This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Support for Email Server TLS encryption on Sentora?
#11
RE: Support for Email Server TLS encryption on Sentora?
You can generate a certitificate with let's encrypt to use with postfix. You can use HTTP or DNS validation for that.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by: zanga
#12
RE: Support for Email Server TLS encryption on Sentora?
Thank you !
Reply
Thanks given by:
#13
RE: Support for Email Server TLS encryption on Sentora?
I generated a certificate with let's encrypt but I guess I'm missing  something.
When I do a check with www.checktls.com I see:

Code:
[001.123]        Connection converted to SSL
[001.127]        
Certificate 1 of 1 in chain:
serialNumber= 42:f5:37:78:04:97:4f:80:05:33:15:c0:00:8b:74:de:8b:e
subject= /CN=mail.domain.com
issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
[001.127]        Cert VALIDATION ERROR(S): unable to get local issuer certificate, certificate not trusted, unable to verify the first certificate
[001.127]        This may help: What Is An Intermediate Certificate
[001.127]        So email is encrypted but the recipient domain is not verified
Reply
Thanks given by:
#14
RE: Support for Email Server TLS encryption on Sentora?
did you make a certificate for mail.domain.com or just for domain.com? It needs to be for mail.domain.com specifically.
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#15
RE: Support for Email Server TLS encryption on Sentora?
It was created for mail.domain.com
Reply
Thanks given by:
#16
RE: Support for Email Server TLS encryption on Sentora?
Since we are new to the SSL thing, I had to check Google. There are a bunch of suggestions for you to try or check.
A couple examples suggest you're referencing the wrong intermediate certificate.
Google: Cert VALIDATION ERROR(S): unable to get local issuer certificate, certificate not trusted, unable to verify the first certificate
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by: zanga
#17
RE: Support for Email Server TLS encryption on Sentora?
(09-15-2017, 05:19 PM)zanga Wrote: I generated a certificate with let's encrypt but I guess I'm missing  something.
When I do a check with www.checktls.com I see:

Code:
[001.123]        Connection converted to SSL
[001.127]        
Certificate 1 of 1 in chain:
serialNumber= 42:f5:37:78:04:97:4f:80:05:33:15:c0:00:8b:74:de:8b:e
subject= /CN=mail.domain.com
issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
[001.127]        Cert VALIDATION ERROR(S): unable to get local issuer certificate, certificate not trusted, unable to verify the first certificate
[001.127]        This may help: What Is An Intermediate Certificate
[001.127]        So email is encrypted but the recipient domain is not verified

I have that issue with the mail server and google. it is now compulsory to have a ssl/ttl connection for google to show/display the secure lock icon as well as the mail not being sent straight to spam into the gmail mailbox.

and stay away from port 25 that will give you that warning from google, and for whatever reason they seem to not deliver the emails to the gmail server. or you have set this up at home and your isp screwed there config.

for my Sentora test server which I run at home did that and I traced the error back to the ISP, they had to configure there mail client correctly.
-BetaTester3.0  ||  Just Another Sentora User. 

Did you know, Sentora has a full Support Documentation ?
If I helped +rep & Thanks is appreciated.
BTC: 1Bps3ZerDFDDnXJ9XdWtHhdhwsV4MVGLkw

Reply
Thanks given by: zanga
#18
RE: Support for Email Server TLS encryption on Sentora?
Found the issue, in the postfix configuration I added the cert instead of the fullchain and the private key.
All green now Big Grin
Reply
Thanks given by:
#19
RE: Support for Email Server TLS encryption on Sentora?
Glad you sorted it out Big Grin
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:
#20
RE: Support for Email Server TLS encryption on Sentora?
(09-20-2017, 05:09 PM)zanga Wrote: Found the issue, in the postfix configuration I added the cert instead of the fullchain and the private key.
All green now Big Grin

when you say you added the cert (which caused error)

smtp_use_tls = no
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/letsencrypt/live/mail.domain.tk/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.domain.tk/cert.pem   < WHAT SHOULD I PUT HERE IF NOT CERT PATH?
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.domain.tk/fullchain.pem

as you see above in postfix main.cnf 
I added cert path ????

what should go there to stop error?
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Email has suddenly stopped coming through rsthomas 4 4 ,687 10-12-2022, 09:29 PM
Last Post: rsthomas
External mail client cannot connect to server iraqiboy90 2 6 ,147 02-28-2021, 11:34 AM
Last Post: iraqiboy90
can not send email - SMTP error on roundcube wolvepy 9 28 ,984 01-03-2020, 08:37 AM
Last Post: Telepuzik

Forum Jump:


Users browsing this thread: 1 Guest(s)