Mail Subdomain added as alias to main domain in httpd.conf

[nslave]

Hi,
I have a issue that I cannot seem to understand how to resolve. There are multiple domains hosted on the server and some of them experience this strange behavior. From time to time (I think it is when the httpd rebuild itself) some subdomains on some domains start to load the main domain. When I open, lets say mail.example.com, the page that it is loaded is example.com. When I look at the httpd.conf I see that mail.example.com is listed as an alias for example.com. When I remove it the issue is resolved but I am interested in how to resolve it permanently, because every time the httpd is rebuilt the issue arises again. Every domain is a separate account if it matters.

 

[cPanelMichael]

Hello,

This behavior is by-design as of cPanel version 60:

Change in mail. alias behavior for Apache server
The system now automatically creates an Apache server alias for the mail. subdomain for each domain, parked domain, and addon domain (but not subdomains). This allows the mail alias to appear in the same virtual host as the parent domain. We made this change in order to simplify Mail SNI and SSL certificate management and reduce unnecessary mail client warnings.

For example, Apache will now respond to mail.example.com as an alias for example.com. However, Apache will not automatically respond to mail.subdomain.example.com as an alias for the subdomain.example.com subdomains.

Thank you.

 

[megahost]

Hi,

i get the same problem, mail.mydomain.com is showing the contect of mydomain.com and my SEO guy asked me to fix that.
Is there any way to fix that?

thanks.

 

[cPanelMichael]

i get the same problem, mail.mydomain.com is showing the contect of mydomain.com and my SEO guy asked me to fix that.

Hello,

You can manual remove the "mail" entry from the "serveralias" line in the following configuration files under the /var/cpanel/userdata/$username directory:

/var/cpanel/userdata/$username/$domain.com
/var/cpanel/userdata/$username/$domain.com_SSL

Then, remove the .cache files for these domain names:

/var/cpanel/userdata/$username/$domain.com.cache
/var/cpanel/userdata/$username/$domain.com_SSL.cache

Next, rebuild the Apache configuration file:

/scripts/rebuildhttpdconf

However, keep in mind this is part of what allows SSL certificate validation for mail.domain.tld as part of the Domain TLS functionality:

What is Domain TLS - cPanel Knowledge Base - cPanel Documentation

Thank you.

 

[4u123]

This is causing a problem with the mail subdomain showing up in search engine results, even though the mail subdomain has never been linked to from anywhere.

I'm sorry guys, but a subdomain that is not used for web content has no right being included in the Apache configuration, especially when it is a CNAME. This can cause all sorts of problems with SEO.

We need an option to disable this in tweak settings please. ASAP

You said...

We made this change in order to simplify Mail SNI and SSL certificate management and reduce unnecessary mail client warnings.

There are no "unnecessary" mail client warnings. Those warnings are legitimate This functionality is outdated anyway. Why use the mail subdomain at all when the main domain is already configured and will most likely be covered by an SSL cert anyway?

Moving forward, you should be looking at dropping the mail and FTP subdomains completely, rather than trying to find a workaround that is impractical and could cause damage.

This is completely unwanted and unnecessary.

 

[MaxFein]

...We need an option to disable this in tweak settings please. ASAP...

+1 for sure

this is a big pita - don't use my web server for mail services, these are taking a third of the SSL SAN limit

thanks for the workaround, simple option to disable would be great

 

[cPanelMichael]

thanks for the workaround, simple option to disable would be great

Hi,

I'm glad to see the workaround helped. I encourage you to open a feature request if you'd like to see an option for this included in WHM:

Submit A Feature Request

Thank you.

 

[TAugustine]

Hello Support,

I am also facing the similar issue, mail.mydomain.com is showing the exact same contents of mydomain.com

This is a big-time issue as google search console is flagging all the pages as duplicate content 'Duplicate without user-selected canonical'

Kindly advice as a website owner how can I fix this? Should the workaround provided by you to be done by the hosting provider?

Thanks in Advance.

 

[4u123]

This has come up again with a customer today - they are really not happy about it. I honestly don't know what you guys were thinking with this.

At the very least you need to globally change the DNS records for the mail subdomain to an A record instead of a CNAME so it can have its own separate vhost entry and point it to some default page instead! It has to be done.

Come on guys pull your socks up! It's painful to see this kind of thing happening.

 

[wintech2003]

Had a customer complain about it today too. His WordPress site would show up under domain.com / www.domain.com / mail.domain.com
Had to create an .htaccess rule to redirect mail. requests to www.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^mail.domain.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R,L]

I didn't redirect to https to avoid breaking AutoSSL for mail.domain.com, but maybe I'll need to add the Comodo / .well-known exceptions too.

 

[cPRex]

So maybe a better question would be, what would you like to see changed with this behavior? Are you thinking the "mail" subdomain should just be completely removed from Apache as previous posters mentioned?

 

[wintech2003]

I understand this was added to be able to create SSL certificates for the mail. subdomain for use with Exim and Dovecot.
I don't want this to stop working, as offering the customer to use mail.their_domain.com as incoming/outgoing mailserver with SSL if very convenient, but maybe there could be a rule in the httpd.conf level that will only allow traffic for DVC to pass through to public_html/.well-known/... and either block anything else, or redirect it to the root domain.

 

[cPRex]

I spoke with several different people about this issue and there currently aren't plans to change this behavior. The best thing to do for this would be to open a feature request as any change mentioned in this thread so far would require significant changes to the system.

 

[slim]

What is the status of this? I was just informed of this by a client after their SEO mob discovered their entire site loads via https://mail.theirdomain.com - This is insane. There has to be a work around so that mail still gets its SSL but doesn't cause the site to load!?

 

[Markif]

@slim Is your mail.theirdomain.com a namebased site or a IPbased site ? (so has a dedicated IP or not ?)

 

[slim]

@slim Is your mail.theirdomain.com a namebased site or a IPbased site ? (so has a dedicated IP or not ?)

Name based site.

No dedicated IP

 

[Markif]

@slim and their users use mail ? And if so, have they configured their mailclient to use mail.theirdomain.com as well for SMTP as IMAP/POP (as is the automatic configuration) ?

 

[slim]

@slim and their users use mail ? And if so, have they configured their mailclient to use mail.theirdomain.com as well for SMTP as IMAP/POP (as is the automatic configuration) ?

they use office 365 - but I use mail. For smtp for their photocopier.

regardless - mail. Should never produce duplicate content. This decision is madness

 

[Spirogg]

they use office 365 - but I use mail. For smtp for their photocopier.

regardless - mail. Should never produce duplicate content. This decision is madness

do you / they have wp toolkit installed or just wordpress via cli installation? just wondering

thanks

 

[Markif]

@slim it should be possible to workaround, but it will not be panel-supported, and is not via WHM/CPANEL, and will be overwritten at every update / config change etc (but that can be solved if you have scripts that re-change the config-files after every CPANEL-reset...).
I only tested it on 102.0.15

So
1/ first backup
2/ first try on a test-domain, certainly if mail is involved.

A way could be to create subdomains for smtp.theirdomain.com, mail.theirdomain.com, pop.theirdomain.com and imap.theirdomain.com
Some WHM/CPANEL settings can block this, but it can be allowed.
WHM/CPANEL can create then a redirection from say smtp.theirdomain.com to theirdomain.com/smtp, etc...
AutoSSL can then generate an ssl keypair as it can create the verification files it needs in say (for imap)
/home/UNIXUSERNAME/public_html/imap/.well-known/pki-validation/
it will generate the keypair.
Now the DoveCot (IMAP, POP) has to be updated
/etc/dovecot/sni.conf
at the end add a comment with a unique ID so you can test on it with grep or so to see if it is still there or has been overwritten by WHM/CPANEL scripts.
after that comment add
---
local_name "imap.theirdomain.com" {
ssl_cert = </var/cpanel/ssl/apache_tls/imap.theirdomain.com/combined
ssl_key = </var/cpanel/ssl/apache_tls/imap.theirdomain.com/combined
}
local_name "pop.theirdomain.com" {
ssl_cert = </var/cpanel/ssl/apache_tls/imap.theirdomain.com/combined
ssl_key = </var/cpanel/ssl/apache_tls/imap.theirdomain.com/combined
}
---
Note this is then pointing to the web SSL keypair and not to the IMAP service Key-pair
you will have to add a script that will test if this ""addition" is still there, and if not, re-add it at the end of the file and restart dovecot.
Must be done also for exim for the SMTP service so exim serves the right key-pair as expected by the HELO command in the SMTP exchange.
(have to find again with file does this, will update)

On the "web" side of things (port 80 and 443), the subdomains will continue to point to a web-content, but it wil be
theirdomain.com/imap, theirdomain.com/mail, theirdomain.com/pop, theirdomain.com.smtp
you can put there what you want, or do a 301 redirect (permanent redirect, but *exclude*
/home/UNIXUSERNAME/public_html/imap/.well-known/pki-validation etc
so the DCV validation of autossl can continue to work.

mail.theirdomain.com is automaticly added in the httpd.conf file by WHM/CPANEL.
Sed can remove it, but it will be put back on every system-change.
But your script can test on it and rewrite it and restart Apache again....

So, to sum up, it is possible I think, but need some change, and some cronned adjustment scripts to put the change back after each reset.... to not create certificate problems in the mail-clients.
Doable, but only if you have the scripts to put back the modifications after resets.
Don't know what @cPRex will think of this all....
And as it is not cpanel-supported, no garantee that it will continue to work in next cpanel versions...