 21:08:43 -06:00
automatically after admin verified the ownership.< / p >
2016-12-14 04:33:03 -06:00
< h2 id = "how-to-enable-or-disable-domain-ownership-verification" > How to enable or disable domain ownership verification< / h2 >
< p > There're few parameters used to control domain ownership verifivation, you can
find default settings in file < code > libs/default_settings.py< / code > under iRedAdmin-Pro
directory. If you want to change any of them, please copy the parameter to
iRedAdmin-Pro config file < code > settings.py< / code > , set proper value, then restart
Apache or uwsgi (if you're running Nginx) service to reload the changes.< / p >
2017-01-17 21:08:43 -06:00
< pre > < code > # Require domain ownership verification if it's added by normal domain admin:
# True, False.
2016-12-14 04:33:03 -06:00
REQUIRE_DOMAIN_OWNERSHIP_VERIFICATION = True
# How long should we remove verified or (inactive) unverified domain ownerships.
#
# iRedAdmin-Pro stores verified ownership in SQL database, if (same) admin
# removed the domain and re-adds it, no verification required.
#
2017-01-17 21:08:43 -06:00
# Admin won't frequently remove and re-add same domain name, so it's ok to
# remove saved ownership after X days.
2016-12-14 04:33:03 -06:00
DOMAIN_OWNERSHIP_EXPIRE_DAYS = 30
# The string prefixed to verify code. Must be shorter than than 60 characters.
DOMAIN_OWNERSHIP_VERIFY_CODE_PREFIX = 'iredmail-domain-verification-'
2017-01-17 21:08:43 -06:00
# Timeout (in seconds) while performing each verification.
2016-12-14 04:33:03 -06:00
DOMAIN_OWNERSHIP_VERIFY_TIMEOUT = 10
< / code > < / pre >
< h2 id = "how-to-verify-domain-ownership" > How to verify domain ownership< / h2 >
< p > There're several ways to verify domain ownership:< / p >
< ul >
< li >
< p > Create a text file under top directory of the web site of new domain, both
2017-01-17 21:08:43 -06:00
file name and file content must be same as verify code.< / p >
< p > For example, for pending domain < code > example.com< / code > with verify code
< code > iredmail-domain-verification-5tzh5gHjU688yyWK7cSV< / code > , iRedAdmin-Pro will
verify 2 URLs:< / p >
2016-12-14 04:33:03 -06:00
< ul >
< li > http: < code > http://example.com/iredmail-domain-verification-5tzh5gHjU688yyWK7cSV< / code > < / li >
< li > https: < code > https://example.com/iredmail-domain-verification-5tzh5gHjU688yyWK7cSV< / code > < / li >
< / ul >
< p > If you visit the URL with a web browser, it's expected to display verify
code as page content.< / p >
< / li >
< li >
< p > Create a TXT type DNS record of the domain name, use the verify code as its
2017-01-17 21:08:43 -06:00
value.< / p >
< p > For example, for pending domain < code > example.com< / code > with verify code
< code > iredmail-domain-verification-5tzh5gHjU688yyWK7cSV< / code > , DNS query by command
< code > nslookup -type=txt example.com< / code > should return a record which is same as
verify code.< / p >
2016-12-14 04:33:03 -06:00
< / li >
< / ul >
2017-01-17 21:08:43 -06:00
< p > Sample DNS query with < code > nslookup< / code > :< / p >
2016-12-14 04:33:03 -06:00
< pre > < code > $ nslookup -type=txt example.com
2017-01-17 21:08:43 -06:00
...
2016-12-14 04:33:03 -06:00
example.com text = " iredmail-domain-verification-5tzh5gHjU688yyWK7cSV"
2017-01-17 21:08:43 -06:00
...
2016-12-14 04:33:03 -06:00
< / code > < / pre >
2017-01-17 21:08:43 -06:00
< p > Sample DNS query with < code > dig< / code > :< / p >
2016-12-14 04:33:03 -06:00
< pre > < code > $ dig -t txt example.com
...
iredmail.org. 4173 IN TXT " iredmail-domain-verification-5tzh5gHjU688yyWK7cSV"
2017-01-17 21:08:43 -06:00
...
2016-12-14 04:33:03 -06:00
< / code > < / pre > < div class = "footer" >
2019-09-06 00:54:43 -05:00
< p style = "text-align: center; color: grey;" > All documents are available in < a href = "https://github.com/iredmail/docs/" > BitBucket repository< / a > , and published under < a href = "http://creativecommons.org/licenses/by-nd/3.0/us/" target = "_blank" > Creative Commons< / a > license. You can < a href = "https://github.com/iredmail/docs/archive/master.zip" > download the latest version< / a > for offline reading. If you found something wrong, please do < a href = "https://www.iredmail.org/contact.html" > contact us< / a > to fix it.< / p >
2016-12-14 04:33:03 -06:00
< / div >
2017-11-05 02:33:58 -06:00
<!-- Global site tag (gtag.js) - Google Analytics -->
< script async src = "https://www.googletagmanager.com/gtag/js?id=UA-3293801-21" > < / script >
< script >
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
2016-12-14 04:33:03 -06:00
2017-11-05 02:33:58 -06:00
gtag('config', 'UA-3293801-21');
2016-12-14 04:33:03 -06:00
< / script >
< / body > < / html >