DirectAdmin Knowledge Base and Support

DirectAdmin is a web panel for simple administration of both virtual and dedicated servers. DirectAdmin is faster, safe and more powerful than any other CP. And we know how to customize Directadmin and support it.

DirectAdmin Knowledge Base

Install users certs into Exim, Dovecot on Directadmin servers

| 00:39:43 10.10.2017

Since Directadmin 1.52.0 users can get their own SSL/TLS certs installed for their domains into SMTP, POP, IMAP servers alongside into a WEB server. Get your own SSL cert for your mail.domain.com and secure your connections to mail-boxes with our guide.

Why do I need it?

Mobile phones and other network devices require a SSL/TLS encrypted connections to work with IMAP, POP, SMTP servers. And by default they connect to mail.domain.com (domain.com is just an example here), if your server hosts more than 1 domains then a connection might be dropped as not-trusted. A default cert installed server-wide and created for a hostname used to be the only one available in Exim until now.

Requirements

  • Directadmin 1.52.0
  • Exim.conf 4.5+
  • OpenSSL 1.0+
  • Custombuild 2.0

Find out directadmin version (command is shown with an output example):

[root@server ~]# /usr/local/directadmin/directadmin v
Version: DirectAdmin v.1.52.0

Find out Exim.conf version (command is shown with an output example):

[root@server ~]# head /etc/exim.conf -n1
# SpamBlockerTechnology* powered exim.conf, Version 4.5.7

Find out OpenSSL version (command is shown with an output example):

[root@server ~]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

Find out Custombuild version (command is shown with an output example):

[root@server ~]# /usr/local/directadmin/custombuild/build version
2.0.0 (rev: 1734)

How to start?

After you made sure that you meet the requirements here are the commands you should run as root in a console:

echo "mail_sni=1" >> /usr/local/directadmin/conf/directadmin.conf
service directadmin restart

You can control process and see results of: 

/usr/local/directadmin/directadmin c | grep sni

You should see output like the following:

[root@server ~]# /usr/local/directadmin/directadmin c | grep sni
enable_ssl_sni=1
mail_sni=1
[root@server ~]#

If output of the commands is much different it's probably because of an older Directadmin version which is installed on your server.

Important: if you use custom versions of exim.conf and/or dovecot.conf you might lose your customization if you follow the guide.

Now we need to allow directadmin to install Dovecot and Exim configs and update them to the latest possible:

cd /usr/local/directadmin/custombuild
./build clean
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set dovecot_conf yes
./build exim_conf
./build dovecot_conf

Control results with:

grep ^tls_ /etc/exim.variables.conf --color

you should see output like the following (long lines are shortened here for easier reading):

tls_certificate=${if exists{/etc/virtual/snidomains}... skipped... {/etc/exim.cert}}}{/etc/exim.cert}}
tls_privatekey=${if exists{/etc/virtual/snidomains}... skipped... {/etc/exim.key}}}{/etc/exim.key}}
tls_require_ciphers=ECDHE-ECDSA-CHACHA20-POLY1305:... skipped... :DES-CBC3-SHA:!DSS

Add domains' certs in configs:

If you want to tell all live SSL domains to have their dovecot/exim configs written, type;

echo "action=rewrite&value=mail_sni" >> /usr/local/directadmin/data/task.queue

More information:

About Us
We are a team of professionals, and specialize in installation, configuring and managing of remote virtual and dedicated servers powered by Linux/Unix-like OS with DirectAdmin. We support various sets of software, including web-servers Apache, Nginx; internet domain name servers Bind, PowerDNS; mail-servers with POP3, IMAP and SMTP, FTP-servers, etc. After years of working through the most complex server challenges our team has gathered valuable expirience and universal solutions suitable for everyday tasks. We are here to lend you a helping hand and take care of your servers in order to let you have enough time to do more of what you love.




All of the information and data on this site is for informational purposes only and is provided for the convenience of the user.
Powered by: Amiro.CMS - Free edition