IndiMail / Support Requests / #33 installing SSL certificate in

Manvendra Bhangui - 2024-04-17

You can generate your own certificate using letsencrypt. If you want to generate self signed certificate then use the following command. Let's say your domain is example.com

svctool --config=cert --postmaster=postmaster@example.com --common_name=example --force

The above command will overwrite /etc/indimail/certs/servercert.pem and /etc/indimail/certs/clientcert.pem. But self signed certs are not of much use unless all clients will be from your own hosts. So basically you have to replace servercert.pem (clientcert is just a soft link to servercert.pem). After replacing you have to restart all services using ssl

svc -r /service-qmail-smtp* /service/indisrvr /service/*ssl*

Last edit: Manvendra Bhangui 2024-04-17
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ssnatl - 2024-04-18

Hello Manvendra,

We are using our own certificate from a vendor.

I have replaced that certificate in /etc/indimail/certs/servercert.pem and restarted the service as above.

But all our internal mails are connecting fine except external.

Look like port 25 is not connecting to internet. So our remote mail boxes are having issues.

Do we need to modify any other configs.

While trying externally by mutt command we are getting the below error.

"Error sending message, child exited 76 (Remote protocol error.).
Could not send the message."

Kindly help us on this.

Thanks and Regards
Ssnatl

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Manvendra Bhangui - 2024-04-18
  
  On Thu, 18 Apr 2024 at 21:50, Ssnatl ssnatl@users.sourceforge.net wrote:
  
  Hello Manvendra,
  
  We are using our own certificate from a vendor.
  
  I have replaced that certificate in /etc/indimail/certs/servercert.pem and
  restarted the service as above.
  
  OK
  
  But all our internal mails are connecting fine except external.
  
  Look like port 25 is not connecting to internet. So our remote mail boxes
  are having issues.
  
  qmail-smtpd doesn't connect to the internet. It is the other way round.
  Clients connect to port 25.
  
  To test if port 25 is fine can can receive mails from internet, you can use
  swaks like this
  
  # without tls swaks --to someuser@yourdomain --from someuser@external_domain --server ip_address_of_indimail_server --port 25 # with starttls swaks --tls --to someuser@yourdomain --from someuser@external_domain --server ip_address_of_indimail_server --port 25
  
  To send out mails to external domains one uses port 587 and this is how you
  can test it
  
  swaks -tls --to someuser@external_domain --from someuser@yourdomain --server localhost --port 587 -a LOGIN -au someuser@yourdomain -ap password
  
  Do we need to modify any other configs.
  
  No
  
  While trying externally by mutt command we are getting the below error.
  
  "Error sending message, child exited 76 (Remote protocol error.).
  Could not send the message."
  
  This error is useless. To which port is mutt connecting? Check the error
  log for that port. e.g. for port 25 check /var/log/svc/smtpd.25/current
  
  alternate
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Manvendra Bhangui - 2024-09-03

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Manvendra Bhangui - 2024-09-03

closing this as there is been no revert on this

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

installing SSL certificate in

Group

Searches

Help

#33 installing SSL certificate in

Discussion