• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Port 25 SMTP Nessus Scan Report

G

Greg Sims

Basic Pleskian
We did a Nessus Scan of our server this evening. We have a couple of issues associated with port 25/tcp (smtp):
  • 51192 - SSL Certificate Cannot Be Trusted
  • 57582 - SSL Self-Signed Certificate
We have a wildcard certificate for the primary domain loaded onto the server. It is used two places in the panel:
  • Tools & Settings => Security => SSL Certificates
  • <primary domain> => SSL Certificates
What do I need to change to eliminate the Nessus Scan issues on port 25?

We are also seeing the following issues on port 443/tcp (https):
  • 42873 - SSL Medium Strength Cipher Suites Supported
  • 94437 - SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
I'm not sure if this is a related problem.

Thank you, Greg
 
Hi Greg Sims,

Greg Sims said:
What do I need to change to eliminate the Nessus Scan issues on port 25?
Click to expand...
I recommend to upgrade to Plesk Onyx, where securing your mail - server can be done over the Plesk Control Panel ( => Securing Plesk and Mail Server ).


For postfix you might consider to modify:
Code: 
smtpd_tls_CAfile = /LOCATION/OF/YOUR/CURRENT/WILDCARD_CA_PEM
smtpd_tls_key_file = /LOCATION/OF/YOUR/CURRENT/WILDCARD_KEY_PEM
smtpd_tls_cert_file = /LOCATION/OF/YOUR/CURRENT/WILDCARD_CERT_PEM


For qmail, pls. follow the Plesk 12 documentation at: => Installing an SSL Certificate for Qmail

For dovecot, pls consider to modify your dovecot.conf ( /etc/dovecot ):
Code: 
ssl_cert = </LOCATION/OF/YOUR/CURRENT/WILDCARD_CERT_PEM
ssl_key = </LOCATION/OF/YOUR/CURRENT/WILDCARD_KEY_PEM
ssl_ca = </LOCATION/OF/YOUR/CURRENT/WILDCARD_CA_PEM


For Courier-IMAP, pls. follow the Plesk 12 documentation at: => Installing an SSL Certificate for Qmail
 
It is not possible for our to move to Plesk Onyx do to issues with mailman including PPPM-5476. Thank you for the Postfix configuration info UFHH01. Greg
 
You must log in or register to reply here.

Similar threads

Polli
Issue Getting DANE working
2
Replies
33
Views
4K
Polli
Polli
zwankie
Question Also allow non-SSL SMTP Connections
Replies
2
Views
3K
zwankie
zwankie
I
Question Problems with Email certificate renewal - seems linked to changes in SNI support
Replies
0
Views
3K
iainh
I
I
Issue Issue with Docker Proxy / Forwarding a Subdomain to a Docker Container
Replies
0
Views
4K
Illiminator31
I
S
Resolved Let's Encrypt SSL issue on shared hosting (when using port 8443).
Replies
17
Views
10K
seqoi
S
Back
Top