SSL domain EXIM

Tomy666

Verified User
Joined
Jan 12, 2020
Messages
8
Hello
I am inexperienced with exim & dovecot .
I installed exim and dovecot. In general, everything works well. Exim and dovecot use SSL self-signed certificates in /etc/exim.cert.
How to set EXIM to use domain certificates Let's Encrypt ?
np: Create ssl free Let's Encrypt in directadmin for mydomain.com , I would like to see SSL (lets encrypt) port 465 ( exim) and 143(dovecot).
I tried with the tutorials forum. however it didn't work ;-/

What should I change ?

My exim.conf
Code:
# SpamBlockerTechnology* powered exim.conf, Version 4.5.23
# August 15, 2018
# Exim configuration file for DirectAdmin
# Requires exim.pl as distributed by DirectAdmin here:
# http://files.directadmin.com/services/exim.pl version 21 or higher
# ClamAV optional
# SpamAssassin optional
# Dovecot/IMAP Mandatory
# *SpamBlockerTechnology is a Trademark of NoBaloney Internet Services:
# http://www.nobaloney.net
#
# WARNING! Do NOT use this exim.conf Exim configuration file unless you
# make the required modifications to your Exim configuration
# following the instructions in the README file included in this
# distribution:
# README-SpamBlockerVersion4exim.conf.txt
#
# The original exim.conf file distributed with Exim 4, includes the
# following copyright notice:
#
# Copyright (C) 2002 University of Cambridge, Cambridge, UK
#
# Portions of the file are taken from the exim.conf file as
# distributed with DirectAdmin (http://www.directadmin.com/)
#
# Copyright (C) 2003-2011 JBMC Software, St Albert, AB, Canada
#
# Portions of this file are written by NoBaloney Internet Services
# and are copyright as follows:
#
# Copyright (C) 2004-2011 NoBaloney Internet Services, Riverside, Calif., USA
#
# The entire Exim 4 distribution, including the exim.conf file, is
# distributed under the GNU GENERAL PUBLIC LICENSE, Version 2,
# June 1991. If you do not have a copy of the GNU GENERAL PUBLIC LICENSE
# you may download it, in it's entirety, from the website at:
#
# http://www.nobaloney.net/exim/gnu-gpl-v2.txt
#
# Thanks to all the members of the DirectAdmin community and of the exim
# community who have given their # much needed and appreciated help.
#
# The most recent version of this file may always downloaded from the website
# at: http://www.nobaloney.net/downloads/spamblocker
#
# MODIFICATION INSTRUCTIONS
#
# YOU MUST MAKE THE CHANGES TO THIS
# SpamBlockerTechnology* powered exim.conf, Version 4.0
# file as documented in the README file.
#
# The README file for this version is named:
# README-SpamBlockerVersion4exim.conf.txt

# CONFIGURATION STARTS HERE

#EDIT#1:
# primary_hostname =
smtp_active_hostname = ${if exists{/etc/virtual/helo_data}{${lookup{$interface_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}

#EDIT#2-CLAMAV:
# av_scanner = clamd:/var/run/clamav/clamd
#.include_if_exists /etc/exim.clamav.load.conf

#Block Cracking variables
.include_if_exists /etc/exim.blockcracking/variables.conf

#Easy Spam Figher variables
.include_if_exists /etc/exim.easy_spam_fighter/variables.conf

#SRS
.include_if_exists /etc/exim.srs.conf

#EDIT#3:
# qualify_domain =

#EDIT#4:
perl_startup = do '/etc/exim.pl'

#EDIT#5:
system_filter = /etc/system_filter.exim

#EDIT#6:
untrusted_set_sender = *

#EDIT#7:
#daemon_smtp_ports=25 : 587 : 465 moved to exim.variables.conf
#tls_on_connect_ports = 465 moved to exim.variables.conf

#EDIT#8:
local_from_check = false

RBL_DNS_LIST=\
       cbl.abuseat.org : \
       bl.spamcop.net : \
       b.barracudacentral.org : \
       zen.spamhaus.org

.include /etc/exim.variables.conf
.include /etc/exim.strings.conf
.include_if_exists /etc/exim.strings.conf.custom

#EDIT#10:
helo_allow_chars = _

#EDIT#11:
log_selector = \
  +delivery_size \
  +sender_on_delivery \
  +received_recipients \
  +received_sender \
  +smtp_confirmation \
  +subject \
  +smtp_incomplete_transaction \
  -dnslist_defer \
  -host_lookup_failed \
  -queue_run \
  -rejected_header \
  -retry_defer \
  -skip_delivery \
  +arguments

#EDIT#12:
syslog_duplication = false

#EDIT#13:
acl_not_smtp = acl_script
acl_smtp_auth = acl_check_auth
acl_smtp_connect = acl_connect
acl_smtp_helo = acl_check_helo
acl_smtp_mail = ${if ={$interface_port}{587} {accept} {${if ={$interface_port}{10025} {acl_smtp_mail_proxy}{acl_check_mail}}}}
acl_smtp_mailauth = smtp_mailauth
acl_smtp_rcpt = acl_check_recipient
acl_smtp_dkim = ${if ={$interface_port}{587} {accept}{acl_check_dkim}}
acl_smtp_data = acl_check_message
acl_smtp_mime = acl_check_mime

#EDIT#14:
addresslist whitelist_senders = nwildlsearch;/etc/virtual/whitelist_senders
addresslist blacklist_senders = nwildlsearch;/etc/virtual/blacklist_senders
domainlist blacklist_domains = nwildlsearch;/etc/virtual/blacklist_domains
domainlist whitelist_domains = nwildlsearch;/etc/virtual/whitelist_domains
domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains = lsearch;/etc/virtual/domains
domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
domainlist skip_rbl_domains = nwildlsearch;/etc/virtual/skip_rbl_domains
hostlist skip_rbl_hosts = ${if exists{/etc/virtual/skip_rbl_hosts}{wildlsearch;/etc/virtual/skip_rbl_hosts}}
hostlist skip_rbl_hosts_ip = ${if exists{/etc/virtual/skip_rbl_hosts_ip}{/etc/virtual/skip_rbl_hosts_ip}}
hostlist auth_relay_hosts = *
hostlist bad_sender_hosts = nwildlsearch;/etc/virtual/bad_sender_hosts
hostlist bad_sender_hosts_ip = /etc/virtual/bad_sender_hosts_ip
hostlist whitelist_hosts = nwildlsearch;/etc/virtual/whitelist_hosts
hostlist whitelist_hosts_ip = /etc/virtual/whitelist_hosts_ip
hostlist proxy_hosts_ip = ${if exists{/etc/virtual/proxy_hosts_ip}{/etc/virtual/proxy_hosts_ip}}
BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames
BLACKLIST_SMTP_USERNAMES = /etc/virtual/blacklist_smtp_usernames
BLACKLIST_SCRIPT_USERNAMES = /etc/virtual/blacklist_script_usernames

#EDIT#15:
#domainlist skip_av_domains = nwildlsearch;/etc/virtual/skip_av_domains

#EDIT#16:
#relay_hosts/pophosts moved to variables.conf

#EDIT#17:
never_users = root

#EDIT#18:
host_lookup = *

#EDIT#19:
rfc1413_hosts = *
rfc1413_query_timeout = 0s

#EDIT#20:
#exim.variables.conf

#EDIT#21:
#exim.variables.conf

#EDIT#22:
#exim.variables.conf

#EDIT#23:
tls_advertise_hosts = *
#auth_over_tls_hosts = *

.include_if_exists /etc/exim.variables.conf.post

##################################################################################
# Access Control Lists
##################################################################################
begin acl


######################################
# ACL CONNECT
######################################
#EDIT#24:
acl_connect:
  warn set acl_c_spam_assassin_has_run = 0
  warn set acl_m_is_whitelisted = 0
  warn set acl_c_accept_recipient_if_whitelisted = 1
  .include_if_exists /etc/exim.easy_spam_fighter/connect.conf
  accept hosts = *


######################################
# ACL CHECK MAIL
######################################
acl_check_mail:
  accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}

#EDIT#31:
  accept  sender_domains = +whitelist_domains
          logwrite = $sender_host_address whitelisted in local domains whitelist
          set acl_m_is_whitelisted = 1
  accept  hosts = +whitelist_hosts
          logwrite = $sender_host_address whitelisted in local hosts whitelist
          set acl_m_is_whitelisted = 1
  accept  hosts = +whitelist_hosts_ip
          logwrite = $sender_host_address whitelisted in local hosts IP whitelist
          set acl_m_is_whitelisted = 1
  # accept if envelope sender is in whitelist
  accept  senders = +whitelist_senders
          logwrite = $sender_host_address whitelisted in local sender whitelist
          set acl_m_is_whitelisted = 1

  .include_if_exists /etc/exim.easy_spam_fighter/check_mail.conf
  accept


######################################
# ACL CHECK AUTH
######################################

smtp_mailauth:
 accept
   hosts          = <; 127.0.0.1 ; ::1
   condition      = ${if eq{$interface_port}{10025}}
   log_message    = Will accept MAIL AUTH parameter for $authenticated_sender
 deny
 
acl_smtp_mail_proxy:
 deny
   condition      = ${if eq{$interface_port}{10025}}
   condition      = ${if eq{$authenticated_sender}{}}
   message        = All connections on port $interface_port need MAIL AUTH sender

######################################
# ACL CHECK AUTH
######################################
#EDIT#24.5#
acl_check_auth:
  drop  set acl_m_authcount = ${eval10:0$acl_m_authcount+1}
        condition = ${if >{$acl_m_authcount}{2}}
        delay = 10s
        message = ONLY_ONE_AUTH_PER_CONN

  accept


######################################
# ACL CHECK HELO
######################################
#EDIT#25:
acl_check_helo:

  .include_if_exists /etc/exim.acl_check_helo.pre.conf

  # accept mail originating on this server unconditionally
  accept  hosts = <;; @[]; 127.0.0.0/8 ; ::1 ; @
  # deny if the HELO pretends to be this host
    deny message = HELO_HOST_IMPERSANATION
      condition = ${if or { \
                            {eq{$sender_helo_name}{$smtp_active_hostname}} \
                            {eq{$sender_helo_name}{[$interface_address]}} \
                          } {true}{false} }
  # deny if the HELO is an IP address
    deny message = HELO_IS_IP
         condition   = ${if eq{$interface_port}{25}}
         condition   = ${if isip{$sender_helo_name}}
  # deny if hostname if ylmf-pc, which accounts for a HUGE percentage of BF attacks
    deny message = HELO_BLOCKED_FOR_ABUSE
         condition   = ${if eq{$sender_helo_name}{ylmf-pc}}
  # deny if the HELO pretends to be one of the domains hosted on the server
    deny message = HELO_IS_LOCAL_DOMAIN
        condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}}
        hosts = ! +relay_hosts
        
  .include_if_exists /etc/exim.acl_check_helo.post.conf

  accept


######################################
# ACL SCRIPT
######################################
acl_script:

  .include_if_exists /etc/exim.acl_script.pre.conf

  discard set acl_m_uid = ${perl{find_uid}}
          set acl_m_username = ${perl{get_username}{$acl_m_uid}}
          condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
          condition = ${if >{${perl{hit_limit_user}{$acl_m_username}}}{1}}
          message = USER_TOO_MANY

  discard condition = ${if !eq{$originator_uid}{$exim_uid}}
          condition = ${if exists{BLACKLIST_USERNAMES}}
          condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}}
          message = USER_ON_BLACKLIST_SCRIPT BLACKLIST_USERNAMES

  discard condition = ${if !eq{$originator_uid}{$exim_uid}}
          condition = ${if exists{BLACKLIST_SCRIPT_USERNAMES}}
          condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_SCRIPT_USERNAMES}{1}{0}}
          message = USER_ON_BLACKLIST_SCRIPT BLACKLIST_SCRIPT_USERNAMES

  .include_if_exists /etc/exim.blockcracking/script.conf

  accept

  .include_if_exists /etc/exim.blockcracking/script.recipients.conf


######################################
# ACL CHECK RECIPIENT
######################################
#EDIT#26:
acl_check_recipient:

  .include_if_exists /etc/exim.acl_check_recipient.pre.conf

  # block certain well-known exploits, Deny for local domains if
  # local parts begin with a dot or contain @ % ! / |
  deny  domains       = +local_domains
        message = Invalid characters in local_part
        local_parts   = ^[.] : ^.*[@%!|]

  # If you've hit the limit, you can't send anymore. Requires exim.pl 17+
  drop  message = AUTH_TOO_MANY
        condition = ${perl{auth_hit_limit_acl}}
        authenticated = *

  drop  message = MULTIPLE_BOUNCE_RECIPIENTS
        senders = : postmaster@*
        condition = ${if >{$recipients_count}{0}{true}{false}}

  drop  message = TOO_MANY_FAILED_RECIPIENTS
        log_message = REJECTED - Too many failed recipients - count = $rcpt_fail_count
        condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
        !verify = recipient/callout=2m,defer_ok,use_sender

  defer  message = DOMAIN_SUSPENDED
        domains = +local_domains
        condition = ${if exists{/etc/virtual/${domain}_off}{yes}{no}}

  drop  authenticated = *
        condition = ${if exists{BLACKLIST_USERNAMES}}
        set acl_m_uid = ${perl{find_uid_auth_id}{$authenticated_id}}
        set acl_m_username = ${perl{get_username}{$acl_m_uid}}
        condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
        condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}}
        message = USER_ON_BLACKLIST_SMTP
        logwrite = User account $acl_m_username is blocked via BLACKLIST_USERNAMES

  drop  authenticated = *
        condition = ${if exists{BLACKLIST_SMTP_USERNAMES}}
        condition = ${lookup{$authenticated_id}lsearch{BLACKLIST_SMTP_USERNAMES}{1}{0}}
        message = USER_ON_BLACKLIST_SMTP
        logwrite = E-Mail account $authenticated_id is blocked via BLACKLIST_SMTP_USERNAMES

  drop  authenticated = *
        condition = ${if exists{BLACKLIST_SMTP_USERNAMES}}
        set acl_m_uid = ${perl{find_uid_auth_id}{$authenticated_id}}
        set acl_m_username = ${perl{get_username}{$acl_m_uid}}
        condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
        condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_SMTP_USERNAMES}{1}{0}}
        message = USER_ON_BLACKLIST_SMTP
        logwrite = User account $acl_m_username is blocked via BLACKLIST_SMTP_USERNAMES

  .include_if_exists /etc/exim.easy_spam_fighter/check_rcpt.mid.conf

  # Deny if the recipient doesn't exist:
    deny message = NO_SUCH_RECIPIENT
         domains = +local_domains
        !verify = recipient

  accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
          condition = ${if eq{$acl_c_accept_recipient_if_whitelisted}{1}}

  .include_if_exists /etc/exim.acl_check_recipient.mid.conf

  #Block Cracking - https://github.com/Exim/exim/wiki/BlockCracking
  .include_if_exists /etc/exim.blockcracking/auth.conf

  # restrict port 587 to authenticated users only
  # see also daemon_smtp_ports above
  accept  hosts = +auth_relay_hosts
      condition = ${if eq {$interface_port}{587} {yes}{no}}
      endpass
      message = RELAY_NOT_PERMITTED_AUTH
      authenticated = *
  # Deny all Mailer-Daemon messages not for us:
  deny message = We didn't send the message
       senders = :
       domains = !+relay_domains
       !authenticated = *

  # Remaining Mailer-Daemon messages must be for us
    accept senders = :
       domains = +relay_domains

#EDIT#27:
  # 1st deny checks if it's a hostname or IPV4 address with dots or IPV6 address
    deny message = R1: HELO_SHOULD_BE_FQDN
         !authenticated = *
         condition   = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
         condition   = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
  ## 2nd deny makes sure the hostname doesn't end with a dot (invalid)
  #  deny message = R2: HELO_SHOULD_BE_FQDN
  #       !authenticated = *
  #       condition   = ${if match{$sender_helo_name}{\N\.$\N}}
  # 3rd deny makes sure the hostname has no double-dots (invalid)
    deny message = R3: HELO_SHOULD_BE_FQDN
         !authenticated = *
         condition   = ${if match{$sender_helo_name}{\N\.\.\N}}
  ## 4th deny make sure the hostname doesn't end in .home (invalid domain)
  #  deny message = R4: HELO_SHOULD_BE_FQDN
  #       !authenticated = *
  #       condition  = ${if match{$sender_helo_name}{\N\.home$\N}}

#EDIT#28:
  # warn domains = +skip_av_domains
  # set acl_m0 = $tod_epoch

#EDIT#29:
  deny  domains       = !+local_domains
        local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

#EDIT#30:
  accept  hosts = :
          logwrite = Whitelisted as having local origination

#EDIT#32:
    deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_SENDER
    domains = +use_rbl_domains
    domains = !+skip_rbl_domains
    hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
    senders = +blacklist_senders

#EDIT#33:
    deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_HOST
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       domains = !+skip_rbl_domains
       hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
       hosts = +bad_sender_hosts

#EDIT#34:
    deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_IP
       hosts = +bad_sender_hosts_ip

#EDIT#35:
  accept domains = +local_domains
         sender_domains = !+blacklist_domains
         hosts = !+bad_sender_hosts
         hosts = !+bad_sender_hosts_ip
         dnslists = list.dnswl.org&0.0.0.2
         dnslists = list.dnswl.org!=127.0.0.255
         logwrite = $sender_host_address whitelisted in list.dnswl.org

#EDIT#36:
  # accept domains = +local_domains
  #        dnslists = hostkarma.junkemailfilter.com=127.0.0.1
  #        logwrite = $sender_host_address whitelisted in hostkarma.junkemailfilter.com

#EDIT#37:
  # accept  local_parts = whitelist
  #         domains     = example.com

#EDIT#38:
  require verify = sender

#EDIT#39:
    deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_DOMAIN
       domains = +use_rbl_domains
       domains = !+skip_rbl_domains
       hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
       sender_domains = +blacklist_domains

#EDIT#40:
#    deny message = 554 denied. 5.7.1 Forged Paypal Mail, not sent from PayPal.
#         senders = *@paypal.com
#         condition = ${if match {$sender_host_name}{\Npaypal.com$\N}{no}{yes}}

#EDIT#41:
  warn hosts = +skip_rbl_hosts
       logwrite = $sender_host_address RBL whitelisted in skip_rbl_hosts
  warn hosts = +skip_rbl_hosts_ip
       logwrite = $sender_host_address RBL whitelisted in skip_rbl_hosts_ip
  warn domains = +skip_rbl_domains
       logwrite = $sender_host_address RBL whitelisted $domain in skip_rbl_domains
 
  deny message = RBL_BLOCKED_BY_LIST
       hosts    = !+relay_hosts
       domains = +use_rbl_domains
       domains = !+skip_rbl_domains
       hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
       !authenticated = *
       dnslists = RBL_DNS_LIST

  .include_if_exists /etc/exim.easy_spam_fighter/check_rcpt.conf

  .include_if_exists /etc/exim.greylist.conf
 
#COMMENT#43:
# ACCEPT EMAIL BEGINNING HERE
  # accept if address is in a local domain as long as recipient can be verified
  accept  domains = +local_domains
          endpass
      message = UNKNOWN_USER
          verify = recipient
#COMMENT#44
  # accept if address is in a domain for which we relay as long as recipient
  # can be verified
  accept  domains = +relay_domains
          endpass
          verify = recipient
#EDIT#45:
  accept  hosts = +relay_hosts
          add_header = X-Relay-Host: $sender_host_address

  accept  hosts = +auth_relay_hosts
          endpass
          message = AUTH_REQUIRED
          authenticated = *

  .include_if_exists /etc/exim.acl_check_recipient.post.conf

# FINAL DENY EMAIL BEFORE DATA BEGINS HERE
  # default at end of acl causes a "deny", but line below will give
  # an explicit error message:
  deny    message = RELAY_NOT_PERMITTED


######################################
# ACL CHECK DKIM
######################################
acl_check_dkim:
  accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
          
  .include_if_exists /etc/exim.easy_spam_fighter/check_dkim.conf
  accept


######################################
# ACL CHECK MESSAGE
######################################
# ACL that is used after the DATA command (ClamAV)
acl_check_message:

  warn
    set acl_c_spam_assassin_has_run = 0

  .include_if_exists /etc/exim.acl_check_message.pre.conf

#EDIT#46.1#T9653
  warn    condition       = ${if !def:h_Message-ID: {yes}{no}}
          message         = Adding Message-ID header because it is missing!
          add_header      = Message-ID: <GENERATED-WASMISSING-$message_exim_id@$primary_hostname>

  accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}

  .include_if_exists /etc/exim.easy_spam_fighter/check_message.conf

#EDIT#46:
#.include_if_exists /etc/exim.clamav.conf

  .include_if_exists /etc/exim.acl_check_message.post.conf

  accept

######################################
# ACL that is used for each MIME attachment in the email.
acl_check_mime:

  .include_if_exists /etc/exim.check_mime.conf.custom
  .include_if_exists /etc/exim.easy_spam_fighter/check_mime.conf

  accept


##################################################################################
# AUTHENTICATION CONFIGURATION
##################################################################################
begin authenticators

plain:
    driver = plaintext
    public_name = PLAIN
    server_prompts = :
    server_condition = "${perl{smtpauth}{0}}"
    server_set_id = $2

login:
    driver = plaintext
    public_name = LOGIN
    server_prompts = "Username:: : Password::"
    server_condition = "${perl{smtpauth}{0}}"
    server_set_id = $1

#EDIT#47:
# REWRITE CONFIGURATION
# There is no rewriting specification in this exim.conf file. If your
# configuration requires one, it would go here


.include_if_exists /etc/exim.authenticators.post.conf

##################################################################################
# ROUTERS CONFIGURATION
##################################################################################
begin routers
#EDIT#48:

.include_if_exists /etc/exim.routers.pre.conf

lookuphost:
  driver = dnslookup
  domains = ! +local_domains
  ignore_target_hosts = 127.0.0.0/8
  condition = "${perl{check_limits}}"
  transport = remote_smtp
  no_more

# RELATED: http://help.directadmin.com/item.php?id=153
# smart_route:
#   driver = manualroute
#   domains = ! +local_domains
#   ignore_target_hosts = 127.0.0.0/8
#   condition = "${perl{check_limits}}"
#   route_list = !+local_domains HOSTNAME-or-IP#
#   transport = remote_smtp

#COMMENT#49:
#DIRECTORS CONFIGURATION

.include_if_exists /etc/exim.spamassassin.conf

#EDIT#50:
# Spam Assassin
#spamcheck_director removed. Use the exim.spamassassin.conf

majordomo_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}}
  domains = lsearch;/etc/virtual/domainowners
  file_transport = address_file
  group = daemon
  pipe_transport = majordomo_pipe
  retry_use_local_part
  no_rewrite
  user = majordomo

majordomo_private:
  driver = redirect
  allow_defer
  allow_fail
  #condition = "${if eq {$received_protocol} {local} {true} {false} }"
  condition = "${if or { {eq {$received_protocol} {local}} \
                         {eq {$received_protocol} {spam-scanned}} } {true} {false} }"
  data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
  domains = lsearch;/etc/virtual/domainowners
  file_transport = address_file
  group = daemon
  pipe_transport = majordomo_pipe
  retry_use_local_part
  user = majordomo

domain_filter:
  driver = redirect
  allow_filter
  no_check_local_user
  condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
  user = "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}"
  group = "mail"
  file = /etc/virtual/${domain}/filter
  directory_transport = address_file
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  no_verify

uservacation:
  # uservacation reply to all except errors, bounces, lists
  driver = accept
  condition = ${if def:h_Auto-submitted:{${if match{$h_Auto-submitted:}{\N^no\N\}{yes}{no}}}{yes}}
  condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
  condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}}
  require_files = /etc/virtual/${domain}/reply/${local_part}.msg
  # do not reply to errors and bounces or lists
  senders = " ! ^.*-request@.*:\
              ! ^owner-.*@.*:\
              ! ^postmaster@.*:\
              ! ^listmaster@.*:\
              ! ^mailer-daemon@.*\
              ! ^root@.*"
  transport = uservacation
  unseen

#autoreply exists
#both passwd and forwarders do not have local_part.
userautoreply:
  driver = accept
  condition = ${if def:h_Auto-submitted:{${if match{$h_Auto-submitted:}{\N^no\N\}{yes}{no}}}{yes}}
  condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
  condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}}
  require_files = /etc/virtual/${domain}/reply/${local_part}.msg

  condition = ${if exists{/etc/virtual/${domain}/passwd}}
  condition = ${if exists{/etc/virtual/${domain}/aliases}} 
  condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}{no}{yes}}
  condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}{no}{yes}}

  # do not reply to errors and bounces or lists
  senders = " ! ^.*-request@.*:\
              ! ^owner-.*@.*:\
              ! ^postmaster@.*:\
              ! ^listmaster@.*:\
              ! ^mailer-daemon@.*\
              ! ^root@.*"
  transport = userautoreply

#autoreply exists
#either passwd or forwarders exist, failover from above.
userautoreply_unseen:
  driver = accept
  condition = ${if def:h_Auto-submitted:{${if match{$h_Auto-submitted:}{\N^no\N\}{yes}{no}}}{yes}}
  condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
  condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}}
  require_files = /etc/virtual/${domain}/reply/${local_part}.msg
  # do not reply to errors and bounces or lists
  senders = " ! ^.*-request@.*:\
              ! ^owner-.*@.*:\
              ! ^postmaster@.*:\
              ! ^listmaster@.*:\
              ! ^mailer-daemon@.*\
              ! ^root@.*"
  transport = userautoreply
  unseen

#any callbacks doing sender verify checks to this server accept SRS0 encoded emails if they exist, else the verify will fail.
#until we figure out how to extract the original forwarder name in exim, we'll accept and drop all SRS0 encoded emails.
#the srs_recipient is the original remote sender, so we dont want to forwarder there, else it will generated untraced backscatter (no data=srs_recipient)
#I had found srs_orig_recipient variable, but wasn't able to use it to check for local fordwarders.
#so any email to SRS0=..@localdomain.com will be accepted and dropped into the :blackhole:, which should be sufficient to satisfy the sender verify, and prevent any spam since it's always dropped.
#if the final recipient hits "reply", it should already go to the orignal remote sender, not to the SRS name.
srs_router:
  driver =    redirect
  condition = ${if exists{/etc/exim.srs.forward.conf}}
  srs =        reverse
  data = :blackhole:
  domains =    +local_domains
  
#forwarder exists
#user exists
virtual_user_unseen:
  driver = accept
  condition = ${if exists{/etc/virtual/${domain}/passwd}{1}{0}}
  condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}{1}{0}}
  condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}{${if eq{$value}{$local_part}{0}{1}}}{0}}
  condition = ${perl{save_virtual_user}}
  domains = lsearch;/etc/virtual/domainowners
  group = mail
  .include_if_exists /etc/exim/local_part_suffix.conf
  retry_use_local_part
  transport = dovecot_lmtp_udp
  unseen

#forwarder exists
#user does not exist
virtual_aliases_nouser_nostar:
  driver = redirect
  .include_if_exists /etc/exim.srs.forward.conf
  allow_defer
  allow_fail
  condition = ${if exists{/etc/virtual/${domain}/passwd}{1}{0}}
  condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}{1}{0}}
  condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}{0}{1}}
  data = ${lookup{$local_part}lsearch{/etc/virtual/$domain/aliases}}
  file_transport = address_file
  group = mail
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  .include_if_exists /etc/exim/local_part_suffix.conf

#forwarder does not exist
#user exists
virtual_user:
  driver = accept
  condition = ${if exists{/etc/virtual/${domain}/passwd}{1}{0}}
  condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}{0}{1}}
  condition = ${perl{save_virtual_user}}
  domains = lsearch;/etc/virtual/domainowners
  group = mail
  retry_use_local_part
  transport = dovecot_lmtp_udp
  .include_if_exists /etc/exim/local_part_suffix.conf

#wildcard forwarder
#user should have already been caught above
virtual_aliases:
  #only the wildcard will be used here
  driver = redirect
  .include_if_exists /etc/exim.srs.forward.conf
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
  file_transport = address_file
  group = mail
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  .include_if_exists /etc/exim/local_part_suffix.conf

#COMMENT#51:
drop_solo_alias:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch{/etc/virtual/$domain/aliases}}}}
  file_transport = devnull
  group = mail
  pipe_transport = devnull
  retry_use_local_part
  #include_domain = true
  .include_if_exists /etc/exim/local_part_suffix.conf

#COMMENT#52:
userforward:
  driver = redirect
  allow_filter
  check_ancestor
  check_local_user
  no_expn
  file = $home/.forward
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  directory_transport = address_directory
  no_verify

system_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  file_transport = address_file
  pipe_transport = address_pipe
  retry_use_local_part
  # user = exim

localuser:
  driver = accept
  check_local_user
  condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
  transport = local_delivery

#COMMENT#53:
##################################################################################
# TRANSPORTS CONFIGURATION
##################################################################################
begin transports

.include_if_exists /etc/exim.transports.pre.conf

#COMMENT#54:
spamcheck:
  driver = pipe
  batch_max = 100
  command = /usr/sbin/exim -oMr spam-scanned -bS
  current_directory = "/tmp"
  group = mail
  home_directory = "/tmp"
  log_output
  message_prefix =
  message_suffix =
  return_fail_output
  no_return_path_add
  transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
  use_bsmtp
  user = mail

#COMMENT#55:
majordomo_pipe:
  driver = pipe
  group = daemon
  return_fail_output
  user = majordomo

#COMMENT#56:
local_delivery:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}/Maildir/"
  directory_mode = 770
  create_directory = true
  maildir_format
  group = mail
  mode = 0660
  return_path_add
  user = ${local_part}

#COMMENT#57:
virtual_localdelivery:
  driver = appendfile
  create_directory
  delivery_date_add
  directory_mode = 770
  envelope_to_add
  directory = "${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}}lsearch{/etc/passwd}{$value}}}}/imap/${domain}/${local_part}/Maildir"
  maildir_format
  group = mail
  mode = 660
  return_path_add
  user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
  quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}
  .include_if_exists /etc/exim/virtual_localdelivery.conf.post

#EDIT#58:
uservacation:
  driver = autoreply
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  headers = ${if exists{/etc/virtual/${domain}/reply/${local_part}.headers}{${readfile{/etc/virtual/${domain}/reply/${local_part}.headers}}}}
  subject = ${if def:h_Subject: {\
                ${if exists{/etc/virtual/${domain}/reply/${local_part}.subject}\
                    {${readfile{/etc/virtual/${domain}/reply/${local_part}.subject}{}}}\
                    {Autoreply}\
                }: ${quote:${escape:${length_60:$h_Subject:}}}}\
                {I am on vacation}}
  to = "${reply_address}"
  user = mail
  once = /etc/virtual/${domain}/reply/${local_part}.once
  once_file_size = 100K
  once_repeat = ${if exists{/etc/virtual/${domain}/reply/${local_part}.once_time}{${readfile{/etc/virtual/${domain}/reply/${local_part}.once_time}{}}}{2d}}

#COMMENT#59:
userautoreply:
  driver = autoreply
  bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  headers = ${if exists{/etc/virtual/${domain}/reply/${local_part}.headers}{${readfile{/etc/virtual/${domain}/reply/${local_part}.headers}}}}
  subject = ${if def:h_Subject: {\
                ${if exists{/etc/virtual/${domain}/reply/${local_part}.subject}\
                    {${readfile{/etc/virtual/${domain}/reply/${local_part}.subject}{}}}\
                    {Autoreply}\
                }: ${quote:${escape:${length_60:$h_Subject:}}}}\
                {Autoreply Message}}
  to = "${reply_address}"
  user = mail
  once = /etc/virtual/${domain}/reply/${local_part}.once
  once_file_size = 100K
  once_repeat = ${if exists{/etc/virtual/${domain}/reply/${local_part}.once_time}{${readfile{/etc/virtual/${domain}/reply/${local_part}.once_time}{}}}{2d}}

#COMMENT#60:
devnull:
  driver = appendfile
  file = /dev/null

#COMMENT#61:
remote_smtp:
  driver = smtp
  headers_add = "${if def:authenticated_id{X-Authenticated-Id: ${authenticated_id}}}"
  interface = <; ${if exists{/etc/virtual/domainips}{${lookup{$sender_address_domain}lsearch*{/etc/virtual/domainips}}}}
  helo_data = ${if exists{/etc/virtual/helo_data}{${lookup{$sending_ip_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}
  hosts_try_chunking =
  hosts_try_fastopen =
.include_if_exists /etc/exim.dkim.conf

#EDIT#62:
address_pipe:
  driver = pipe
  return_output

virtual_address_pipe:
  driver = pipe
  group = nobody
  return_output
  user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"
.include_if_exists /etc/exim.cagefs.pipe.conf

#COMMENT#63:
address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

#COMMENT#64:
address_reply:
  driver = autoreply

dovecot_lmtp_udp:
  driver = lmtp
  socket = /var/run/dovecot/lmtp
  #maximum number of deliveries per batch, default 1
  batch_max = 200
  delivery_date_add
  envelope_to_add
  return_path_add
  user = mail
 
address_directory:
  driver = appendfile
  maildir_format
  maildir_use_size_file
  delivery_date_add
  envelope_to_add
  return_path_add

##################################################################################
# RETRY CONFIGURATION
##################################################################################
#EDIT#65:
# Domain               Error       Retries
# ------               -----       -------
begin retry
*                      quota
*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h
# End of Exim 4 configuration

My exim.variables.conf
Code:
#Do not edit this file directly
#edit /etc/exim.variables.conf.custom
daemon_smtp_ports=25 : 587 : 465
tls_on_connect_ports=465
disable_ipv6=true
message_size_limit=50M
smtp_receive_timeout=5m
smtp_accept_max=100
message_body_visible=3000
print_topbitchars=true
smtp_accept_max_nonmail=10
smtp_accept_max_per_host=10
recipients_max=150
smtp_accept_queue_per_connection=10
smtp_accept_max_per_connection=100
deliver_queue_load_max=10.0
queue_only_load=100.0
queue_run_max=5
ignore_bounce_errors_after=2d
timeout_frozen_after=3d
trusted_users=mail:majordomo:apache:diradmin
split_spool_directory=yes
keep_environment=PWD:HOME
tls_certificate=${if exists{/etc/virtual/snidomains}{${lookup{$tls_in_sni}nwildlsearch{/etc/virtual/snidomains}{${if exists{/usr/local/directadmin/data/users/${extract{1}{:}{$value}}/domains/${extract{2}{:}{$value}}.cert.combined}{/usr/local/directadmin/data/users/${extract{1}{:}{$value}}/domains/${extract{2}{:}{$value}}.cert.combined}{/etc/exim.cert}}}{/etc/exim.cert}}}{/etc/exim.cert}}
tls_privatekey=${if exists{/etc/virtual/snidomains}{${lookup{$tls_in_sni}nwildlsearch{/etc/virtual/snidomains}{${if exists{/usr/local/directadmin/data/users/${extract{1}{:}{$value}}/domains/${extract{2}{:}{$value}}.key}{/usr/local/directadmin/data/users/${extract{1}{:}{$value}}/domains/${extract{2}{:}{$value}}.key}{/etc/exim.key}}}{/etc/exim.key}}}{/etc/exim.key}}
openssl_options=+no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1
tls_require_ciphers=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
hostlist relay_hosts=
chunking_advertise_hosts=+proxy_hosts_ip

My directadmin.conf
Code:
language=pl
add_userdb_quota=1
addip=/usr/local/directadmin/scripts/addip
admin_helper=admin.site-helper.com
admindir=./data/admin
apache_public_html=0
apache_ver=2.0
apachecert=/etc/httpd/conf/ssl.crt/server.crt
apacheconf=/etc/httpd/conf/extra/directadmin-vhosts.conf
apacheips=/etc/httpd/conf/ips.conf
apachekey=/etc/httpd/conf/ssl.key/server.key
apachelogdir=/var/log/httpd/domains
apachemimetypes=/etc/mime.types
brute_force_log_scanner=1
cacert=/usr/local/directadmin/conf/cacert.pem
cakey=/usr/local/directadmin/conf/cakey.pem
check_subdomain_owner=1
cloud_cache=0
default_private_html_link=1
demodocsroot=./data/skins/enhanced
dkim=2
dns_ttl=1
docsroot=./data/skins/enhanced
dovecot=1
emailspoolvirtual=/var/spool/virtual
emailvirtual=/etc/virtual
ethernet_dev=eth0
frontpage_on=0
ftpconfig=/etc/proftpd.conf
ftppasswd=/etc/proftpd.passwd
ftpvhosts=/etc/proftpd.vhosts.conf
letsencrypt=1
license=/usr/local/directadmin/conf/license.key
litespeed=0
log_rotate_size=5
logdir=/var/log/directadmin
logger=/usr/local/directadmin/logger
loghostname=0
login_history=10
mail_sni=1
max_username_length=10
maxfilesize=10485760
mysql_detect_correct_methods=1
mysqlconf=/usr/local/directadmin/conf/mysql.conf
namedconfig=/etc/named.conf
nameddir=/var/named
nginx=0
nginx_proxy=0
ns1=ns1.nazwa.pl
ns2=ns2.nazwa.pl
numservers=10
openlitespeed=0
owsadm=/usr/local/frontpage/version5.0/bin/owsadm.exe
php_fpm_max_children_default=10
pointers_own_virtualhost=1
port=2222
pureftp=1
quota_partition=/
removeip=/usr/local/directadmin/scripts/removeip
reseller_helper=reseller.site-helper.com
secure_access_group=access
servername=server043195.nazwa.pl
serverpath=/usr/local/directadmin
session_minutes=60
skinsdir=./data/skins
sshdconfig=/etc/ssh/sshd_config
ssl=0
system_user_to_virtual_passwd=1
taskqueue=/usr/local/directadmin/data/task.queue
templates=/usr/local/directadmin/data/templates
ticketsdir=/usr/local/directadmin/data/tickets
timeout=60
tmpdir=../../../home/tmp
unified_ftp_password_file=1
user_helper=www.site-helper.com
userdata=./data/users
webmail_link=roundcube
zip=1
letsencrypt=1
http2=1
enable_ssl_sni=1
bruteforce=1
brute_force_scan_apache_logs=2
brute_force_time_limit=1200
clear_brute_log_time=48
hide_brute_force_notifications=1
ip_brutecount=30
unblock_brute_ip_time=2880
user_brutecount=30

My Fiends, help me please :)
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,281
Location
Maastricht
First of all you have to create te create the certificates from the panel, so not only for www, but also for mail and smtp and pop or use a wildcard certificate.

Just for good things, install a certificate for your hostname if you've not done this already, like this:

If you have done this and it's still not working on mail, try this:
Code:
cd /usr/local/directadmin/custombuild
./build exim
./build dovecot
./build dovecot_conf
 

Tomy666

Verified User
Joined
Jan 12, 2020
Messages
8
Hello , thank you for reply . I have create certyficates for mail,smtp,imap ( letsencrypt) in PA directadmin.
Code:
cd /usr/local/directadmin/custombuild
./build exim
./build dovecot
./build dovecot_conf
I tried to use this command,restart exim and dovecot ->still they are self-signed certyficates /etc/exim.cert,
Can't use LetsEncrypt for hostname, because my provider not support this free certyficates.
 
Last edited:

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,281
Location
Maastricht
I think I'm missing something here.
You do have root access to use these commands, but you can't use the root command do create a hostname certificate?
So how is your provider blocking this then if you can also do the other commands?

Also, can you check this, especially the requirements and check if dovecot directory has those files and entry?
 

