• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Postfix Requires TLS

T

TolgaK

Guest
Hello,

I'm Using Plesk 10.0.1 on my Debian 5.0 Server.

After upgrade i have switch to postfix from qmail. currently postfix requires TLS for SMTP connections. Users can not login to SMTP server without a secure TLS connection.

By the way webmail clients like Roundcube or Horde continues to work.

Firstly how can i configure postfix not to require TLS for connections?

Secondly i want to secure TLS with an valid SSL certificate. Must i setup SSL to domain.com or mail.domain.com? (Note that ssl certificate is not wildcard)

Thanks
 
Solution

Edit /etc/postfix/master.cf file

Original Value is like that:

submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encyrpt-o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_proxy_filter=127.$

Change it as like as this one

submission inet n - - - - smtpd -o smtpd_enforce_tls=no -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_proxy_filter=127.$

Then start postfix, that removes STARTTLS requirement at postfix submission service.
 
tolginho said:
Edit /etc/postfix/master.cf file
...
Then start postfix, that removes STARTTLS requirement at postfix submission service.
Click to expand...

Thanks a lot! That did it.

I consider this a Plesk defect.

By the way, the command to make postfix accept the changed settings is:

postfix reload
 
I thought I would uninstall the current installed courier-authlib, but if I try to uninstall it with you erase, it tells me it is going to erase a lot of packages which depend upon it, which are all Plesk-related packages.
Though I am fine with being unable to manage email accounts with Plesk, I don't want to uninstall so much of Plesk (it looks like it is going to uninstall the whole Plesk!).
So the question is, is there a way to get more authentication modules for courier-imap to work without uninstalling anything of Plesk? If so, how? I think the mysql authentication module would be ok for me.
 
Last edited by a moderator:
Today I was trying to find out why Apple Mail was not able to mail using authentication over port 587 with ssl enabled on a Plesk server.

I used tcpdump -nnA host <smtp-client> to see what was happening when I tried to send a mail. It did an EHLO and then it gave a message that's typical for greylisting.

In its original configuration it will not give "AUTH DIGEST-MD5 LOGIN CRAM-MD5 PLAIN" as an option after giving an "EHLO". I guess it doesn't because authorization is only possible after giving a STARTTLS, but I have the feeling this confuses Apple Mail.

Changing the line according to tolginho's post will give you the "AUTH line" back, but it still didn't work with Apple Mail. I finally gave up and turned off port 587 and let ASSP (anti-spam proxy) handle port 587.
ASSP is able to manipulate the dialogue and will insert a STARTTLS even if the SMTP-server isn't able to do that. It will also make sure an AUTH is being done (and acknowledged) before it will allow further transmission.

I still don't know why Apple Mail still doesn't authenticate after I changed that line in postfix, but the moment I let ASSP handle the mail it went flying....
 
You must log in or register to reply here.

Similar threads

Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
571
Polli
Polli
Polli
Issue Getting DANE working
2
Replies
33
Views
4K
Polli
Polli
B
Resolved How do I enable FTPS?
Replies
10
Views
1K
Kaspar
K
M
Issue Mail issue: Remote server returned '554 5.7.4 < # 5.7.4 SMTP; 554 5.7.4 failed to deliver message via SSL/TLS. >' -lost connection after STARTTLS from
Replies
1
Views
810
scsa20
scsa20
C
Question How can I secure my Mail with Letsencrypt next to Cloudflares Origin Certificate in Plesk?
Replies
4
Views
1K
cpulove
C
Back
Top