hMailserver: Secure with letsencrypt SMTP SetUP - Trusted Cert Issue

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
abdrahim999
New user
New user
Posts: 3
Joined: 2019-03-12 00:17

hMailserver: Secure with letsencrypt SMTP SetUP - Trusted Cert Issue

Post by abdrahim999 » 2019-03-12 00:25

I'm trying to configure hMailserver with a 3rd party SSL cert. I'v

1) Installed the SSL key & cert 2) Placed the hash named CA and intermediate in to the \externals\cs folder

Now, the connection between the mail client and the server is secure and works. The issue is that mail clients outlook, apple mail, others issue an untrusted cert warning.

I've followed several threads on the forums, but none seem to solve this problem
and i Want to Autoban some special spammer Chinese and Russian and north african 8)

User avatar
Dravion
Senior user
Senior user
Posts: 1394
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: hMailserver: Secure with letsencrypt SMTP SetUP - Trusted Cert Issue

Post by Dravion » 2019-03-12 01:08

what

"3rd party SSL cert"

?

User avatar
mattg
Moderator
Moderator
Posts: 19880
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: hMailserver: Secure with letsencrypt SMTP SetUP - Trusted Cert Issue

Post by mattg » 2019-03-12 01:31

abdrahim999 wrote:
2019-03-12 00:25
2) Placed the hash named CA and intermediate in to the \externals\cs folder
Why did you do that?

Use the chained cert instead of the cert that you have used


abdrahim999 wrote:
2019-03-12 00:25
...and i Want to Autoban some special spammer Chinese and Russian and north african
Do you have SpamAssassin set up?
You could also use zz.countries.nerd.dk as a DNS BL
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

abdrahim999
New user
New user
Posts: 3
Joined: 2019-03-12 00:17

Re: hMailserver: Secure with letsencrypt SMTP SetUP - Trusted Cert Issue

Post by abdrahim999 » 2019-05-11 13:57

let's encrypt

User avatar
RvdH
Senior user
Senior user
Posts: 772
Joined: 2008-06-27 14:42
Location: Netherlands

Re: hMailserver: Secure with letsencrypt SMTP SetUP - Trusted Cert Issue

Post by RvdH » 2019-05-11 14:09

CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
mattg
Moderator
Moderator
Posts: 19880
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: hMailserver: Secure with letsencrypt SMTP SetUP - Trusted Cert Issue

Post by mattg » 2019-05-12 00:29

abdrahim999 wrote:
2019-05-11 13:57
let's encrypt
mattg wrote:
2019-03-12 01:31
Use the chained cert instead of the cert that you have used
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
Dravion
Senior user
Senior user
Posts: 1394
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: hMailserver: Secure with letsencrypt SMTP SetUP - Trusted Cert Issue

Post by Dravion » 2019-05-12 01:55

There are multiple variants to get your Certchain working.

1) Combine your SSL-Cert with Root or Intermediate
CA Cert (a SSL Certbundle).

2) Use a SSL Certstore -(a folder with all Trusted
Root CAs)

3) Or have an openssl.cnf while which points to
valid Root CA or Intermediate CA Certificate.

Shouldnt be necessary if all Certs are known
by your Mailprograms trusted CA.

User avatar
mattg
Moderator
Moderator
Posts: 19880
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: hMailserver: Secure with letsencrypt SMTP SetUP - Trusted Cert Issue

Post by mattg » 2019-05-12 04:29

Letsencrypt typically send back two certs, one is the just the named cert, the other includes the trust

I think the OP just used the wrong one
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply