Q: Forwarded mails - Let's encrypt

[INsanityDesign]

Hi

I got a question regarding mail accounts and Let's encrypt.

I have several domains and they all work flawlessly with Let's encrypt. Some Alias, some normal. All show up correctly in the browser.

For some of them I have mail addresses that just forward to another mail address of me. When I receive the mail the mails are not encrypted/secured or better: They are signed with the master domain (the first one I ever created) and not the according mail one.

This is probably just a configuration issue but I wasn't able to find something or figure it out.

 

Any help is very appreciated and many thanks in advance.

[d00p]

What do you mean by "signed"? DomainKey? That's not default part of froxlors configs.

If you mean smtp/imap over ssl, that's a thing you have to configure yourself. Usually, you could use the lets encrypt fullchain of the system-hostname (froxlor hostname) if activated in the dovecot and postfix configs to enable SSL. The mailserver specified must always be the domain listed in the certificate

[INsanityDesign]

Hi d00p

I meant: A mail I send to an address that is forward results in e.g. Google saying "

security:

xyz.com did not encrypt this message

"

whereas xyz.com was the first domain I configured.

Ok, got it that it is not part of froxlor directly but postfix. Postfix accesses the froxlor panel_domain table for domains. Is there anything I can configure there, virtual domains etc., or something I am missing?

I know it is no directly froxlor but any help is very appreciated.

 

Thanks

[d00p]

okay, no idea what "google saying" means...is that some online mail-testing tool? is that a refused mail? I've never seen that message ....

 

4 hours ago, INsanityDesign said:

Is there anything I can configure there, virtual domains etc., or something I am missing?

Well if you've configured the services according to froxlors configuration templates then it should all be fine

[INsanityDesign]

Hi @d00p

"google saying" meaning I forward the mail to my Gmail account.

But also if I send a mail via a contact mail address I created, it always points out the same error, that sender and encryption are not matchin.

 

 

Thanks

[d00p]

No idea where you see these google messages and you don't give clear answers:

1 hour ago, d00p said:

is that some online mail-testing tool? is that a refused mail?

I've never ran into this problem using froxlor's default services configs. Did you really configure the services all accordingly to the config-templates? Is there anything in the mail-logs on YOUR server? etc.etc.etc. please  try to gather some more information, it's hard to help otherwise

[INsanityDesign]

Hi @d00p

I am sorry but I really thought "Gmail" is clear. It states for the received message "

security:

xyz.com did not encrypt this message Learn more"

It's no test tool, its just Gmail, the received mail: https://support.google.com/mail/answer/6330403?visit_id=636875622786905586-337423677&p=tls&hl=en&rd=1

Mail.log is

Mar  7 14:45:21 v22015101841428357 postfix/smtpd[31018]: connect from unknown[185.216.140.67]
Mar  7 14:45:29 v22015101841428357 postfix/smtpd[31018]: warning: unknown[185.216.140.67]: SASL LOGIN authentication failed: XYZ
Mar  7 14:45:29 v22015101841428357 postfix/smtpd[31018]: disconnect from unknown[185.216.140.67] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Mar  7 14:45:30 v22015101841428357 postfix/smtpd[31018]: connect from mail-eopbgr60102.outbound.protection.outlook.com[40.107.6.102]
Mar  7 14:45:30 v22015101841428357 postfix/smtpd[31018]: BCF8D4090A: client=mail-eopbgr60102.outbound.protection.outlook.com[40.107.6.102]
Mar  7 14:45:30 v22015101841428357 postfix/cleanup[31178]: BCF8D4090A: message-id=<DB6PR07MB323933EE7A0E0DE164B75C98CF4C0@DB6PR07MB3239.eurprd07.prod.outlook.com>
Mar  7 14:45:30 v22015101841428357 postfix/qmgr[27857]: BCF8D4090A: from=<test@test.de>, size=12187, nrcpt=2 (queue active)
Mar  7 14:45:30 v22015101841428357 dovecot: lda(contact@test.com): msgid=? <DB6PR07MB323933EE7A0E0DE164B75C98CF4C0@DB6PR07MB3239.eurprd07.prod.outlook.com>: saved mail to INBOX
Mar  7 14:45:30 v22015101841428357 postfix/smtpd[31018]: disconnect from mail-eopbgr60102.outbound.protection.outlook.com[40.107.6.102] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Mar  7 14:45:30 v22015101841428357 postfix/pipe[31179]: BCF8D4090A: to=<contact@test.com>, relay=dovecot, delay=0.13, delays=0.1/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
Mar  7 14:45:31 v22015101841428357 postfix/smtp[31180]: BCF8D4090A: to=<test+contact@gmail.com>, orig_to=<contact@test.com>, relay=gmail-smtp-in.l.google.com[108.177.15.26]:25, delay=0.43, delays=0.1/0.01/0.06/0.25, dsn=2.0.0, status=sent (250 2.0.0 OK  1551966331 x12si3059466wrw.263 - gsmtp)
Mar  7 14:45:31 v22015101841428357 postfix/qmgr[27857]: BCF8D4090A: removed

 

Thanks

[d00p]

2 minutes ago, INsanityDesign said:

I am sorry but I really thought "Gmail" is clear. It states for the received message "

I know what gmail is...but how should I know what messages it shows where and why? 

So, from what I can see in that support-article, it's about encrypting messages (incoming and outgoing). So you might want to consider using TLS/SSL with your postfix to send encrypted....you are free to do that as i said much earlier already:

6 hours ago, d00p said:

If you mean smtp/imap over ssl, that's a thing you have to configure yourself. Usually, you could use the lets encrypt fullchain of the system-hostname (froxlor hostname) if activated in the dovecot and postfix configs to enable SSL. The mailserver specified must always be the domain listed in the certificate

 

[INsanityDesign]

Hi @d00p

I am sorry about my fumble issue and taken some things for granted. As stated, I didn't necessarily suggested it was a froxlor issue but maybe a general configuration issue and if someone can point me in the right direction as I wasn't able to figure it out.

Will try to figure it out now in a different way and hope to solve it somehow.

 

Thanks

[d00p]

I gave you the direction two times... configure TLS/SSL in postfix/dovecot...