Hestiacp: Update mail connection information

Created on 10 Jul 2019 · 5Comments · Source: hestiacp/hestiacp

The information panel on the right in HestiaCP / Mail / DOMAIN / ACCOUNT always shows mail.DOMAIN.TLD for SMTP and IMAP servers, even when the system hostname is different.

This is not a problem when no certificate is used, but to avoid validation problems, HOST.DOMAIN.TLD should be suggested.

Should the MX register be updated to the same value?

bug interface

Source

Wibol

All 5 comments

Hi @Wibol, we'll take a further look into this but the intended design was that the account information panel shows the access information specific to that domain name as we improved support for mail domains in our initial v1 release. Due to the underlying design with exim and dovecot, mail is currently hardcoded in a few places but we'll be evaluating this as well for the next feature release to allow the MX exchange variable to be configurable much like the webmail alias is.

kristankenney on 10 Jul 2019

Hey @Wibol, HestiaCP now allows you to assign LetsEncrypt certs for each of your added mail.DOMAIN.TLD, so you don't get SSL validation messages when you connect to the mail host specified on the right hand side.

johnnyq on 11 Jul 2019

👍1

Hi @johnnyq. That's right, but the problem seems to be more complex:

According to my research, it is necessary that the hostname provided by Exim, the PTR record and the SPF record match to have good mail deliverability:

Exim hostname == PTR record ~= SPF record

On the other hand, since certificates are only issued for a domain, both the hostname that Exim supplies, the certificate (CN) field and the Mail hostname must be identical so as not to have validation problems:

Exim hostname == Certificate (CN) field == Mail hostname

Exim receives the hostname from HestiaCP which in turn does it from the system:

System hostname > Hestia hostname > Exim hostname

So to respect the above, we are forced to use a Mail hostname equal to the System hostname:

Mail hostname == System hostname

In summary, if our server is called vps1.DOMAIN.TLD, we have to use vps1.DOMAIN.TLD in Thunderbird for the IMAP and SMTP servers. If we use mail.DOMAIN.TLD, imap.DOMAIN.TLD, smtp.DOMAIN.TLD or any other, we will have problems with the validation of the certificate.

I hope I'm not wrong, but it's the only formula I've found to have no problem and overcome the tests:

P.D.: By the way, if Exim took the hostname from MX record (or any other site), could Mail hostname and System hostname be different?

MX record > Exim hostname

Wibol on 12 Jul 2019

@Wibol basicly mail ssl is used for user to server communication and not server to server (in mail exchange). It's correct that you need to have (at least) a proper PTR record, but usualy this record is set to the server hostname. Also the communication (if the server sends a mail), it uses the system hostname and not the customer domain (mail.domain.tld). So far, the setup that hestia provides, should work without any issue :).

ScIT-Raphael on 12 Jul 2019

👍1

Closed because it isnt a bug, due to the mail lets encrypt feature.

ScIT-Raphael on 22 Jul 2019

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Feature Request: Dynamic DNS

johnnyq · 4Comments

Missing changes saved indicator for Web

snakehill · 4Comments

Feature Request: Re-evaluate public_shtml presence

johnnyq · 5Comments

WebUI: Back in Add DNS Record after create does not go back to the list

vestacp-user · 3Comments

File Manager logo missing

kristankenney · 4Comments