Email

/
/
Configuring mail domain certificates after ispmanager upgrade

Configuring mail domain certificates after ispmanager upgrade

The ability to connect certificates to email domains is enabled by default when a panel of the 5.66.0 version or higher is installed. After upgradinga panel of the 5.66.0 version or lower, this functionality must be configured manually.

Instructions

Add the following line at the end of the configuration file located at /usr/local/mgr5/etc/ispmgr.conf.d/mta.conf:

  • path exim-certdir /etc/exim/ssl- for CentOS 7 and CloudLinux;
  • path exim-certdir /etc/exim4/ssl - for Debian and Ubuntu.

Please note!

If the file at  /usr/local/mgr5/etc/ispmgr.conf.d/mta.confis absent, introduce changes to the file at /usr/local/mgr5/etc/conf.d/exim.conf.

Add the following line at the end of the configuration file /usr/local/mgr5/etc/ispmgr.conf.d/dovecot.conf:

path dovecot-certconf /etc/dovecot/certs

Change the following lines in the Dovecot configuration file located at /etc/dovecot/conf.d/10-ssl.conf:

For CentOS and CloudLinux:

ssl = yes
ssl_cert = </etc/exim/ssl/exim.crt>
ssl_key = </etc/exim/ssl/exim.key>
!include_try /etc/dovecot/certs/*.conf

For Debian and Ubuntu:

ssl = yes
ssl_cert = </etc/exim4/ssl/exim.crt>
ssl_key = </etc/exim4/ssl/exim.key>
!include_try /etc/dovecot/certs/*.conf

Change the SSL setings in the Exim configuration file at /etc/exim/exim.conf(for Debian and Ubuntu: /etc/exim4/exim4.conf.template):

For CentOS and CloudLinux:

log_selector =  \
       +all_parents \
       +lost_incoming_connection \
       +received_sender \
       +received_recipients \
       +tls_cipher +tls_peerdn +tls_sni \
       +smtp_confirmation \
       +smtp_syntax_error \
       +smtp_protocol_error

# TLS/SSL
 tls_advertise_hosts = *
 tls_certificate = ${if exists{/etc/exim4/ssl/${tls_sni}.crt}{/etc/exi4m/ssl/${tls_sni}.crt}{/etc/exim4/ssl/exim.crt}}
 tls_privatekey = ${if exists{/etc/exim4/ssl/${tls_sni}.key}{/etc/exim4/ssl/${tls_sni}.key}{/etc/exim4/ssl/exim.key}}
 daemon_smtp_ports = 25 : 465 : 587
 tls_on_connect_ports = 465

For Debian and Ubuntu:

log_selector =  \
       +all_parents \
       +lost_incoming_connection \
       +received_sender \
       +received_recipients \
       +tls_cipher +tls_peerdn +tls_sni \
       +smtp_confirmation \
       +smtp_syntax_error \
       +smtp_protocol_error

# TLS/SSL
 tls_advertise_hosts = *
 tls_certificate = ${if exists{/etc/exim/ssl/${tls_sni}.crt}{/etc/exim/ssl/${tls_sni}.crt}{/etc/exim/ssl/exim.crt}}
 tls_privatekey = ${if exists{/etc/exim/ssl/${tls_sni}.key}{/etc/exim/ssl/${tls_sni}.key}{/etc/exim/ssl/exim.key}}
 daemon_smtp_ports = 25 : 465 : 587
 tls_on_connect_ports = 465

After introducing all the changes, it is necessary to restart the mail server services and the panel by executing the following commands:

  1. systemctl restart dovecot- restarting the Dovecot mail server service;
  2. systemctl restart eximor systemctl restart exim4for Debian and Ubuntu - restarting the Exim mail server service;
  3. pkill core- restarting the ispmanager 6 panel.

In this article