• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Port 25 SMTP Nessus Scan Report

G

Greg Sims

Basic Pleskian
We did a Nessus Scan of our server this evening. We have a couple of issues associated with port 25/tcp (smtp):
  • 51192 - SSL Certificate Cannot Be Trusted
  • 57582 - SSL Self-Signed Certificate
We have a wildcard certificate for the primary domain loaded onto the server. It is used two places in the panel:
  • Tools & Settings => Security => SSL Certificates
  • <primary domain> => SSL Certificates
What do I need to change to eliminate the Nessus Scan issues on port 25?

We are also seeing the following issues on port 443/tcp (https):
  • 42873 - SSL Medium Strength Cipher Suites Supported
  • 94437 - SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
I'm not sure if this is a related problem.

Thank you, Greg
 
Hi Greg Sims,

Greg Sims said:
What do I need to change to eliminate the Nessus Scan issues on port 25?
Click to expand...
I recommend to upgrade to Plesk Onyx, where securing your mail - server can be done over the Plesk Control Panel ( => Securing Plesk and Mail Server ).


For postfix you might consider to modify:
Code: 
smtpd_tls_CAfile = /LOCATION/OF/YOUR/CURRENT/WILDCARD_CA_PEM
smtpd_tls_key_file = /LOCATION/OF/YOUR/CURRENT/WILDCARD_KEY_PEM
smtpd_tls_cert_file = /LOCATION/OF/YOUR/CURRENT/WILDCARD_CERT_PEM


For qmail, pls. follow the Plesk 12 documentation at: => Installing an SSL Certificate for Qmail

For dovecot, pls consider to modify your dovecot.conf ( /etc/dovecot ):
Code: 
ssl_cert = </LOCATION/OF/YOUR/CURRENT/WILDCARD_CERT_PEM
ssl_key = </LOCATION/OF/YOUR/CURRENT/WILDCARD_KEY_PEM
ssl_ca = </LOCATION/OF/YOUR/CURRENT/WILDCARD_CA_PEM


For Courier-IMAP, pls. follow the Plesk 12 documentation at: => Installing an SSL Certificate for Qmail
 
It is not possible for our to move to Plesk Onyx do to issues with mailman including PPPM-5476. Thank you for the Postfix configuration info UFHH01. Greg
 
You must log in or register to reply here.

Similar threads

learning_curve
Question Independent Secure E-Mail > Postfix / Dovecot MTAs > 1 Server Multiple Domains > Plesk
Replies
2
Views
1K
learning_curve
learning_curve
VojinP
Issue Cannot connect to SMTP on Plesk for Windows with SSL or TLS
Replies
12
Views
14K
VojinP
VojinP
W
[website php error 500] after Plesk 12.0.18, update on 25 Dec 2015
Replies
1
Views
2K
wsi
W
I
Unable to disable SSL v2 and v3 in Postfix & Courier
Replies
15
Views
17K
iainh
I
D
SSL/TLS Protocol Vulnerability PCI Scan
Replies
8
Views
20K
RalphP
R
Back
Top