I have installed ISPConfig using the Perfect Server Install for Centos 5.3. Many of our customer's ISP block smtp on port 25 so we decided to enable TLS on port 587. Now when users try to send email they receive a certificate error that the server is using a security certficate that cannot be verified. This isn't really a problem since you can just accept the error (Click "Yes" to continue) but our customers continue to believe that there is an issue. We have a signed certificate that we have purchased and I am ready to install it on the server. My question is should the certificate be installed on Postfix or on Courier-authlib. Maybe I'm missing something but the step of the installation process to install courier-authlib I removed the imapd.pem and ipop3d.pem files, edit the imapd.cfg and ipop3d.cnf files and then create new pem files. The certificate error that my users are receiving does not appear to be the certificate from courier-authlib but instead the certificate from postfix. My /etc/postfix/main.cf contains the following: Code: smtpd_use_tls = yes smtpd_tls_security_level = may # smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key A portion of my /etc/posfix/master.cf contains the following: Code: # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache Any help you can provide would be great.
If you see the certificate error when you send an email, then the certificate must be installed on Postfix. If you get the error when you receive an email, it must be installed on your POP3/IMAP daemon (Courier).
