The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sending emails works vis SSL/465 but not TLS/587

Discussion in 'E-mail Discussions' started by galbaras, Apr 16, 2013.

  1. galbaras

    galbaras Member

    Joined:
    Mar 26, 2013
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    * Newbie alert (please reduce jargon to minimum and assume no prior knowledge) *

    cPanel advises to use port 465 for secure sending of emails as the SSL/TLS port, so it's not clear which. Evidently, SSL works and TLS doesn't on this port. I've seen posts that TLS should work on port 587, so I've tried that too, only it didn't work. The connection simply times out.

    When I try to use TLS on port 465, I also get a certificate warning.

    With my lack of basic security knowledge, the cPanel documentation offers no help. I just don't know how to relate to the information there.

    Guidance will be highly appreciated.
     
  2. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    If I recall correctly exim doesn't listen on Port 587 by default, you can make it do so by enabling exim on another port and entering 587 in WHM

    Home »Service Configuration »Service Manager

    TLS / SSL should work on port 465 by default, but you'll receive a certificate warning if the server is using a self signed cert for it's hostname. If you've purchased a cert for use with the hostname, it can be installed to exim at

    Home »Service Configuration »Manage Service SSL Certificates
     
  3. galbaras

    galbaras Member

    Joined:
    Mar 26, 2013
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you, ThinIce.

    What's the cheapest way to get an SSL certificate that's just good for email on the VPS host address?
     
  4. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    The very cheapest ca verified SSL certificates (those that just protect information in transit) can be free, although I can't say I've ever used one myself

    StartSSL

    Most people will go for a name' brand, for example comodo do the essential ssl cert cheaply, around a tenner. Some CAs such as comodo have had 'issues' in the past in one way or another, which may cause some people to look at them with a jaundiced eye, but they'll do the job.

    Do be aware that for a security warning not to show up even with a ca verified cert, you'll need to be using the server's hostname within your email client.
     
    #4 ThinIce, Apr 18, 2013
    Last edited: Apr 18, 2013
  5. galbaras

    galbaras Member

    Joined:
    Mar 26, 2013
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks for the reference to StartSSL. I might give them a try.

    I've enabled the exim listener on port 587, but cannot connect to it with Outlook in TLS, SSL or even plain mode :confused:. Is there anything else I may need to do?

    Could anything be blocking the connection?

    Thanks again,
    Gal
     
  6. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    It'd be worthwhile checking the port is open in any firewall you have installed (i.e. csf)
     
  7. galbaras

    galbaras Member

    Joined:
    Mar 26, 2013
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    It certainly was worthwhile :)

    In the CSF configuration editor, I added port 587 to the TCP_IN, TCP_OUT, UDP_IN and UDP_OUT port lists, just to be on the safe side, and TLS connections now work for sending email on port 587 from Outlook.

    Thank you so much, ThinIce. For your user name, you're as warm as they come. I hope they feed you well on weddings and bar mitzvahs and don't make you join the mandatory dances ;)
     
  8. galbaras

    galbaras Member

    Joined:
    Mar 26, 2013
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello again,

    After obtaining an SSL certificate for my server, I tried to install it (in "Install an SSL Certificate and Setup the Domain"). WHM refused, unless I used "nobody" as the user ID, so I did that. Outlook didn't want to trust the server.

    I made the new certificate shared (in "Manage SSL Hosts"). In cPanel, I can see the shared certificate, but Outlook still doesn't care.

    Just to be clear about the details, the host name is "vps.get-business-online.com" and that's the certificate host. My email accounts are in an account linked to the domain "get-business-online.com". Is this a problem?

    Please help (again).

    Cheers,
    Gal
     
  9. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    You can install the cert for exim / dovecot etc at Home »Service Configuration »Manage Service SSL Certificates

    If the cert is issued for the name vps.get-business-online.com then you'll likely need to use this as the hostname in your email client to prevent a cert mismatch error.
     
  10. galbaras

    galbaras Member

    Joined:
    Mar 26, 2013
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    AWESOME! It finally works and I might just understand how a bit better. Thank you very much!
     
Loading...

Share This Page