Results 1 to 19 of 19

Thread: DA fresh install , Problem with SSL on SMTP

  1. #1
    Join Date
    Mar 2013
    Posts
    185

    DA fresh install , Problem with SSL on SMTP

    we have new server and fresh install of DA , activated let's encrypt on DA with no problem.

    but SMTP not working for hostname or mail.anydomain.com

    all default values in exim.conf and directadmin.conf used!

    any help?
    ShivaHost.com
    Official DirectAdmin WebHosting accepting PayPal , BitCoin , Ripple , WebMoney and PerfectMoney

  2. #2
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,043
    Hello,

    Did you run an installation script from Directadmin? Or purchased a server with a pre-installed Directadmin?

    According to this https://www.directadmin.com/features.php?id=2184 the mail_sni=1 is enabled by default for new installs.

    If it's different in your case, then you might report it to Directadmin developers.
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

  3. #3
    Join Date
    Mar 2013
    Posts
    185
    Quote Originally Posted by zEitEr View Post
    Hello,

    Did you run an installation script from Directadmin? Or purchased a server with a pre-installed Directadmin?

    According to this https://www.directadmin.com/features.php?id=2184 the mail_sni=1 is enabled by default for new installs.

    If it's different in your case, then you might report it to Directadmin developers.
    I installed from the script. "mail_sni=1" is exist in DA.conf by default. Do I need to do something else like Cert installation?
    ShivaHost.com
    Official DirectAdmin WebHosting accepting PayPal , BitCoin , Ripple , WebMoney and PerfectMoney

  4. #4
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,043
    Sure, you need to install certs for your domains.
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

  5. #5
    Join Date
    Mar 2013
    Posts
    185
    Quote Originally Posted by zEitEr View Post
    Sure, you need to install certs for your domains.
    lets encrypt installed on my domain.com , mail.domain.com , sites loading with HTTPS .
    also lets encrypt installed on my DA hostname and I login to DA with HTTPS.

    but no luck!
    ShivaHost.com
    Official DirectAdmin WebHosting accepting PayPal , BitCoin , Ripple , WebMoney and PerfectMoney

  6. #6
    Join Date
    Jul 2013
    Posts
    146
    Maybe stupid question but: is there firewall blocking it ?

  7. #7
    Join Date
    Mar 2013
    Posts
    185
    Quote Originally Posted by Active8 View Post
    Maybe stupid question but: is there firewall blocking it ?
    all related ports are open in csf : 25 , 465 , 587 , 110 , 993, 995
    ShivaHost.com
    Official DirectAdmin WebHosting accepting PayPal , BitCoin , Ripple , WebMoney and PerfectMoney

  8. #8
    Join Date
    Mar 2013
    Posts
    185
    in this test: https://www.smtper.net/

    i recieve : The remote certificate is invalid according to the validation procedure.
    ShivaHost.com
    Official DirectAdmin WebHosting accepting PayPal , BitCoin , Ripple , WebMoney and PerfectMoney

  9. #9
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,043
    I would not trust remote tests that much.... what's your hostname? You may send via PM if you want to keep it in a secret from public.
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

  10. #10
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,043
    OK, I see a wrong self signed certificate is announced from your server.

    Try and see whether or not
    Code:
    /usr/local/directadmin/scripts/letsencrypt.sh request $(hostname)
    will fix it.
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

  11. #11
    Join Date
    Mar 2013
    Posts
    185
    Quote Originally Posted by zEitEr View Post
    OK, I see a wrong self signed certificate is announced from your server.

    Try and see whether or not
    Code:
    /usr/local/directadmin/scripts/letsencrypt.sh request $(hostname)
    will fix it.
    thank you, now SMTP from my hostname accepted! but from mail.anydomain.com not working!

    in my WHMCS smtp using TLS works with hostname, with SSL not works!
    Last edited by shivahost; 04-11-2019 at 12:36 AM.
    ShivaHost.com
    Official DirectAdmin WebHosting accepting PayPal , BitCoin , Ripple , WebMoney and PerfectMoney

  12. #12
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,043
    > but from mail.anydomain.com not working!

    You need to create certificates and include mail
    .anydomain.com in Directadmin for every domain
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

  13. #13
    Join Date
    Mar 2013
    Posts
    185
    Quote Originally Posted by zEitEr View Post
    > but from mail.anydomain.com not working!

    You need to create certificates and include mail
    .anydomain.com in Directadmin for every domain
    from userlevel in SSL page? I have created lets encrypt for the domain i sent in pm!
    ShivaHost.com
    Official DirectAdmin WebHosting accepting PayPal , BitCoin , Ripple , WebMoney and PerfectMoney

  14. #14
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,043
    I see a server-wide cert for your hostname now. It is either mail_sni is not enabled/installed, or too old version of exim.conf is used. So check the requirements and fix them: enable `mail_sni` and upgrade `exim.conf`.
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

  15. #15
    Join Date
    Mar 2013
    Posts
    185
    Quote Originally Posted by zEitEr View Post
    I see a server-wide cert for your hostname now. It is either mail_sni is not enabled/installed, or too old version of exim.conf is used. So check the requirements and fix them: enable `mail_sni` and upgrade `exim.conf`.
    mail_sni=1 , it was a default of DA install.

    exim.conf 4.5 installed by custombuild with DA fresh install.
    ShivaHost.com
    Official DirectAdmin WebHosting accepting PayPal , BitCoin , Ripple , WebMoney and PerfectMoney

  16. #16
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    398
    Quote Originally Posted by zEitEr View Post
    I see a server-wide cert for your hostname now. It is either mail_sni is not enabled/installed, or too old version of exim.conf is used. So check the requirements and fix them: enable `mail_sni` and upgrade `exim.conf`.
    @zEitEr

    Wich tool do you use for those "test" ?
    DUTCH GERMAN, GERMAN DUTCH

  17. #17
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,043
    I use openssl to test it.

    Try to rebuild configs of Mail related services

    Code:
    cd /usr/local/directadmin/custombuild./build clean
    ./build update
    ./build set eximconf yes
    ./build set eximconf_release 4.5
    ./build set dovecot_conf yes
    ./build exim_conf
    ./build dovecot_conf
    and then

    Code:
    echo "action=rewrite&value=mail_sni" >> /usr/local/directadmin/data/task.queue
    wait a couple of minutes and test again.
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

  18. #18
    Join Date
    Mar 2013
    Posts
    185
    Quote Originally Posted by zEitEr View Post

    Code:
    echo "action=rewrite&value=mail_sni" >> /usr/local/directadmin/data/task.queue
    wait a couple of minutes and test again.
    thanks for your help Alex, this part solve my problem. I think because most of my accounts are restored backups from a server without these configs.
    ShivaHost.com
    Official DirectAdmin WebHosting accepting PayPal , BitCoin , Ripple , WebMoney and PerfectMoney

  19. #19
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,043
    Maybe... though directamdin might have a bug in that part....
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •