Trouble understanding secure mail

Z

ZipperZapper

Verified User
Joined
Nov 30, 2015
Messages
138
Hello, I'm new to DirectAdmin and I was wondering about secure mail. I don't want people to be able to connect to webmail, SMTP, IMAP or POP3 over an insecure plain-text connection. That would be just weird to allow.

But the way DirectAdmin is setup, it gives every user it's own links to mail. So for example, If I create a new user and that user has domain.com, DirectAdmin will tell that user the following things:

Username: xxxxx
Password: xxxx
Pop3 Server: mail.domain.ext
Smtp Server: mail.domain.ext

But those connections will never be secure. First of all not every website hosted at my server has a certificate and none of them has a certificate for mail.domain.ext. How would that work? How could I make sure people have access to secure mail?

The webmail will also always be available by domain.ext/roundcube, even if domain.ext does not have a certificate in place.

How could I make sure all my users always mail secure? I tried to search around the forums, but it's not really clear to me. I could, for example, create a new website mail.myhostingcompany.ext to provide save access, but how can I make that 'default' and show up in the interface after people created a new mail account? And would there be a way to redirect domain.ext/roundcube to the SSL-protected mail.myhostingcompany.ext?
 
Hello,

As for webmails and phpmyadmin run this:

Code: 
cd /usr/local/directadmin/custombuild
./build update
./build set use_hostname_for_alias yes
./build set redirect_host_https yes
echo -e "\n<Directory /var/www/html>\nRewriteOptions Inherit\n</Directory>\n" >> /etc/httpd/conf/extra/httpd-includes.conf
./build rewrite_confs

This will configure your server to redirect all users from domain.com/roundcube to https://hostname/roundcube
And you will need to install SSL cert for hostname.


As for SMTP/POP/IMAP check this: http://forum.directadmin.com/showthread.php?t=43500
 
Ah, yes, I had seen use_hostname_for_alias and redirect_host_https in the Custombuild plugin, but enabling them and then rewriting confs didn't do anything.
I see I have to do an additional step? What would that be for Nginx? I'm not using Apache.

Thanks for the link on e-mail security. Using the hostname-cert and asking people to accept the errors sounds like an option indeed. Not very user-friendly, but it's a solution. Will look further into that, thanks!
 
You must log in or register to reply here.
Back
Top