H-SPHERE QUESTION: Postfix vs. qmail

Discussion in 'Plesk Automation Suggestions and Feedback' started by Blake@Parallels, Jan 17, 2012.

Thread Status:
Not open for further replies.
  1. Andrey Dobrenko

    Andrey Dobrenko Odin Team

    Messages:
    256
    Hi Peter,

    Postfix has a number of tools to manipulate files in mail queue. These tools are:
    a. postsuper - various actions on queued mail (delete/hold/unhold/etc.) required superuser privileges
    b. postqueue – query mail queue and perform non superuser privileged actions
    c. postcat – view queued message details (body/headers/etc.)

    Using these tools may help perform the same tasks as with qmail queue.

    Question about using sslserver for all email ports. As far as i understand you want to wrap standard email ports 25/110 in 465/995.
    It seems questionable advantage or maybe there are some exception in your case. So other users of the Internet cann't send a letter to your mailer for ports 25. Please specify the reason of your needs to better understand why do you need it.

    Thanks!

    Best Regards,
    Andrey
     
  2. dynamicnet

    dynamicnet Kilo Poster

    Messages:
    93
    Good day, Andrey:

    H-Sphere currently wraps all email ports under sslserver

    We just want 587, 465, and 995. Other providers may want something else.... hence, the ability to customize what is covered would be great.

    Thank you.
     
  3. Andrey Dobrenko

    Andrey Dobrenko Odin Team

    Messages:
    256
    Hi Peter,

    It's already available in Postfix. TLS is enabled in PPA by default and you may connect to any email port and use command "STARTTLS" to provide encryption data between client and mail server. You can find addtional details about Postfix TLS here: http://www.postfix.org/TLS_README.html

    Best Reagrds,
    Andrey
     
  4. dynamicnet

    dynamicnet Kilo Poster

    Messages:
    93
    Good day, Dobrenko Andrey:

    So are you saying that in Multi-Server Plesk, I will have an admin GUI area where this can be set up?

    Thank you.
     
  5. Andrey Dobrenko

    Andrey Dobrenko Odin Team

    Messages:
    256
    Hi Peter,

    I would like say that the problem that you described above is not actual for Postfix. So, there is no needs to configure mail server in a special way to define what ports will be used for ssl. I give an example:

    $telnet <mail_server_ip> 25
    Trying <mail_server_ip>...
    Connected to <mail_server_ip>.
    Escape character is '^]'.
    220 <hostname> ESMTP Postfix
    STARTTLS
    220 2.0.0 Ready to start TLS

    All commands after "STARTTLS" is issued over a secure channel. And you can use starttls for each mail port.

    Best Reagrds,
    Andrey
     
  6. dynamicnet

    dynamicnet Kilo Poster

    Messages:
    93
    Good day:

    What if the hosting provider wants to limit TLS for only 465 and 995?

    Thank you.
     
  7. Andrey Dobrenko

    Andrey Dobrenko Odin Team

    Messages:
    256
    Hi Peter,

    Sure, you may configure Postfix "/etc/postfix/main.cf" in the following way:

    smtpd_tls_security_level = none
    smtpd_use_tls = no

    By default, these params are enabled in PPA.

    Best Regards,
    Andrey
     
  8. dynamicnet

    dynamicnet Kilo Poster

    Messages:
    93
    Good day:

    We are hoping the developers would develop so we have an automation.

    When I see replies from Parallels, you can do this on the server and you can do that on the server, it greatly concerns me... isn't this a hosting AUTOMATION product?

    Thank you.
     
  9. Andrey Dobrenko

    Andrey Dobrenko Odin Team

    Messages:
    256
    Hi Guys,

    Would be better if you don't only ask "How can i do/change" but give some explanations why do you need? What is the reasons of that? Peter, your latest question about "What if the hosting provider wants to limit TLS for only 465 and 995?" As for me, I do not understand why it is necessary to limit? What benefits will you have if TLS will disabled?

    Best Regards,
    Andrey
     
  10. Blake@Parallels

    Blake@Parallels Mega Poster

    Messages:
    216
    Also, for configuration items where many of these will be used by a small % of customers and/or where this is a one-time change and not a frequently modified configuration, there is a trade-off to be weighed. For example, for customers that need this configuration, is it enough to simply support this configuration transparently if a hosting provider wants to set it in the Postfix configuration, or is there a real need to add this feature to the GUI (potentially increasing interface complexity).

    This question applies to most any configurable option we did/do/would include - so it is very helpful to understand use cases.
     
  11. dynamicnet

    dynamicnet Kilo Poster

    Messages:
    93
    Greetings Blake:

    (Hopefully you will have time to respond to some emails that were sent waiting for responses).

    Currently Parallels H-Sphere has TLS enabled for all ports. This creates weight on the mail sever that should not exist because the only ports that should have TLS enabled are the industry standard ports for TLS -- 465 and 995.

    However, since we are talking about an automation system, why not provide a solution where the hosting provider can pick which ports are for TLS?

    NOTES:

    I believe it would be in Parallels benefit to take the time to understand the needs of the small to medium hosting provider rather than going off of "only a small %" thought process which has more and more providers going to cpanel and other automation systems that focus on ... guess what.... suspense.... automation.

    I believe Parallels can do it... it just gets tiring when you get responses about a server admin can do this or that when we are talking about an automation system.

    Thank you.
     
    Last edited: Mar 13, 2012
  12. dynamicnet

    dynamicnet Kilo Poster

    Messages:
    93
    For more details on this particular issue, see http://forum.psoft.net/showthread.php?t=21691&highlight=sslserver


    This issue is still impacting Parallels H-Sphere Providers on the most recent version of H-Sphere 3.5.1.

    Please note the posts by user id of "ghost" contain a lot of the trouble shooting details in terms of identifying the issue and posing solutions.

    What I would like to see, since we are talking about an automation system -- is for Parallels to have a GUI where the H-Sphere administrator can select which specific ports to apply SSL/TSL with the default being 465 and 995.

    Thank you.
     
  13. dynamicnet

    dynamicnet Kilo Poster

    Messages:
    93
    Good day:

    May I have an update on this serious issue?

    For more details on this particular issue, see http://forum.psoft.net/showthread.php?t=21691&highlight=sslserver

    This issue is still impacting Parallels H-Sphere Providers on the most recent version of H-Sphere 3.5.1.

    Please note the posts by user id of "ghost" contain a lot of the trouble shooting details in terms of identifying the issue and posing solutions.

    What I would like to see, since we are talking about an automation system -- is for Parallels to have a GUI where the H-Sphere administrator can select which specific ports to apply SSL/TSL with the default being 465 and 995.

    Thank you.
     
Thread Status:
Not open for further replies.

Share This Page