Sending emails works vis SSL/465 but not TLS/587

[galbaras]

* Newbie alert (please reduce jargon to minimum and assume no prior knowledge) *

cPanel advises to use port 465 for secure sending of emails as the SSL/TLS port, so it's not clear which. Evidently, SSL works and TLS doesn't on this port. I've seen posts that TLS should work on port 587, so I've tried that too, only it didn't work. The connection simply times out.

When I try to use TLS on port 465, I also get a certificate warning.

With my lack of basic security knowledge, the cPanel documentation offers no help. I just don't know how to relate to the information there.

Guidance will be highly appreciated.

 

[ThinIce]

If I recall correctly exim doesn't listen on Port 587 by default, you can make it do so by enabling exim on another port and entering 587 in WHM

Home »Service Configuration »Service Manager

TLS / SSL should work on port 465 by default, but you'll receive a certificate warning if the server is using a self signed cert for it's hostname. If you've purchased a cert for use with the hostname, it can be installed to exim at

Home »Service Configuration »Manage Service SSL Certificates

 

[galbaras]

Thank you, ThinIce.

What's the cheapest way to get an SSL certificate that's just good for email on the VPS host address?

 

[ThinIce]

The very cheapest ca verified SSL certificates (those that just protect information in transit) can be free, although I can't say I've ever used one myself

StartSSL

Most people will go for a name' brand, for example comodo do the essential ssl cert cheaply, around a tenner. Some CAs such as comodo have had 'issues' in the past in one way or another, which may cause some people to look at them with a jaundiced eye, but they'll do the job.

Do be aware that for a security warning not to show up even with a ca verified cert, you'll need to be using the server's hostname within your email client.

 

[galbaras]

Thanks for the reference to StartSSL. I might give them a try.

I've enabled the exim listener on port 587, but cannot connect to it with Outlook in TLS, SSL or even plain mode . Is there anything else I may need to do?

Could anything be blocking the connection?

Thanks again,
Gal

 

[ThinIce]

It'd be worthwhile checking the port is open in any firewall you have installed (i.e. csf)

 

[galbaras]

It certainly was worthwhile

In the CSF configuration editor, I added port 587 to the TCP_IN, TCP_OUT, UDP_IN and UDP_OUT port lists, just to be on the safe side, and TLS connections now work for sending email on port 587 from Outlook.

Thank you so much, ThinIce. For your user name, you're as warm as they come. I hope they feed you well on weddings and bar mitzvahs and don't make you join the mandatory dances

 

[galbaras]

Hello again,

After obtaining an SSL certificate for my server, I tried to install it (in "Install an SSL Certificate and Setup the Domain"). WHM refused, unless I used "nobody" as the user ID, so I did that. Outlook didn't want to trust the server.

I made the new certificate shared (in "Manage SSL Hosts"). In cPanel, I can see the shared certificate, but Outlook still doesn't care.

Just to be clear about the details, the host name is "vps.get-business-online.com" and that's the certificate host. My email accounts are in an account linked to the domain "get-business-online.com". Is this a problem?

Please help (again).

Cheers,
Gal

 

[ThinIce]

You can install the cert for exim / dovecot etc at Home »Service Configuration »Manage Service SSL Certificates

If the cert is issued for the name vps.get-business-online.com then you'll likely need to use this as the hostname in your email client to prevent a cert mismatch error.

 

[galbaras]

AWESOME! It finally works and I might just understand how a bit better. Thank you very much!