This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Support for Email Server TLS encryption on Sentora?
#11
[Not Solved] RE: Support for Email Server TLS encryption on Sentora?
You can generate a certitificate with let's encrypt to use with postfix. You can use HTTP or DNS validation for that.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Coldfusion Freelance

10$ free to start your VPS

Reply
Thanks given by: zanga
#12
[Not Solved] RE: Support for Email Server TLS encryption on Sentora?
Thank you !
Reply
Thanks given by:
#13
[Not Solved] RE: Support for Email Server TLS encryption on Sentora?
I generated a certificate with let's encrypt but I guess I'm missing  something.
When I do a check with http://www.checktls.com I see:

Code:
[001.123]        Connection converted to SSL
[001.127]        
Certificate 1 of 1 in chain:
serialNumber= 42:f5:37:78:04:97:4f:80:05:33:15:c0:00:8b:74:de:8b:e
subject= /CN=mail.domain.com
issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
[001.127]        Cert VALIDATION ERROR(S): unable to get local issuer certificate, certificate not trusted, unable to verify the first certificate
[001.127]        This may help: What Is An Intermediate Certificate
[001.127]        So email is encrypted but the recipient domain is not verified
Reply
Thanks given by:
#14
[Not Solved] RE: Support for Email Server TLS encryption on Sentora?
did you make a certificate for mail.domain.com or just for domain.com? It needs to be for mail.domain.com specifically.
-TGates - Head of Support

SEARCH the Forums or read the DOCUMENTATION before posting!
Modules Maintained: 13 - Module Installs: 108k+

Find my support or modules helpful? Donate HERE
Get your domains using my affiliate link:
GoDaddy - Domains
Reply
Thanks given by:
#15
[Not Solved] RE: Support for Email Server TLS encryption on Sentora?
It was created for mail.domain.com
Reply
Thanks given by:
#16
[Not Solved] RE: Support for Email Server TLS encryption on Sentora?
Since we are new to the SSL thing, I had to check Google. There are a bunch of suggestions for you to try or check.
A couple examples suggest you're referencing the wrong intermediate certificate.
Google: Cert VALIDATION ERROR(S): unable to get local issuer certificate, certificate not trusted, unable to verify the first certificate
-TGates - Head of Support

SEARCH the Forums or read the DOCUMENTATION before posting!
Modules Maintained: 13 - Module Installs: 108k+

Find my support or modules helpful? Donate HERE
Get your domains using my affiliate link:
GoDaddy - Domains
Reply
Thanks given by: zanga
#17
[Not Solved] RE: Support for Email Server TLS encryption on Sentora?
(09-15-2017, 05:19 PM)zanga Wrote: I generated a certificate with let's encrypt but I guess I'm missing  something.
When I do a check with http://www.checktls.com I see:

Code:
[001.123]        Connection converted to SSL
[001.127]        
Certificate 1 of 1 in chain:
serialNumber= 42:f5:37:78:04:97:4f:80:05:33:15:c0:00:8b:74:de:8b:e
subject= /CN=mail.domain.com
issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
[001.127]        Cert VALIDATION ERROR(S): unable to get local issuer certificate, certificate not trusted, unable to verify the first certificate
[001.127]        This may help: What Is An Intermediate Certificate
[001.127]        So email is encrypted but the recipient domain is not verified

I have that issue with the mail server and google. it is now compulsory to have a ssl/ttl connection for google to show/display the secure lock icon as well as the mail not being sent straight to spam into the gmail mailbox.

and stay away from port 25 that will give you that warning from google, and for whatever reason they seem to not deliver the emails to the gmail server. or you have set this up at home and your isp screwed there config.

for my Sentora test server which I run at home did that and I traced the error back to the ISP, they had to configure there mail client correctly.
-BetaTester3.0  ||  Just Another Sentora User. 

Did you know, Sentora has a full Support Documentation ?
If I helped +rep & Thanks is appreciated.
BTC: 1Bps3ZerDFDDnXJ9XdWtHhdhwsV4MVGLkw

Reply
Thanks given by: zanga
#18
[Not Solved] RE: Support for Email Server TLS encryption on Sentora?
Found the issue, in the postfix configuration I added the cert instead of the fullchain and the private key.
All green now Big Grin
Reply
Thanks given by:
#19
[Not Solved] RE: Support for Email Server TLS encryption on Sentora?
Glad you sorted it out Big Grin
-TGates - Head of Support

SEARCH the Forums or read the DOCUMENTATION before posting!
Modules Maintained: 13 - Module Installs: 108k+

Find my support or modules helpful? Donate HERE
Get your domains using my affiliate link:
GoDaddy - Domains
Reply
Thanks given by:
#20
[Not Solved] RE: Support for Email Server TLS encryption on Sentora?
(09-20-2017, 05:09 PM)zanga Wrote: Found the issue, in the postfix configuration I added the cert instead of the fullchain and the private key.
All green now Big Grin

when you say you added the cert (which caused error)

smtp_use_tls = no
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/letsencrypt/live/mail.domain.tk/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.domain.tk/cert.pem   < WHAT SHOULD I PUT HERE IF NOT CERT PATH?
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.domain.tk/fullchain.pem

as you see above in postfix main.cnf 
I added cert path ????

what should go there to stop error?
Reply
Thanks given by:


Possibly Related Threads...
Thread Author Replies Views Last Post
Incoming email not receiving. OinkyOverlord 2 64 05-24-2018, 10:39 PM
Last Post: natansousa1992
How to configure mail server? Como configurar servidor de email? natansousa1992 0 25 05-24-2018, 12:03 PM
Last Post: natansousa1992
Setting up SSL TLS for Sentora Mail - Centos 7 Qtech 0 158 03-18-2018, 03:54 AM
Last Post: Qtech

Forum Jump:


Users browsing this thread: 1 Guest(s)