Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

TLS enabled only for smtp/pop3 and imap

Discussion in 'E-mail Discussion' started by Peter Larsen, Nov 26, 2018.

  1. Peter Larsen

    Peter Larsen Registered

    Joined:
    Aug 23, 2018
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    x
    cPanel Access Level:
    DataCenter Provider
    Hi

    So, I want to be able to configure exim and other mailservices to only use SSL/TLS on a connection. No open connections, no fallback to open connections

    so basicly, if you can't do SSL/TLS, I don't want your email.

    so, if a remote server tries to deliver an email without using STARTTLS, it should not be able to do so.

    clients should not be allowed to connect without SSL enabled to pop3 or imap

    Any hints? Manuel configuration altering?
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,815
    Likes Received:
    443
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Peter Larsen


    This shouldn't be difficult to set up if you go to WHM>>Server Configuration>>Mailserver Configuration -> Allow Plaintext Authentication (from remote clients) and set it to no. When set to “no”, only connections originating on the local server will be allowed to authenticate without encryption. Selecting “no” is preferable to disabling IMAP in the Protocols Enabled section since it will force remote users to use encryption while still allowing webmail to function correctly.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Peter Larsen

    Peter Larsen Registered

    Joined:
    Aug 23, 2018
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    x
    cPanel Access Level:
    DataCenter Provider
    Hi Lauren

    thanks for your reply, this seems to a solution for imap/pop3, it was already enabled as described, so i just need to test it.

    we also need to force TLS on all SMTP connections, so eg if someone on gmail.com writes an email for domæne.dk (on my server), the SMTP session will be encrypted with TLS from gmail to us.

    if gmail.com was not TLS enabled SMTP host, I want my cpanel server not to accept (not even try) to receive the message.

    any advice on configuration for that?
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,815
    Likes Received:
    443
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Peter Larsen


    That setting should be set to NO not enabled - Meaning you would NOT like to accept any non encrypted connections. It disallows any unencrypted transmission through your server which means that your server will reject any connection attempts not over TLS and by default cPanel does not accept encrypted connections using any protocol but TLS.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Peter Larsen

    Peter Larsen Registered

    Joined:
    Aug 23, 2018
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    x
    cPanel Access Level:
    DataCenter Provider
    I'm sorry, i'm disagreeing

    this is a dovecot setting for IMAP/POP3 Authentication

    While it might cover SMTP Authentication (would make sense), it does not cover server to server communication on SMTP, since such communication is without Authentication.
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,009
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Peter Larsen,

    I believe the following option under the Security tab in WHM >> Exim Configuration Manager >> Basic Configuration is what you are looking for:

    Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server.

    It's enabled by default to prevent the plaintext transmission of authentication credentials.

    Let me know if this helps.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice