Hi, I'm a bit new with setting up email on ISPConfig but i think got very far. I did read these guides before posting: https://www.howtoforge.com/how-to-install-an-email-server-with-ispconfig-on-debian-10/ https://forum.howtoforge.com/threads/how-should-my-end-users-connect-to-my-e-mail-services.88472/ What i did so far: -Created DNS records for mail.mydomain.nl and smtp.mydomain.nl, this includes a DKIM and SPF record and of course MX records -Added mydomain.nl in ISPConfig under Email>Domains and created a mailbox -Under Sites>Subdomain for website i added mail as subdomain so it would be added to the website LE certificate -The ISPConfig server is called isp.mydomain.nl and i have also given the server a new certificate with ispconfig_update.sh --force, i didn't reconfigure services, i let it create a cert for the server and allow dovecot to use it -I have sent a request to my provider to create PTR records for isp.mydomain.nl and mail.mydomain.nl, this is still pending -I checked with openssl s_client -showcerts -connect mail.mydomain.nl:995 -servername mail.mydomain.nl and with openssl s_client -showcerts -connect mail.mydomain.nl:993 -servername mail.mydomain.nl and both show the same certificate and no errors, am i doing the right check? The weird thing is that i cannot connect on port 995 for POP3S with Rainloop webmail or with WHMCS ticket piping. When i do this and check with tail -f /var/log/mail.log | grep dovecot All i see is: I don't understand why i can connect securely via IMAP on port 993 but cannot via POP3S on port 995. I also checked the firewall, i'm using csf as firewall but these ports are open. I even tested by temporarily disabling the firewall but no dice. And i restarted dovecot, postfix and apache but didn't help, even rebooted the entire server.
I'm one step further, we found out that when you want to fetch mail from mail.mydomain.nl the client connects with the certificate from the ISPConfig host, isp.mydomain.nl That doesn't make sense? Shouldn't each mail domain be able to have their own mail. imap. pop. etc subdomain you can use in a mailclient?
No, all mail clients should use the server hostname as that's the name the SSL cert of the mail system is issued for.
@Thom wrota about this in https://forum.howtoforge.com/threads/new-handling-for-custom-postfix-and-dovecot-config.86559/ Actually the article I wanted to show is https://forum.howtoforge.com/threads/how-should-my-end-users-connect-to-my-e-mail-services.88472/ like Th0m noted in the next post. Sorry.
@Taleman I think you mean https://forum.howtoforge.com/threads/how-should-my-end-users-connect-to-my-e-mail-services.88472/
Managed to get it working like i wanted with Th0m's guide: https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/ Only had to use different symlinks to /etc/letsencrypt/live/mail.mydomain smtpd.key and .cert
