E-MailServer with SSL?

Discussion in 'Installation/Configuration' started by Husky110, Apr 25, 2019.

  1. Husky110

    Husky110 New Member

    I am thinking about to get rid of my mailcow-server and replace it with an ISPConfig-Email-Server as part of a multiserver-setup.
    Unfortunately I could not find a viable solution when it comes to security via SSL.
    The only hit so far was this post from 2017: https://www.niih.de/lets-encrypt-ssl-certificates-for-postfix-mail-domains-in-ispconfig/
    But there is still the huge downsite of the privacy-issue.
    Are there any new solutions I could try out or should I stick on mailcow for now, since I don't want my web- and mail-server to be on the same machine...
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Every ISPConfig mail server supports SSL out of the box, I've no idea who claims such nonsense that ISPConfig mail servers are not secure or don't support SSL. So there is no downside regarding privacy and has never be. I run an ISPConfig mail server for more than 15 years and it uses SSL from the day one. The mistake that the guy in the tutorial that you posted a link to made, is that he tried to create a cert which includes customer domains, but the mail server cert should contain the mail server name only as that's the name other servers use to communicate with your server and that's the name that your customers should use to connect to your server.

    If you use a commercial SSL certificate or a free one from Let's encrypt is up to you, if you run a business then you'll probably use a commercial one as I do. If you run a private or home server then you probably use Let's encrypt.

    In a multiserver setup where you don't run apache web server, you can simply use certbot in standalone mode to request the SSL cert. That's not ispconfig specific.

    And for single servers, you would use this method: https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/
  3. Neptun

    Neptun Member

    i have installed a new server using your guide (https://www.howtoforge.com/tutorial/perfect-server-debian-9-nginx-bind-dovecot-ispconfig-3.1/) - everything perfect so far, i used i-mscp before - ispconfig looks like a milestone forward

    One issue - the ispconfig control panel url shows error at the ssl
    prnt . sc / o3axty

    Can this above from you mentioned method be used to fix this ?
    As well is it working with the installed LE from the server setup guide or is there anything additional needed ?

    Thanks in advance,
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Neptun likes this.
  5. Neptun

    Neptun Member

    it works perfect!!
    thank you so much ;)

    is it also possible in a similar way to use an SSL via lets encrypt for the webmail (roundcube installed by your guide) & phpmyadmin too ?
    which is both also used via the FQDN ?
    (FQDN:8081/webmail & FQDN:8081/phpmyadmin)
    Thanks in advance,
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    For port 8081 specifically you could edit the nginx config file which defines that vhost and add the config to point to the same certificate files. In ispconfig you don't want to just edit the config under /etc/nginx/....whatever, but also setup a 'conf-custom' file with your changes so that they persist through future updates. I can't help with specifics for nginx offhand, but searching the forums here should find relevant info, and maybe someone else can jump in with specific filenames if needed.

    You might also want to define a default ssl site for the server which is secured with the same certificates so FQDN/webmail & FQDN/phpmyadmin (ie. default port 443) are also secured.

Share This Page