Tomy666

Verified User
Joined
Jan 12, 2020
Messages
8
I have a provider's server working address and CAA record prevents issuing the certificate: "certum.pl".
I refresh certyficates in Direcadmin for my domain,mail,imap,smtp, then use this command procedure
Code:
cd /usr/local/directadmin
echo mail_sni=1 >> conf/directadmin.conf
service directadmin restart
cd custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set dovecot_conf yes
./build exim_conf
./build dovecot_conf

echo "action=rewrite&value=mail_sni" >> /usr/local/directadmin/data/task.queue 
echo "action=rewrite&value=mail_sni&domain=domain.com" >> /usr/local/directadmin/data/task.queue
I have dovecot files in
Code:
/etc/dovecot/conf.d/95-sni.conf
/etc/dovecot/conf/sni/*
Now when I check my SSL connection see self-signed certyficates ;-/

Code:
openssl s_client -starttls imap -showcerts -connect imap.mydomain.com:143
openssl s_client -starttls smtp -showcerts -connect mail.mydomain.com:465
I don't know what to do anymore ;-/
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,281
Location
Maastricht
Now I could see your domain name, and found several issues. But this depends on how you configured all this, seems very odd to me.

Do you have multiple ip's on your server? Are you using an external mailserver, because the mx record is not pointing to the certum.pl domain as would be normal in DA.

At first, your primary MX record's SSL certificate is way overdue:
  • -526 days remaining
  • 2048 bit
  • sha256WithRSAEncryption
If your domain is certum.pl then a rather custom setup is used.
There are no A records present for mail and imap and pop, only for smtp.
If you're using an mailserver on the ip the certum.pl site is running on, then there is no rDNS/PTR present which is also not good.

If you don't have a records for those, then no ssl certificates can be made for them.

It might be best to tell the real domain name and how you setup stuff, because this is hard to see when using mydomain.com and with the things I found now.
 

Tomy666

Verified User
Joined
Jan 12, 2020
Messages
8
Hello,thanks again for your help Richard
My service provider nazwa.pl does not allow me the REV DNS option.
I have VPS from provider nazwa.pl, KVM virdualization , centos 7 64bit , server working on public adress IP is
pub IP : 77.55.235.93
I have my own domain connected.
 
Last edited:

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
1,304
Location
Murfreesboro
domain connected.
into DNS shows you have several dns issues.
TLD Parent CheckWARNING: Looks like the parent servers do not have information for your TLD when asked. This is ok but can be confusing.

MX RecordsOh well, I did not detect any MX records so you probably don't have any and if you know you should have then they may be missing at your nameservers!

This domain does not have an SPF record, nor an SPF formatted TXT record. SPF stands for Sender Policy Framework and is intended as an anti-forgery email solution (See RFC4408). Many spammers have adopted this mechanism and SPF records alone may not be sufficient to stop spam.

Your reverse record is not matching your server
it's listed as

which should be something like

My service provider nazwa.pl does not allow me the REV DNS option.
So you have asked them to set it and they cant? Have you looked in the VPS portal it's usually there under networking?

If you don't have a Reverse Dns record set on the VPS most all of your mail will get rejected.

Looks like they are using OpenStack so they have a setting for it somewhere.

Looks like you or they have some DNS work to do.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,281
Location
Maastricht
My service provider nazwa.pl does not allow me the REV DNS option.
You don't have an MX record either. If the hostname is what's in the first spoiler, then a rDNS is present and you do not need to worry.

However, you will have to setup an MX record an A records for mail, smtp and pop. Why are they not present? Because DA creates them by default. DA also creates an SPF record by default and you can install DKIM yourself.
How come the MX record is not set for your .org.pl domain?
 

Tomy666

Verified User
Joined
Jan 12, 2020
Messages
8
My domain is parked at Microhost.pl.
I asked the service provider about REVDNS, unfortunately I can't change it.
In the picture you can see how I have the DNS zone set
I don't know how to set the MX record correctly
 

Attachments

ikkeben

Verified User
Joined
May 22, 2014
Messages
799
Location
Netherlands Germany
Who / where is you dns provider.
Registrar or whatever.

If parked sometimes they handle that, or you or someone else pointed to that parking service.

find out and i think there you should copy the caa record you mentioned above( write it down somewhere) but delete it after that.

Then take care somewhere knwoing who where dns is handled for your domains, so you can have it done right.

If doing yourself, nameservers and that stuff.

Look at/for the dns1 and dns2 microhost.pl i think things are handled or should be handled. while those are in your record above
 
Last edited:

Tomy666

Verified User
Joined
Jan 12, 2020
Messages
8
My domain Registrar is Microhost.pl (DNS: dns1.microhost.pl) , I have DNS Zone ( microhost.pl) for VPS nazwa.pl ( DNS: ns1.nazwa.pl.)
How to creates MX record for my situations ?
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,281
Location
Maastricht
How to creates MX record for my situations ?
In the screenshot posted, it looks like only A records options, no MX or TXT record options. So the zone editor looks limited.
Seems you have to ask microhost on how to do that.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,281
Location
Maastricht
Normally like this:
Code:
domain.com.  14400   IN      MX      10 mail
when mail.domain.com is used for mail.
In your case when I look at the dns screenshot, the trailing dot might not be necessary, but it could also be that you have to create it like this:
Code:
domain.com    14400   IN      MX      10 mail.domain.com
eithre with or without trailing dot. Depens on the system used for DNS.
 

Tomy666

Verified User
Joined
Jan 12, 2020
Messages
8
I moved my domain to Name.pl I set all records to point to the server.
Look intodns.com
I reinstalled dovevot and exim, created new certificates for the domain (mail, imap, smtp)
Unfortunately, I still have self-signed server certificates ( port 143 , 587)
Code:
openssl s_client -starttls smtp -showcerts -connect mail.mizera.org.pl:587
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
1,304
Location
Murfreesboro
I went back to the beginning. Here is a Problem
servername=server043195.nazwa.pl
Your Servers hostname should be like
somename.yourdomainname.com
NOT someoneelse.someotherdoamin.com

Code:
hostnamectl
will show you what you have set

Code:
hostnamectl set-hostname somename.yourdomainname.com
this will set it

Example: I like to use birds of Prey

eagle.mydomain.com
falcon.mydomain.com

So pick something you like for the "somename." part which is called the Hostname.
 
Last edited:
Top