I suggest you ...

Use "Let's encrypt" to secure IMAP/POP/SMTP connections

Use "Let's encrypt" to secure IMAP/POP/SMTP connections to avoid "non valid certificate" messages with self signed certs.

190 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Pol shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    25 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Michael commented  ·   ·  Flag as inappropriate

        @Daniel Hahn... I think this is not what the admins here are looking for. We are hoping for a multi certificate support. We want to give IMAP/POP/SMTP server names to our customers like e.g.:

        mail.customer1.com
        mail.customer2.com
        mail.customer3.com

        But this is not possible at the moment. We always have to give the Plesk server name to them, e.g.

        my.ugly-isp-name-for-this-plesk-server.com

        We also have the same problem for the Plesk backend login right now (but this is a different thread):

        https://my.ugly-isp-name-for-this-plesk-server.com:8443/

        I can say a lot of my customers need some extra attention because of this unsolved problem (not even talking about resellers).

        And when my customers are moving to a new Plesk server we have a lot of work to change all client-side settings (mail software, ...).

      • Michael commented  ·   ·  Flag as inappropriate

        @Daniel Hahn... Can you explain more in detail about your "single cron job" that solves that problem for you using Postfix MTA in Plesk? I think also the other admins would love to hear about that solution.

      • Sergio commented  ·   ·  Flag as inappropriate

        ensure mail with certificate would have to be resolved by Plesk either with Lets Encrypt or with any other provider from the Panel itself as users claim for years and automate mail autoresponders for the start and end , and be able to send backup copies to Google Drive, Onedrive in an easy way, although I believe that the latter has already been implemented.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Everyone would benefit greatly from it even if they don't know because it looks much more professional towards all your customers. I am absolutely surprised that this feature does not exist already and my only dissapointment for plesk so far

      • G J Piper commented  ·   ·  Flag as inappropriate

        While this would be a great feature, my understanding is that postfix is incapable of serving certs on multiple hosted domains. Admin: is this incorrect? Would the implementation of this require a migration from postfix to something else?

      • Bruno commented  ·   ·  Flag as inappropriate

        No fraud attempt, this is the real deal and most of our clients are asking.

      • TRILOS new media commented  ·   ·  Flag as inappropriate

        I like to reaffirm the aspect of migrating mail domains: Providers and Users should be free in choosing the mail server name and shouldn´t be forced to change mail client configuration. Otherwise it would cause unnecessary trouble and effort, multiplied by every single mail account in a domain.
        I also like to give another important aspect. Plesk Servers give you the ability to run a mail-only server and it is an important factor for security and reliability when separating mail and web servers for customers. But today, the ACME process to activate a LE certificate depends on activated web service on a domain, because the LE API checks the MX record of the domain and tries to request a file from the domain via http. In my opinion, latter check is absolutely unnecessary for securing mail transport encryption. Everything the Certificate Authority needs to know wether the DNS authority acknowledges on which IP the mail service is running - and nothing more. Then the Plesk admin don´t have to bring in unnecessary effort for configuring the web service on every domain and loose server´s performance ressources only to provide http request of only one file, when the certificate installation or renew is running. Think about separating the certificate service from the webhosting section!

      • Konstantinos Spiliakos commented  ·   ·  Flag as inappropriate

        Hi IB,

        Even though I'm not the OP, I would assume that it's somewhat implemented already in current Plesk editions. Another point, which I'm not sure if it's the OP's point of view, would be the SNI part which currently the mail servers (postfix/dovecot/mailenable) are lacking.

      • Mirko M. commented  ·   ·  Flag as inappropriate

        Good explanation of Anonymous! Thats exactly why we need this feature asap. Plesk has it since years.

      • Anonymous commented  ·   ·  Flag as inappropriate

        It seems, some of the people do not understand what we exactly need this feature for. At least from my side I would like to take the opportunity in order to give you a better understanding.

        Yes, currently it is is possible, secure the mailserver with a certificate. However, this would mean, that every user has to use my.servername.abc or mail.coolprovider.xyz

        At least we have multiple plesk servers and when migrating users between the machines, we do not want to force people changing their configuration. In many environments changing the email client settings is not that easy as it seems, f.e. in hospitals. Some customers even have their own exchaneg server with a small tool fetching the mails.

        So it would be a requirement to find a solution using let's encrypt for securing mail.domainname.xyz - however for all domains on the plesk server.

        Yes, it might be, that postfix does not support this feature because of SNI. But some people in forums are also discussing, that a mailserver proxy providing the certificate, and then forwarding the request in plain to the local postfix on another port could work.

      • PB commented  ·   ·  Flag as inappropriate

        valid feature request, I am interested in using Let's encrypt to secure IMAP/POP/SMTP

        @Plesk Staff: fraud attempt?!? where do you see fraud? how do you explain fraud attempt here?

        little less conversation, little more action as Elvis would say

      • Anonymous commented  ·   ·  Flag as inappropriate

        In my opinion this is a valid feature request. I had hosts screwing up the certificate renewals for email services. Let's encrypt would be a perfect fit for that.

        @Plesk Staff: Are you serious about the fraud attempt? What does this even have to do with the feature request?

      • John A. shiells commented  ·   ·  Flag as inappropriate

        Lets get this done!

        spend less time creating extensions (that cost to use) and lets get some of these wanted feature requests implemented into the plesk core (with having to pay more via an extension).

      • TRILOS new media commented  ·   ·  Flag as inappropriate

        Reply to Marco Marsala´s comment on April 20, 2018 11:09:
        This works only with hosting service enabled and does not work for mail-only Servers, besides it would be a huge effort to do this manually.

      • TRILOS new media commented  ·   ·  Flag as inappropriate

        @PleskHelps, May 18th via Twitter:
        "Mail services used by Plesk do not provide that functionality, so there is going to be no such feature in Let's Encrypt as well."

      ← Previous 1

      Feedback and Knowledge Base