Problem with SSL on Mail Server. Problem with Mail clients connecting on Mail server

ctson · March 24, 2022, 7:04pm

Hello Everyone,
I will try to explain everything with as much detail as i can.
Everything worked well enough. Website and Mail SSLs where issued from lets encrypt and i could connect the mail server to any mail client i wanted through imap etc. Mail SSL expired though and renewal did not work. I tried the manual way and i couldn’t in any way get it to work. Long story short, i bought an ssl specifically for the mail (mail.domain and www.mail.domain) server thus stopping relying on the autorenewal of cyberpanel.

For the record i self host everything. 1 firewall is in front of two servers. 443 goes to 1rst server (docker etc) and the reverse proxy there takes 443 traffic from specific urls and passes them to cyberpanels server (for example domain.com on cyberpanel passes through server1 to server2) and 587,110,143,25,465,993 go straight to cyberpanel. Also i use Cloudflare for DNS using the proxy feature only on the main domain and not the mail domain.

Last but not least, installing the SSL went something like this. I went to domains, list domains, checked the mail.domain.com and in the ssl section i put the contents of the cert + ca-bundle and in the right section i put the private key → Save → restart lsws.

Any help?

shoaibkk · March 25, 2022, 5:56am

Please show the mail domain vhost content

ctson · March 25, 2022, 9:13am

Sorry for my ingorance. Can you please guide me through the process? i dont know where to find it

ctson · March 25, 2022, 9:16am

If you mean /etc/postfix/main.cf

then this is it :

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
mail_owner = postfix
inet_protocols = all
mydestination = localhost, localhost.localdomain
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES

myhostname = hyperbit.co.uk
mynetworks = 127.0.0.0/8
message_size_limit = 30720000
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_ma>
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
inet_interfaces = all
smtp_tls_security_level = may
disable_vrfy_command = yes
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map
header_checks = regexp:/etc/postfix/header_checks

shoaibkk · March 25, 2022, 10:17am

share access via inbox

ctson · March 25, 2022, 4:38pm

Its not that easy. You have to go through a vpn and a pam server and im not comfortable giving access to company’s infostruc. Can you please guide me through the process? Also for some reason i cannot directly send you a message

usmannasir · March 25, 2022, 5:02pm

Vhost config is in web site manager. Also @shoaibkk is part of official CyberPanel team, feel free to share access when asked.

ctson · March 25, 2022, 5:06pm

Oh. Ok then. I will make the required changes to make cyberpanel accessible via net so he can access it.

shoaibkk · March 26, 2022, 7:29am

You can share access on the cloud so it will be more safe for you