SSL and EMAIL

4 posts / 0 new
Last post
#1 Wed, 09/25/2019 - 21:14
programit

SSL and EMAIL

I have been struggling with email on virtualmin for well over 12 months with SSL for multiple domains. I can find no useful documentation anywhere on setting up Secure email for multiple domains using webmin / virtualmin. For example : My host site could be server.MYHOST.COM with mail.MYHOST.com, ns.MYHOST.COM etc and using its SSL cert in postfix etc. Then I have Websites: WEBSITE1.COM SECONDSITE.COM WEB3.COM etc all with there own SSL certificate for website. Webmin will configure email servers for the users as mail.WEBSITE1.COM, or mail.WEB3.COM etc and these will give security errors within outlook etc. mail.MYHOST.COM with admin@MYHOST.COM works fine. EVERY email address that is not the myhost.com gives a warning in outlook re SSL Certificate even though every site has ssl website access fine.

I have had suggestions to use mail.MYHOST.COM as servers for the other domains and that doesn't help as user1@WEBSITE1.COM gives error its using MYHOST.COM cert for email. I have been told to setup up a seperate domain just for email, but again limited info and limited success. Is there a tutorial, info etc on how to configure email for multiple domains that comply with SSL etc.? I have recently bought a 3rd server, this one dedicated, and am trying to set it up correctly and still the same issues. Currently this server is not in production so I can attempt to try and find a solution. Yes I have 5 ip addresses on this server and NO I cannot dedicate and IP to every domain. I WAS thinking of dedicating 1 to the MailServer and sharing the rest amongst the 11 domains I want to shift to it. I am aiming at simple as possible for all. IE clients can setup their clients with autoconfig etc and add and remover users as they need without endless headaches. My early shared system use to handle this easily but not so much with virtualmin. I believe its only setting but WHICH settings?

Thu, 09/26/2019 - 01:24
mewG

iirc the only way is to allocate an IP for each domain and configure it as detailed here(https://serverfault.com/questions/344038/virtual-domains-with-postfix-an...), ignore cert warnings(terrible idea), or do something like described here(https://community.letsencrypt.org/t/1-ip-multiple-domains-postfix-doveco...) and list all outgoing domains under a single cert doubt there will be anyway to automate that in web/virtualmin.

Thu, 09/26/2019 - 03:29
TheRavenKing

Hi, I don't believe that the mail server is SNI [Apache is] that means, you need to have the MX record of the server using your mail server, and in the templates set it to that. manually change existing records of course it is not perfect but will work. check if the mail server is ok, www.checktls.com and www.ssllabs.com Then your customer should use for incoming and outgoing mail server your server like server.domain.tld

Wed, 10/02/2019 - 06:09
programit

Finally got emails to work using ssl and appropriate setting. Even got a 100% confidence factor on checktls.com and a 98% on emailsecuritygrader.com. (SPF Client test still need to tweak.)
Outlook actually trust the certificates and appears happy.
I'm currently writing up a bit of a tutorial / cheat sheet on how I did it and will post a link when done if anyones interested.
The biggest problem now is the autoconfig.cgi files generated.
I change them to suit the setup but for some reason virtualmin changes then regularly back to the incorrect settings.
The problem is the variables it set.

For example if my server was fred.theserver.com and the website whos email I'm hosting is mywebsite.com then I need the following:

$OWNER = "mywebsite\ website\ ";
$USER = 'mywebsite';
$SMTP_HOST = 'mail.theserver.com';
$SMTP_PORT = '465';
$SMTP_TYPE = 'SSL';
$SMTP_SSL = 'yes';
$SMTP_ENC = 'password-cleartext';
$IMAP_HOST = 'mail.theserver.com';
$IMAP_PORT = '993';
$IMAP_TYPE = 'SSL';
$IMAP_SSL = 'yes';
$IMAP_ENC = 'password-cleartext';
$PREFIX = 'mywebsite';
$STYLE = '6';

Instead  the VM changes the settings to:

$SMTP_HOST = 'mail.mywebsite.com';
$SMTP_Port = '587';
$SMTP_TYPE = 'Plain';
$SMTP_SSL = 'No';
etc. etc

I then manually change the autoconfig.cgi file and all is good again till the next update, or user or what?
Where is it actually getting these values from?
I can't find anywhere in VM or WM containing these settings. I assume its taking info from postfix and dovecot but where and what?
I've tried changing the template in the server template with minimal success.