Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Autodiscover and AutoSSL

Discussion in 'Security' started by FrankP, Mar 29, 2019.

  1. FrankP

    FrankP Registered

    Mar 5, 2019
    Likes Received:
    Trophy Points:
    Trois-Rivières, Canada
    cPanel Access Level:
    Root Administrator

    So, i just yesterday tried to configure for the first time AutoDiscover&Autoconfig for my WHM Server.
    But i am unsure as to how deal with my first problem.
    I have AutoSSL installed, and i have parked a new domain on top of a domain which was set to reset to default server settings. But this one should have been on Disable to begin with.
    I Ticked it down to Disable before parking the domain. Anyway, the Autodiscover ends configuring my account using encryption using portt 995 and 465.

    I assume, that if my domain had never supported ssl/tls it would have used the unsecured ports.

    But where my concern is : When i set up a new account it supports SSL for a while then it dies unless i set in autossl the account on Enabled, my guess is it has something to do with a free certificate issued to new accounts. How do i make sure a new accounts never support SSL/TLS so my autoconfig correctly configures the first time the Outlook client of a user who opted out of encryption on my mail server?

    I want to know if ticking off this option completely prevents a mail client from connecting on secure ports using autoconfig : Tweak Settings -> Security -> Generate a self signed SSL certificate if a CA signed certificate is not available when setting up new domains

    Also, is there a way to cut immediatly the possibility for one account to connect their mail client through secure ports at all?

    Thank you.
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Nov 14, 2017
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    DataCenter Provider
    Hello @FrankP

    The AutoDiscover defaults to the secure ports with the presence of a valid SSL self-signed or otherwise. You can test what it will return by executing a curl request such as the following:

    curl http://autoconfig.domain.tld/mail/[email protected]
    It will most likely default to the hostname in the event that there is no SSL installed on the domain and still suggest an SSL connection.

    The only way to disallow the secure ports as far as I am aware would be to close them on the server, but I would absolutely not recommend this course of action.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice