• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Postfix/Dovecot MX entry

MoritzCH

New Pleskian
Hi,

after fixing this annoying HTTPS thing I have one last thing to solve. I would like to setup a SSL certificate for my mailserver and experience a strange problem.
I changed the MX DNS entry to "myvserver.info" (my domain) instead of "mail.myvserver.info" (so I can use the same certificate). Did this change on the vServer as well but when
I start a test on "checktls.com" I get this output ([000.780] Cert Hostname DOES NOT VERIFY (mail.myvserver.info != www.myvserver.info)). Is this anything I have to worry about or
did I missed something?

[000.119] Connected to server
[000.251] <-- 220 myvserver.info ESMTP Postfix (Debian/GNU)
[000.251] We are allowed to connect
[000.252] --> EHLO checktls.com
[000.369] <-- 250-myvserver.info
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.370] We can use this server
[000.370] TLS is an option on this server
[000.370] --> STARTTLS
[000.488] <-- 220 2.0.0 Ready to start TLS
[000.488] STARTTLS command works on this server
[000.738] Cipher in use: ECDHE-RSA-AES256-GCM-SHA384
[000.738] Connection converted to SSL
[000.753] Certificate 1 of 3 in chain:
subject= /OU=GT82378225/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=www.myvserver.info
issuer= /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
[000.766] Certificate 2 of 3 in chain:
subject= /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
issuer= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
[000.780] Certificate 3 of 3 in chain:
subject= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
issuer= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
[000.780] Cert VALIDATED: ok
[000.780] Cert Hostname DOES NOT VERIFY (mail.myvserver.info != www.myvserver.info)
[000.780] So email is encrypted but the host is not verified
[000.781] ~~> EHLO checktls.com
[000.900] <~~ 250-myvserver.info
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.901] TLS successfully started on this server
[000.901] ~~> MAIL FROM:<[email protected]>
[001.024] <~~ 250 2.1.0 Ok
[001.025] Sender is OK
[001.025] ~~> RCPT TO:<[email protected]>
[001.147] <~~ 250 2.1.5 Ok
[001.147] Recipient OK, E-mail address proofed
[001.148] ~~> QUIT
[001.266] <~~ 221 2.0.0 Bye​
 
you mean inside the /etc/postfix/main.cf?
I already changed it inside the Plesk DNS settings and inside these files

-->
7vcj4234.png
 
your DNS is not doing anything in this case. The flow:

1. in your local mail application (e.g. Outlook) you have a mailserver (mail.myvserver.info) mentioned.
2. the DNS is translating this name to an IP
3. the mail app connects to that IP
4. the mail server on this IP tells who he is (myvserver.info)
5. your mail app request the SSL from the server
6. the server send the SSL of www.myvserver.info
7. your mail app checks mail.myvserver.info with www.myvserver.info and fails

change step 1 to www.myvserver.info and I think it will work
 
well it's not my local client giving me the feedback mentioned above. It's an online testing webpage :)
Going to test your advice when I get home from work
 
Back
Top