• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Use webmail.domain as a valid dovecot secured hostname

nuno.pereira

nuno.pereira

New Pleskian
Server operating system version
CentOS Linux release 7.9.2009 (Core)
Plesk version and microupdate number
Plesk Obsidian Version 18.0.46
For mail only domains, the certificate issued by Let's Encrypt is valid only for webmail.domain, and webmail is secure.

However, for POP3/IMAP/SMTP access by dovecot, even if Plesk domain configuration is indicating that we should use domain for incoming and outgoing mail server, that's not the case, as it's outside. So we use mail.domain as the mail server.

When using the Let's Encrypt certificate to secure the mail, as well as for webmail, this is the configuration added by Plesk to dovecot:
Code: 
# grep -r <domain> /etc/dovecot/conf.d/
/etc/dovecot/conf.d/14-plesk-sni-<domain>.conf:local_name <domain> {
/etc/dovecot/conf.d/14-plesk-sni-mail.<domain>.conf:local_name mail.<domain> {

Code: 
# cat /etc/dovecot/conf.d/14-plesk-sni-<domain>.conf /etc/dovecot/conf.d/14-plesk-sni-mail.<domain>.conf
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

local_name <domain> {
  ssl_cert = </usr/local/psa/var/certificates/scfXPy1p1
  ssl_key = </usr/local/psa/var/certificates/scfXPy1p1
}
# cat /etc/dovecot/conf.d/14-plesk-sni-mail.<domain>.conf
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

local_name mail.<domain> {
  ssl_cert = </usr/local/psa/var/certificates/scfXPy1p1
  ssl_key = </usr/local/psa/var/certificates/scfXPy1p1
}

However, apart from <domain> is not working, as it's located elsewhere, by using mail.<domain> as incoming and outgoing mail server, we get an error from the client (namely Outlook) that the certificate is invalid (was issued for webmail.<domain>), and we use webmail.<domain> as mail server, as it's not configured by dovecot.

Is there a possibility to change dovecot's configuration, so that it also uses webmail.<domain> as a valid mail server, in particular when the domain is mail only?
 
We also have clients that only have email service. Not allowing the use of customerdomain.tld as mail server on email client .
How can we configure webmail.customerdomain.tld as a server name indication (SNI)?
A good workaround was Plesk add webmail.customerdomain.tld as a server name indication (SNI).
 
You must log in or register to reply here.

Similar threads

J
Issue DEBIAN 12 OPENSSL 3.0 DOVECOT does not allow login
Replies
1
Views
1K
Yaroslav_T
Yaroslav_T
S
Resolved Dovecot Broken After Latest Update
Replies
4
Views
2K
scpcomp
S
Bitpalast
Question How to remove SSL renewal attempts for good?
Replies
8
Views
2K
Bitpalast
Bitpalast
QWeb Ric
Issue Server pool SSL not showing for selection
Replies
0
Views
399
QWeb Ric
QWeb Ric
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
499
W4ru
W
Back
Top