Rank: Newbie
Groups: Registered
Joined: 5/25/2022(UTC)
Posts: 1
Location: Battle Creek, MI
We have 2 servers involved in evaluating/deploying EmailArchitect server 11.0.
Server 1 (public-facing Windows server 2012 standard, running IIS and company website - Internal machine name=SP04.private.local, publicly accessible as
www.public.com ).
Server 2 (private Windows server 2019 standard, running EmailArchitect Server - Internal machine name=EA01.private.local, private domain private.local).
Client 1 (android phone, Chrome browser).
Client 2 (RDP session on Windows 2012 standard member of domain private.local, Edge browser).
We went through the install of EmailArchitect on EA01, including enabling webmail. When accessing webmail via
http://ea01.private.local/emailarchitect from EA01 desktop, we can login OK, create users, etc.
We added the DNS cname 'EAS' at GoDaddy to point to our public static IP address (EAS.public.com). We then setup a new website on SP04.private.local named EAS.public.com, and added a reverse proxy rule to point incoming traffic with header 'eas.public.com' to EA01.private.local. Initial test resulted in compression needing to be disabled on both SP04 and EA01.
From client 1(android phone), initiate Chrome browser for
http://EAS.public.com , which DOES eventually send request to EA01, responding with login dialog. However, any attempt to enter email address or password fails, including logging in as 'system'. We get the same results when testing from Client 2.
Are there permissions on EmailArchitect datafiles/folders that need to change (eg, add user IUSR) to make this work?
Rank: Administration
Groups: Administrators
Joined: 11/11/2010(UTC) Posts: 1,154
Thanks: 9 times Was thanked: 55 time(s) in 55 post(s)
could you post more detail that how you set the a reverse proxy rule to point?
Rank: Newbie
Groups: Registered
Joined: 4/27/2023(UTC)
Posts: 1
Location: California
Thanks: 1 times
I believe i'm seeing the same issue.
I'm running version 2023.11.0.3.5 with webmail on IIS, behind nginx. I get the login prompt right away but can't login as user or system. No error or feedback.
video illustrating is linked:
https://www.loom.com/sha...5b784452aeda0776d5d8c9e2
Rank: Administration
Groups: Administrators
Joined: 11/11/2010(UTC) Posts: 1,154
Thanks: 9 times Was thanked: 55 time(s) in 55 post(s)
Originally Posted by: opi I believe i'm seeing the same issue.
I'm running version 2023.11.0.3.5 with webmail on IIS, behind nginx. I get the login prompt right away but can't login as user or system. No error or feedback.
video illustrating is linked:
https://www.loom.com/sha...5b784452aeda0776d5d8c9e2 Hi, in 11.3.0.5, the web mail added the Content-Security-Policy header to prevent the XSS attack. From your video, it seems that the script was denied to execute. Please press F12 to open the browser developer tool, click "Console", and then press F5 to refresh current page, and try to re-login, then check the output of the console, it should report some error.
To solve it quickly, please contact our support team by the email address in the following page:
https://www.emailarchitect.net/support.aspx Thank you very much.
1 user thanked ivan for this useful post.
Rank: Administration
Groups: Administrators
Joined: 11/11/2010(UTC) Posts: 1,154
Thanks: 9 times Was thanked: 55 time(s) in 55 post(s)
The major problem is because the following header added to the response:
content-security-policy: default-src https://original_host/emailarchitect/ 'nonce-nonce70522';frame-src 'self'; base-uri 'self'; connect-src 'self'; frame-ancestors 'self'; form-action 'self'; img-src *; style-src 'self' 'unsafe-inline';
It means only the script from https://original_host/emailarchitect/ can be executed.
If you access it from a proxy, the browser requires the script from https://proxy_host/emailarchitect/, then browser will block the script.
There are two solutions:
- Replace default-src https://original_host/emailarchitect/ ' to default-src https://proxy_host/ ' in your proxy, I believe there are some options to replace the response header value in Nginx
- Edit
C:\Program Files (x86)\EmailArchitect\webaccess\common, ajax, m, login\define.asp (4 files) by notepad, you can find the following codes:
Code:
ScriptSrc = ScriptSrc & url
Response.AddHeader "Content-Security-Policy", "default-src " & ScriptSrc & " 'nonce-" & Nonce & "';frame-src 'self'; base-uri 'self'; connect-src 'self'; frame-ancestors 'self'; form-action 'self'; img-src *; style-src 'self' 'unsafe-inline';"
change it to:
Code:
Response.AddHeader "Content-Security-Policy", "default-src " & ScriptSrc & " https://proxy_host/ 'nonce-" & Nonce & "';frame-src 'self'; base-uri 'self'; connect-src 'self'; frame-ancestors 'self'; form-action 'self'; img-src *; style-src 'self' 'unsafe-inline';"
that means the scripts from https://proxy_host/ is allowed as well. chane proxy_host to your proxy address.
Forum Jump
EmailArchitect Support
Email Component Development
- EASendMail SMTP Component - .NET Version
- EASendMail SMTP Component - Windows Store Apps
- EASendMail SMTP ActiveX Object
- EAGetMail POP3 & IMAP4 Component - .NET Version
- EAGetMail POP3 & IMAP4 ActiveX Object
Exchange Server and IIS SMTP Plugin
- DomanKeys/DKIM for Exchange Server and IIS SMTP
- Disclaimer and S/MIME for Exchange Server and IIS
EmailArchitect Email Server
- EmailArchitect Email Server (General)
- EmailArchitect Email Server Development
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.