This solution was tested with Froxlor 0.9.27.

  1. Create subdomain as full domain. As a Froxlor admin user, create a new domain and enter as domain name. You can choose any host, ideally your main / default domain. This type fo configuration is called a "full domain", allowing full configuration like vhost file additions that are not available for subdomains created by customers.
  2. Make webmail available under your single subdomain. That is, either install your webmail package it in the default document root location provided by Froxlor, or  point that document root location with a symlink to the document root directory provided by your installation (for example /usr/share/roundcube for Roundcube installed as a Debian package).
  3. Adapt open_basedir. If you want to use the open_basedir PHP ini setting (available in the Froxlor domain configuration) for your webmail installation,  you may have to add some directories as explained here because for example, Roundcube needs to include PEAR classes, write to logs etc.. Check the Apache error log to know which ones to include. However, do not simply include the directories named in the error log, but check these paths for symlink components, and configure open_basedir with equivelanet paths that have no directory symlinks in them. It won't work otherwise! In my case it was finally:
      php_admin_value open_basedir "/usr/share/roundcube/:/var/lib/roundcube/:/var/log/roundcube/:/etc/roundcube/:/usr/share/php/:/tmp/"
  4. Add ServerAlias. Again in the "Own vHost settings" section the Froxlor domain configuration dialog of your domain, add this line:
      ServerAlias webmail.*.*
  5. Make sure the webmail subdomain resolves to your server's IP for all customer domains. The simplest way to achieve this is to set "Enter as wildcard domain?: Yes" for all customer domains (that are not subdomains themselves). This option is only available when editing these domains with the customer's user in Froxlor, via "Resources -> Customers", then clicking a customer's name, which su's you to the customer's user, then editing the customer's domain. If this option is still not available it is because you have configured an insufficient number of subdomains for the respective customer in Froxlor; there has to be at least one per domain.
  6. Re-create configs. For that, do one of these:
    1. Execute this via SSH on the server:
      php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force
    2. Wait until the next Froxlor cron job runs, which will also rewrite all vhost configs that need changes. (Clicking "Server -> Re-create configs" in Froxlor won't speed that up, it just queues additional config files for re-creation.)
  7. Restart Apache. Because the config changes will not be picked up in all cases automatically. So:
    service restart apache2
  8. Test. Now, a webmail subdomain should be available for every second level domain hosted on your server:, etc..

Webmail subdomains at any level?

With Froxlor, it is not easily possible to add webmail subdomains also to subdomains, like or However, this is hardly needed anyway. The only workaround so far is to create every subdomain as a "full domain" in Froxlor, like shown above, and to disable the "Enter as wildcard domain" setting for it. Note that you can create a "full domain" only as admin, but the "Enter as wildcard domain" setting is only available when modifying this domain as customer (completely counterintuitive to have settings hidden from admins!). Of course, when hosting websites for customers, you don't want them to bother you the admin whenever they need a new subdomain, so this solution is hardly practical for those cases.

The reason for this problem is something that I see as a bug in Froxlor: it creates a wildcard ServerAlias * for every subdomain created by a customer user (that is, every non-full domain). And there's no way to disable that except for patching the source code. While for all domains added as full domains, there is an option to disable that (see above, and as explained in Froxlor issue 175).

Why is there no conflict between "Enter as wildcard domain" for a customer domain, and ServerAlias webmail.*.*?

The reason that the above ServerAlias wildcard directive for webmail subdomains works together with the "Enter as wildcard domain" setting for every second level domain is that the corresponding config file is included fist by Apache, so webmail.*.* takes precedence over * because Apache works on first-match basis here. And the reason it is included first is just that third-level domains (subdomains) created as "full domains" have a config file filename starting with "21_" while second-level domains (normal domains) start with "22_", respectively. We had good luck with a bad hack here 😉

Even more strange, the "Enter as wildcard domain" setting is even required to make in Froxlor if you followed the instructions above. But not to make the webmail subdomain resolve to the same content as the customer's domain, as intended by Froxlor. Rather to force the creation of a wildcard nameserver entry that resolves th webmail subdomain to the same IP address as the server, where it will then be picked up by "ServerAlias webmail.*.*", to show the content of your webmail system.

Leave a reply

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>