(06-20-2017, 02:56 AM)TGates Wrote: I just tested a custom vhost entry that redirects smtp.domain.com to wherever I point it too.
So, accessing either port 80 or 443 will redirect to wherever you choose yet should still allow access to your mail ports.
Non-SSL:
Code:
</VirtualHost>
<virtualhost *:80>
ServerName smtp.domain.com
ServerAdmin webmaster@domain.com
Redirect permanent / https://www.google.com/
Code:
</VirtualHost>
<virtualhost *:443>
ServerName smtp.domain.com
ServerAdmin webmaster@domain.com
Redirect permanent / https://www.google.com/
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/mail.domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mail.domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mail.domain.com/chain.pem
# Keeping below for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
Thank you so much!
I edited the above codes so that I don't have to enter a custom vhost entry for each subdomain (smtp..imap..etc)
here's my last settings:
httpd.conf
Code:
# Sentora Apache Include file
# Written by Bobby Allen, 15/05/2011
# Set the Sentora Alias (used for development, sable will eventually use a VHOST)
/Sentora /etc/sentora/panel
# Set a default server name for the master configuration to supress Apache daemon warnings
ServerName localhost
# Setup the directory settings and PHP security flags for the Sentora application directory.
<Directory /etc/sentora/panel>
Options +FollowSymLinks
DirectoryIndex index.php
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_value upload_tmp_dir /var/sentora/temp
</IfModule>
</Directory>
# Disallow web access to directories that don't need it/that we don't want people looking in!
<Directory /etc/sentora/panel/cnf/>
Require all denied
</Directory>
<Directory /etc/sentora/panel/modules/*/hooks>
Require all denied
</Directory>
# Set server tokens
ServerTokens Prod
####################################################################
entry for any undefined domain or direct IP access
<VirtualHost *:80>
Redirect / http://domain.com/
</VirtualHost>
entry for any undefined domain or direct IP access
<VirtualHost *:443>
Redirect / http://domain.com/
</VirtualHost>
####################################################################
# Now we include the generic VHOST configuration file that holds all Sentora user hosted vhost data
Include /etc/sentora/configs/apache/httpd-vhosts.conf
Include /etc/sentora/configs/apache/httpd-ssl-vhosts.confCode:
################################################################
# Apache VHOST configuration file for both http and https to work!
# Set 443 in Sentora Port and VHost for domain and here only 80!
################################################################
# ports to listen (only required ones):
Listen 443
##################################################
# Configuration for Sentora control panel | cp.domain.com | SSL
<virtualhost *:443>
ServerName cp.domain.com
ServerAdmin zadmin@localhost
DocumentRoot "/etc/sentora/panel/"
ErrorLog "/var/sentora/logs/sentora-error.log"
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
# Custom settings are loaded below this line (if any exist)
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/cp.domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cp.domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/cp.domain.com/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
</VirtualHost>
##################################################
################################################################
# Configuration for domain | domain.com | SSL
# DOMAIN: domain.com
<virtualhost *:443>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin zadmin@localhost
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/"
php_admin_value open_basedir "/var/sentora/hostdata/zadmin/public_html/:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/sentora/logs/domains/zadmin/domain.com-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/domain.com-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/domain.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
AddType application/x-httpd-php .php3 .php
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
# Custom Global Settings (if any exist)
# Custom VH settings (if any exist)
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
</virtualhost>
# END DOMAIN: domain.com
################################################################
## No Certificate subdomains fix. SSL ERROR fix
###################
<virtualhost *:443>
ServerName mail.domain.com
ServerAlias *.domain.com
ServerAdmin admin@domain.com
Redirect permanent / http://domain.com/
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/mail.domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mail.domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mail.domain.com/chain.pem
# Keeping below for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
</VirtualHost>
It still may say (SSL ERROR) but it won't expose the IP/User.. Instead it will give error mismatch certificate which is the (mail.domian.com) I think its nice way to handle it!
Also I think if i got *.domain.com wildcard SSL certificate. I won't get any errors :p cuz certificate will be for all!
sadly letsencrypt doesn't provide wildcards yet :c
Again.. thank you so much ^^.
›
SMTP..POP..IMAP (Vulernablilty) Certificate Error
![[Image: EJdKs79.gif]](http://i.imgur.com/EJdKs79.gif)
