SMTPTLS port 587 Close after fresh Install

[franmm25]

Is there a solution to this, I have observed that after installing some SSL certificates from the module, port 443 no longer appears closed, but this remains closed, is there a solution and on the other hand, SSL certificates also affect the sending of emails, or that is not implemented yet

[Jettaman]

Is there a solution to this, I have observed that after installing some SSL certificates from the module, port 443 no longer appears closed, but this remains closed, is there a solution and on the other hand, SSL certificates also affect the sending of emails, or that is not implemented yet

franmm25,

This port will remain closed until you manually setup postfix/dovecot with TLS cert. This is not a bug or issue.

[franmm25]

I make this changes

=================
Dovecot (dovecot.cnf)
=================
# SSL configuration - Begin

#ssl

= yes
ssl_cert = </etc/letsencrypt/live/test.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/test.com/privkey.pem
# Disable SSLV3 - Poodle
ssl_protocols = !SSLv2 !SSLv3
# SSL configuration - End

=================
Postfix (main.cf)
=================

smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes

smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache

smtpd_tls_cert_file = /etc/letsencrypt/live/test.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/test.com/privkey.pem


But continue with the port 587 closed, restar the services without problem, but i don´t know if its necessary more changes, regards

[franmm25]

Run this test and other tests with 100% results all OK with TLS:

https://www.checktls.com/TestReceiver.

But port 587 continues to show as closed. I don't understand this situation. Can you help with this configuration?, Regards.

[franmm25]

I think there is a problem with the SSL certificates generated by the SSL module. In my case, to fix the situation, I needed to change the following:

For Postfix:

Edit main.cf and master.cf

In main.cf:

smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes

smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache

smtpd_tls_cert_file = /etc/letsencrypt/live/domain.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/domain.com/privkey.pem

The SSL certificates created inside

/var/sentora/hostdata/zadmin/ssl/sencrypt/letsencrypt/domain.com

Not work with Postfix. I needed to install `certbot` on Ubuntu to create and regenerate SSL certificates in the specified path, adding "domain.com (your domain" and "mail.domain.com".

Note that Apache needs to be stopped during the installation.

To fix port 587, add these two lines inside `master.cf` if you want to use both ports simultaneously, or select the port you want:

smtp inet n - n - - smtpd
587 inet n - y - - smtpd

Also, you need to configure Dovecot with the same paths as in Postfix, need edit dovecot2.conf :

ssl = yes
ssl_cert = </etc/letsencrypt/live/domain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/domain.com/privkey.pem

When I ran the test on https://www.checktls.com/TestReceiver, everything worked 100%.

I don’t know if this is the best approach for Sentora, but support told me it is the best way to fix this issue. At the moment, I haven't found another solution, and this works perfectly. Ideally, everything should be activated automatically from Sentora, in my opinion.

Additionally, I have noticed that sometimes the SSL module fails to renew certificates, and other times it doesn’t. I think it is necessary to address these issues.

Regards.

[TGates]

That is how I did it for postfix also, but mine is using my main domain.com certs. I'l have to look into how I did it.