Accept SSL SMTP

[andistancu]

Hi,

I manage a couple of servers running WHM/CPanel and they host some hundreds of mailboxes. I get calls everyday from people claiming their mail is not working. Everytime, I connect to their computer, disable SSL and then it works.

What should I do to enable SSL so they don't have to specifically disable it, as Mail.app always enables it by default.

They get this error: [Removed External Link]

Thank you,
Andi Stancu

 

[cPanelMichael]

Hello

Could you elaborate on the specific error message encountered? Note that you should upload an image as an attachment instead of providing an external URL.

Thank you.

 

[andistancu]

Hello,

Sorry, I provided link to the screenshot. I am attaching this time.
When I uncheck use SSL for IMAP or for SMTP, the email starts working. Unfortunately, most of the time, Mail.app puts it back after a while and then t hey call me back.


Thank you,
Andi Stancu

 

[cPanelMichael]

Please check /var/log/maillog at the time of the authentication failure and let us know if you see any specific output that could help determine the cause of the problem.

Thank you.

 

[ThinIce]

Is this mac mail by any chance?

 

[andistancu]

Is this mac mail by any chance?

Yes, it is.

 

[cPanelMichael]

Is this mac mail by any chance?

Could you elaborate on the specific issue you are referencing? Or, are you experiencing the same problem?

Thank you.

 

[ThinIce]

It was a while ago now (i.e. years) but last I came into contact with it Mac mail was an absolute pain with self signed certs / cert hostname mismatches. The best workaround for that was using a proper signed cert for the server hostname and the server hostname in the mail client (rather than mail.customerdomain.com)

Which yes everyone should be doing anyway :

 

[andistancu]

It was a while ago now (i.e. years) but last I came into contact with it Mac mail was an absolute pain with self signed certs / cert hostname mismatches. The best workaround for that was using a proper signed cert for the server hostname and the server hostname in the mail client (rather than mail.customerdomain.com)

Which yes everyone should be doing anyway :

Ok, that makes sense. I will try that. Does it have to be the hostname of the server or can I use any domain hosted on it ? The hostname is not so nice, but we also host nicer domains.

Thanks,
Andi Stancu

 

[ThinIce]

If that is indeed your issue I believe at this point you'll need to use the server hostname - this is currently a drawback of the product (if recent releases have expanded the feature set on this Michael will correct me )

A related feature request is SSL certificate per domain on all services | cPanel Feature Requests you might like to vote on it, IMO I can see this would be quite tough to implement completely, but it is absolutely necessary because it makes the shared nature of the service salient and causes many clients to move their email off to other providers that offer other security benefits such as two factor auth etc.

 

[andistancu]

In my WHM it sais the hostname is cq.qact.us
I also have an account for the domain qact.us
Should I buy a SSL for qact.us and ask everyone to use qact.us as incoming and outgoing mail server ?


Thanks,
Andi Stancu

 

[ThinIce]

The cert should be purchased for / be valid for the server hostname, you'll then need to install it per Manage Service SSL Certificates for the various services