SSL for postfix. Not possible to use other than hostname ssl.

Discussion in 'Installation/Configuration' started by ozgurerdogan, Apr 11, 2020.

  1. ozgurerdogan

    ozgurerdogan Member

    I setup ssl for hostname for ispconfig itself and created a vhost with hostname and also set ssl for that hostname for mail ssl.
    And in postfix I pointed to this ssl path:
    # TLS parameters
    smtpd_tls_cert_file = /etc/letsencrypt/live/
    smtpd_tls_key_file = /etc/letsencrypt/live/
    myhostname =
    And was able to confirm tls here.

    Problem is Thunderbird setup runs fine on first mail account setup (can send and recieve mails with ssl enabled ports 465 - 995) but if I restart Thunderbird, it ask for ssl exception popup and there it points ssl is pointing to NOT

    Do I really have to use for incoming and outgoing servers ?

    When thunderbird show popup for securtiy alert, there I see and if I remove :995 it can validate ssl fine.

    I setup mail on my myEmail app on mobile device. And it works fine. It could be related to Thunderbird?
    Last edited: Apr 11, 2020
  2. ozgurerdogan

    ozgurerdogan Member

    Ok I had to set cert path in dovecot.conf
    ssl_cert = </etc/letsencrypt/live/
    ssl_key = </etc/letsencrypt/live/

    So far seem fines.
    Th0m likes this.
  3. till

    till Super Moderator Staff Member ISPConfig Developer

  4. ozgurerdogan

    ozgurerdogan Member

    Thank you for warning. Is that ok if I set:

    ln -s /etc/letsencrypt/live/ smtpd.cert
    ln -s /etc/letsencrypt/live/ smtpd.key
    instead of:
    ln -s /usr/local/ispconfig/interface/ssl/ispserver.crt smtpd.cert
    ln -s /usr/local/ispconfig/interface/ssl/ispserver.key smtpd.key
    Also I think of setting smtpd_tls_security_level = may to encrypt Would it get overwritten next update?
  5. ozgurerdogan

    ozgurerdogan Member

    Also postfix and dovecot did not like it. Dovecot service does not start and mail client make timeout error.
    I want to be able to use ssl hostname for mail clients. This server is only holding one web site.
    Last edited: Apr 11, 2020
  6. ozgurerdogan

    ozgurerdogan Member

    Ok my bad. It is running fine. One more question, I want to change
    smtpd_tls_security_level = encrypt
    Will it also get lost with update? How to protect it ?
  7. Taleman

    Taleman Well-Known Member HowtoForge Supporter

Share This Page