• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Port 25 SMTP Nessus Scan Report

G

Greg Sims

Basic Pleskian
We did a Nessus Scan of our server this evening. We have a couple of issues associated with port 25/tcp (smtp):
  • 51192 - SSL Certificate Cannot Be Trusted
  • 57582 - SSL Self-Signed Certificate
We have a wildcard certificate for the primary domain loaded onto the server. It is used two places in the panel:
  • Tools & Settings => Security => SSL Certificates
  • <primary domain> => SSL Certificates
What do I need to change to eliminate the Nessus Scan issues on port 25?

We are also seeing the following issues on port 443/tcp (https):
  • 42873 - SSL Medium Strength Cipher Suites Supported
  • 94437 - SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
I'm not sure if this is a related problem.

Thank you, Greg
 
Hi Greg Sims,

Greg Sims said:
What do I need to change to eliminate the Nessus Scan issues on port 25?
Click to expand...
I recommend to upgrade to Plesk Onyx, where securing your mail - server can be done over the Plesk Control Panel ( => Securing Plesk and Mail Server ).


For postfix you might consider to modify:
Code: 
smtpd_tls_CAfile = /LOCATION/OF/YOUR/CURRENT/WILDCARD_CA_PEM
smtpd_tls_key_file = /LOCATION/OF/YOUR/CURRENT/WILDCARD_KEY_PEM
smtpd_tls_cert_file = /LOCATION/OF/YOUR/CURRENT/WILDCARD_CERT_PEM


For qmail, pls. follow the Plesk 12 documentation at: => Installing an SSL Certificate for Qmail

For dovecot, pls consider to modify your dovecot.conf ( /etc/dovecot ):
Code: 
ssl_cert = </LOCATION/OF/YOUR/CURRENT/WILDCARD_CERT_PEM
ssl_key = </LOCATION/OF/YOUR/CURRENT/WILDCARD_KEY_PEM
ssl_ca = </LOCATION/OF/YOUR/CURRENT/WILDCARD_CA_PEM


For Courier-IMAP, pls. follow the Plesk 12 documentation at: => Installing an SSL Certificate for Qmail
 
It is not possible for our to move to Plesk Onyx do to issues with mailman including PPPM-5476. Thank you for the Postfix configuration info UFHH01. Greg
 
You must log in or register to reply here.

Similar threads

learning_curve
Question Independent Secure E-Mail > Postfix / Dovecot MTAs > 1 Server Multiple Domains > Plesk
Replies
2
Views
1K
learning_curve
learning_curve
VojinP
Issue Cannot connect to SMTP on Plesk for Windows with SSL or TLS
Replies
12
Views
13K
VojinP
VojinP
W
[website php error 500] after Plesk 12.0.18, update on 25 Dec 2015
Replies
1
Views
2K
wsi
W
I
Unable to disable SSL v2 and v3 in Postfix & Courier
Replies
15
Views
16K
iainh
I
D
SSL/TLS Protocol Vulnerability PCI Scan
Replies
8
Views
19K
RalphP
R
Back
Top