Email

/
/
Configuring mail domain certificates after ispmanager upgrade

Configuring mail domain certificates after ispmanager upgrade

Why?

The ability to connect certificates to email domains is enabled by default when a panel of the 5.66.0 version or higher is installed. After upgrading a panel of the 5.66.0 version or lower, this functionality must be configured manually.

Instructions

Add the following line at the end of the configuration file located at /usr/local/mgr5/etc/ispmgr.conf.d/mta.conf:

  • path exim-certdir /etc/exim/ssl - for CentOS 7 and CloudLinux;
  • path exim-certdir /etc/exim4/ssl - for Debian and Ubuntu.

PLEASE NOTE!

If the file at  /usr/local/mgr5/etc/ispmgr.conf.d/mta.conf is absent, introduce changes to the file at /usr/local/mgr5/etc/conf.d/exim.conf.

Add the following line at the end of the configuration file /usr/local/mgr5/etc/ispmgr.conf.d/dovecot.conf:

path dovecot-certconf /etc/dovecot/certs

 

Change the following lines in the Dovecot configuration file located at /etc/dovecot/conf.d/10-ssl.conf:

For CentOS and CloudLinux:

ssl = yes
ssl_cert = </etc/exim/ssl/exim.crt>
ssl_key = </etc/exim/ssl/exim.key>
!include_try /etc/dovecot/certs/*.conf

For Debian and Ubuntu:

ssl = yes
ssl_cert = </etc/exim4/ssl/exim.crt>
ssl_key = </etc/exim4/ssl/exim.key>
!include_try /etc/dovecot/certs/*.conf

 

Change the SSL setings in the Exim configuration file at /etc/exim/exim.conf (for Debian and Ubuntu: /etc/exim4/exim4.conf.template):

For CentOS and CloudLinux:

log_selector =  \
       +all_parents \
       +lost_incoming_connection \
       +received_sender \
       +received_recipients \
       +tls_cipher +tls_peerdn +tls_sni \
       +smtp_confirmation \
       +smtp_syntax_error \
       +smtp_protocol_error

# TLS/SSL
 tls_advertise_hosts = *
 tls_certificate = ${if exists{/etc/exim4/ssl/${tls_sni}.crt}{/etc/exi4m/ssl/${tls_sni}.crt}{/etc/exim4/ssl/exim.crt}}
 tls_privatekey = ${if exists{/etc/exim4/ssl/${tls_sni}.key}{/etc/exim4/ssl/${tls_sni}.key}{/etc/exim4/ssl/exim.key}}
 daemon_smtp_ports = 25 : 465 : 587
 tls_on_connect_ports = 465

For Debian and Ubuntu:

og_selector =  \
       +all_parents \
       +lost_incoming_connection \
       +received_sender \
       +received_recipients \
       +tls_cipher +tls_peerdn +tls_sni \
       +smtp_confirmation \
       +smtp_syntax_error \
       +smtp_protocol_error

# TLS/SSL
 tls_advertise_hosts = *
 tls_certificate = ${if exists{/etc/exim/ssl/${tls_sni}.crt}{/etc/exim/ssl/${tls_sni}.crt}{/etc/exim/ssl/exim.crt}}
 tls_privatekey = ${if exists{/etc/exim/ssl/${tls_sni}.key}{/etc/exim/ssl/${tls_sni}.key}{/etc/exim/ssl/exim.key}}
 daemon_smtp_ports = 25 : 465 : 587
 tls_on_connect_ports = 465

 

After introducing all the changes, it is necessary to restart the mail server services and the panel by executing the following commands:

  1. systemctl restart dovecot - restarting the Dovecot mail server service;
  2. systemctl restart exim or systemctl restart exim4 for Debian and Ubuntu - restarting the Exim mail server service;
  3. pkill core - restarting the ispmanager 6 panel.

In this article