FrankP

Registered
Mar 5, 2019
4
0
1
Trois-Rivières, Canada
cPanel Access Level
Root Administrator
Hello,

So, i just yesterday tried to configure for the first time AutoDiscover&Autoconfig for my WHM Server.
But i am unsure as to how deal with my first problem.
I have AutoSSL installed, and i have parked a new domain on top of a domain which was set to reset to default server settings. But this one should have been on Disable to begin with.
I Ticked it down to Disable before parking the domain. Anyway, the Autodiscover ends configuring my account using encryption using portt 995 and 465.

I assume, that if my domain had never supported ssl/tls it would have used the unsecured ports.

But where my concern is : When i set up a new account it supports SSL for a while then it dies unless i set in autossl the account on Enabled, my guess is it has something to do with a free certificate issued to new accounts. How do i make sure a new accounts never support SSL/TLS so my autoconfig correctly configures the first time the Outlook client of a user who opted out of encryption on my mail server?

I want to know if ticking off this option completely prevents a mail client from connecting on secure ports using autoconfig : Tweak Settings -> Security -> Generate a self signed SSL certificate if a CA signed certificate is not available when setting up new domains

Also, is there a way to cut immediatly the possibility for one account to connect their mail client through secure ports at all?

Thank you.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,945
753
263
Houston
cPanel Access Level
DataCenter Provider
Hello @FrankP


The AutoDiscover defaults to the secure ports with the presence of a valid SSL self-signed or otherwise. You can test what it will return by executing a curl request such as the following:

Code:
curl http://autoconfig.domain.tld/mail/[email protected]
It will most likely default to the hostname in the event that there is no SSL installed on the domain and still suggest an SSL connection.


The only way to disallow the secure ports as far as I am aware would be to close them on the server, but I would absolutely not recommend this course of action.