#108 Domain alias delete patch


in 2.3.4, only the global administrator is allowed to *delete* a domain alias, not the domain administrator - even though the domain administrator is allowed to *create* the alias.
The attached patch for delete.php solves the problem for me.. but 1) I'm not a PHP programmer and 2) I have only limited knowledge of postfixadmin source code. So I ask for a qualified review.. Thank you.


  • wide

    Patch against postfixadmin 2.3.4 delete.php

  • The original idea is/was to allow deleting an alias domain only if you have permissions for both involved domains. It was never implemented with exactly this permission check, therefore we still have the superadmin check for it.

    Your patch looks good, but it checks only the "from" domain, not the target domain.

    OTOH, I'm not sure if the permission check for the target domain really makes sense - you can create and delete "normal" aliases without permission checks on the target side, why should we do it differently for alias domains?
    The only argument I can imagine is that you can't re-create the alias domain if you don't have permissions on the target domain, but, well, there's a reason why we have a "are you sure?" dialog before deletion happens ;-)

    What's your opinion on this?

  • Hi,

    Patch looks good for me, I am going to apply it, it will be nice the check for the target domain too.

    Current verification in create-alias-domain.php

    if(!authentication_has_role ('global-admin') &&
    !(check_owner ($SESSID_USERNAME, $fAliasDomain) &&
    check_owner ($SESSID_USERNAME, $fTargetDomain)))
    $error = 1;
    $tMessage = $PALANG['pCreate_alias_domain_error1'];

    meaning that if if you are not global admin the domain admin needs to own both source and target domain.

    I agree with this policy, target domain should be checked, domain aliases are just for facilitating the config of a domain, mapping it to another already configured.

    I can imagine the following problem:

    domain.com aliased to gmail.com

    Any email addressed to domain.com, even if the account inexistent will be attempted to be delivered to gmail, this can be dangerous, I think it can generate backscatter.

    A domain catch all in a sense is similar but different, is a domain mapped to a set of email addresses, not the whole domain to another domain.

  • Sorry for the long delay!

    I implemented this in SVN trunk r1563 (using a different patch, since trunk is much different from 2.3.x)

    The patch attached here looks fine - nevertheless I won't apply it to 2.3.x because I don't want to introduce behaviour changes there. If someone really needs it, feel free to apply the patch from this ticket.

    • status: open --> closed-fixed
    • Group: --> SVN_(please_specify_revision!)