[Not Solved]
RE: SMTPTLS port 587 Close after fresh Install
06-10-2024, 02:05 AM
(This post was last modified: 06-10-2024, 02:07 AM by franmm25.)
I think there is a problem with the SSL certificates generated by the SSL module. In my case, to fix the situation, I needed to change the following:
For Postfix:
In main.cf:
The SSL certificates created inside
Not work with Postfix. I needed to install `certbot` on Ubuntu to create and regenerate SSL certificates in the specified path, adding "domain.com (your domain" and "mail.domain.com".
Note that Apache needs to be stopped during the installation.
To fix port 587, add these two lines inside `master.cf` if you want to use both ports simultaneously, or select the port you want:
Also, you need to configure Dovecot with the same paths as in Postfix, need edit dovecot2.conf :
When I ran the test on https://www.checktls.com/TestReceiver, everything worked 100%.
I don’t know if this is the best approach for Sentora, but support told me it is the best way to fix this issue. At the moment, I haven't found another solution, and this works perfectly. Ideally, everything should be activated automatically from Sentora, in my opinion.
Additionally, I have noticed that sometimes the SSL module fails to renew certificates, and other times it doesn’t. I think it is necessary to address these issues.
Regards.
For Postfix:
Quote:Edit main.cf and master.cf
In main.cf:
Quote:smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_cert_file = /etc/letsencrypt/live/domain.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/domain.com/privkey.pem
The SSL certificates created inside
Quote:/var/sentora/hostdata/zadmin/ssl/sencrypt/letsencrypt/domain.com
Not work with Postfix. I needed to install `certbot` on Ubuntu to create and regenerate SSL certificates in the specified path, adding "domain.com (your domain" and "mail.domain.com".
Note that Apache needs to be stopped during the installation.
To fix port 587, add these two lines inside `master.cf` if you want to use both ports simultaneously, or select the port you want:
Quote:smtp inet n - n - - smtpd
587 inet n - y - - smtpd
Also, you need to configure Dovecot with the same paths as in Postfix, need edit dovecot2.conf :
Quote:ssl = yes
ssl_cert = </etc/letsencrypt/live/domain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/domain.com/privkey.pem
When I ran the test on https://www.checktls.com/TestReceiver, everything worked 100%.
I don’t know if this is the best approach for Sentora, but support told me it is the best way to fix this issue. At the moment, I haven't found another solution, and this works perfectly. Ideally, everything should be activated automatically from Sentora, in my opinion.
Additionally, I have noticed that sometimes the SSL module fails to renew certificates, and other times it doesn’t. I think it is necessary to address these issues.
Regards.
