MTA-STS and DAME

Discussion in 'Installation/Configuration' started by Eliezer Ga, May 20, 2021.

  1. Eliezer Ga

    Eliezer Ga New Member

    Hi All,
    We test our email using this site: https://www.checktls.com/TestReceiver and shows the result below:
    upload_2021-5-20_18-14-58.png
    I would like to ask How can I configure MTA-STS and DANE in our ispconfig server? Thank you for your help.
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Don't. Especially if you don't know much about it, it will be a pain in the ass when things are not working. Most servers are not using this either.

    The same goes for this, but if you really want to set it up, generate the DANE record based on your certificate and add it to your zone.

    (Note: I do use DANE for my hosting company, but no MTA-STS)
     
  3. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    here's some instructions for implementing MTA-STS, would need to modify some steps to apply it within ispconfig, and would need to be done manually. it would need code changes to ispconfig to be able to apply it automatically, (eg by a checkbox/form in the ispconfig gui) and would need the dns/mail/website to all be controlled by ispconfig. if any one or more service is not managed by ispconfig then you're always going to have manual steps.

    https://www.digitalocean.com/commun...-for-your-domain-using-apache-on-ubuntu-18-04
     
  4. Eliezer Ga

    Eliezer Ga New Member

    Hi Th0m,
    Could you please help me how to generate the DANE record on my certificate? Thank you :)
     
  5. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    One quick search "DANE record generator" gives you tools like https://ssl-tools.net/tlsa-generator
     
  6. Eliezer Ga

    Eliezer Ga New Member

    Hi Th0m,

    Thank you I will give it a shot and will let you know
     
  7. Eliezer Ga

    Eliezer Ga New Member

    Hi Th0m,
    I follow your instructions and when I do a DANE checker it shows this:
    upload_2021-5-20_21-32-13.png

    Any thoughts?
     
  8. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    A DANE record would be added for port 25, not 587. Please note again that without the necessary knowledge on this it is not wise to attempt setting this up - at least for a setup that's used in production.
     
  9. Eliezer Ga

    Eliezer Ga New Member

    Hi Th0m,
    My apology for this. I have another inquiry. Where can I find the certificate for incoming mail server? Because when I do a SSL checker for outgoing it shows this:
    upload_2021-5-20_22-30-46.png

    but for the incoming mail server it shows this:
    upload_2021-5-20_22-32-40.png

    Thank you for your help
     

    Attached Files:

  10. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Try restarting dovecot.
     

Share This Page