email configuration ... how to to it correctly ?

Discussion in 'Installation/Configuration' started by manarak, Apr 23, 2022.

  1. manarak

    manarak Member

    I have installed ISPConfig using the perfect server how-to for Ubuntu 20.04 LTS

    I have installed a domain and setup let's encrypt for it (I'm unsure if the certificate also covers the mail.mydomain.com subdomain)
    I have created a mailbox.
    I have also installed a phpBB3 forum, which I want to use SMTP to send emails

    problems:
    - I cannot login to the mailbox using POP3 over SSL on port 995 (message was that the server doesn't support the encryption type)
    - I could not send emails over SSL/TLS from my email client
    - test mails from phpBB3 could not be sent

    I have been using ISPConfig in the past, so I checked my postfix config files, but didn't see anything wrong.

    I have seen this how-to:
    https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/

    but I am unsure how to proceed.

    hostname -f on my system yields myserver.hostingprovider.com (I have no control over hostingprovider.com )

    question : should I follow the steps described there regardless or should I change the hostname into myserver.mydomain.com ?

    what is the best way to solve my 3 problems ?
     
    Last edited: Apr 23, 2022
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    As mentioned on that page, this guide is outdated and NOT to be used with ISPConfig 3.2. Using it would just break your setup, as SSL is set up in ISPConfig 3.2 differently by ISPConfig at install time.

    You probably use the wrong server name in your mail client. The server name used in your mail client is always the hostname of the server, it is not a subdomain of an email domain you added. if it still does not work after you corrected the server name in the mail client, then post your postfix master.cf file and read the 'Read before posting" thread and follow the instructions there.
     
    manarak likes this.
  3. manarak

    manarak Member

    thank you for your reply Till

    I guess the server name is what the system gives back from "hostname -f" ?
    the servername is controlled by my hosting provider, it's myserver.hostingprovider.com
    I can't control DNS for it, but when I input the FDQ in a browser, it finds the server's default page.
    I tried putting that servername in the mail client, and it still doesn't work. the client says the server doesn't support the encryption method.

    I think using the hosting provider's FQH is not a good way, it's not something I want to tell potential clients.

    Is there a way to use the proper domain that is hosted, i.e. mail.mydomain.com as it was possible before ?

    Anyway, my first priority is to get the mail working.

    mail.err in /var/log contains "
    Apr 23 11:32:30 servername dovecot: pop3-login: Error: Failed to initialize SSL server context: Can't load DH
    parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=*.*.*.*, lip=*.*.*.*, session=<lTugBU/ddBmrB/+V>

    Here are the files you requested.
     

    Attached Files:

    Last edited: Apr 23, 2022
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Using a setup where the hostname is wrong and you use different mail subdomains per client was never provided or used by ISPConfig servers as it does not scale and limits your server to a few clients only, so you must have configured your system manually. The server's hostname should be set to a correct value anyway as it is important for the deliverability of emails, you should contact your ISP and let them fix that and set the hostname to a subdomain of your own domain name, but don't use client subdomains for email access if you want your system to be able to grow. To use a different domain, have a look here: https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/
     
    manarak likes this.
  5. manarak

    manarak Member


    thank you Till.
    okay, then I forget this for the moment.

    what should I do to get it working using the current hostname ?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Try to create a new dh params file with:

    openssl dhparam -out /etc/dovecot/dh.pem 4096

    and then restart dovecot.
     
    manarak likes this.
  7. manarak

    manarak Member

    thank you Till !
    that fixed it

    I was also able to tweak my hostname/DNS/postfix configuration so that another hostname can be used to login via SSL and that the hosting provider's hostname does not show up in email headers.
     

Share This Page