Amoss Posted July 9, 2019 Author Posted July 9, 2019 (edited) I went to the web.conf file and when editing it, I noticed that mail.stockdiv.com alias was already there. I checked vesta panel and it was also there. Not sure how.At this point, I went to this site https://www.checktls.com/TestReceiver (entered both stockdiv.com and mail.stockdiv.com) and it looks worse than before, now there are 3 failures, not just one as before, including TLS itself (+cert + secure). Previously, only cert was failing. Can you please take a look at this?Thanks Edited July 9, 2019 by Amoss
Sn1F3rt Posted July 9, 2019 Posted July 9, 2019 Have a look at this, you aren't even using the latest TLS version https://www.ssllabs.com/ssltest/analyze.html?d=stockdiv.com
Amoss Posted July 9, 2019 Author Posted July 9, 2019 (edited) I followed these steps https://forum.vestacp.com/viewtopic.php?t=14331 and I'm now back in step 1 where only cert failsI did notice that under /etc/exim4/domains/ there is only stockdiv.com, not sure if mail.stockdiv.com should also be thereI do see a lot of these in exim mainlog: dovecot_login authenticator failed for (stockdiv.com) [ip, not mine]: 535 Incorrect authentication data (set_id=<name varies>@stockdiv.com) -> is it someone who is trying to (ab)use my server? I continued with the steps and reached here: Now go to your EXIM.conf, probably located in /etc/exim/exim.conf... Where can I find exim? It's not under etc... I did see exim4 under etc but there is no exim.conf file there. sudo find . -name "exim*.conf" found several occurrences but none seem to be an exim folder. I've found update-exim4.conf.conf but it doesn't seem to have what the guide says. Also, in vestacp -> mail section -> domain it says stockdiv.com (disabled for editing). Should it also be mail.stockdiv.com? Edited July 9, 2019 by Amoss
Krydos Posted July 11, 2019 Posted July 11, 2019 Bots trying to brute force their way into your server using random email addresses is very common. You had http to your .well-known directory blocked with .htaccess so new ssl certificates couldn't be installed. I edited your https redirect and added an exception for the .well-known directory. This allowed me to issue a new lets encrypt certificate that covered mail.stockdiv.com in addition to stockdiv.com. Then I edited the exim configuration to use the new ssl certificate and restarted exim. This tester looks happy now https://www.checktls.com/TestReceiver
Amoss Posted July 11, 2019 Author Posted July 11, 2019 (edited) That's what happens when someone who understands what he is doing is doing things - things get resolve quickly and professionally - thanks a lot, I emailed someone, waiting for his response to make sure it works. One last thing - www.stockdiv.com does not work because of the new certificate thing. Edited July 11, 2019 by Amoss
Sn1F3rt Posted July 11, 2019 Posted July 11, 2019 Hmm..www.stockdiv.com is actually redirecting to https://stockdiv.com. Seems all right.
Amoss Posted July 11, 2019 Author Posted July 11, 2019 Thanks but what do you see when browsing to https://www.stockdiv.com ?I get a certificate warning in my browser (from my antivirus). I also have a rest client on my mobile that also get the same error about the certificate
Sn1F3rt Posted July 11, 2019 Posted July 11, 2019 Fine for me. It's probably your ISP.Exactly flazepe. @Amoss: For me also https://www.stockdiv.com redirects to https://stockdiv.com which is just fine.
Amoss Posted July 11, 2019 Author Posted July 11, 2019 (edited) I'm at work so I can't upload images, when I'm home I will upload both images from my mobile and my browser.The browser is actually my antivirus (bitdefender) who is warning me. This didn't happen before the latest changes Krydos did but I'm glad to know it's not a general issue. Maybe it needs time to propagate. Edited July 11, 2019 by Amoss
Amoss Posted July 11, 2019 Author Posted July 11, 2019 Thank you wolstech for updating, I'll give it some time to propagate and try again later when I'm home
Amoss Posted July 11, 2019 Author Posted July 11, 2019 I emailed 2 people after the fix. I asked one person and he told me he didn't. I still didn't ask the other one.On the other hand, I still didn't receive any delivery error email back...
Sn1F3rt Posted July 11, 2019 Posted July 11, 2019 Send an email to soham.pantherwebtech@gmail.com. Let's check out.
Amoss Posted July 11, 2019 Author Posted July 11, 2019 (edited) Thanks, email sent. This is what I get from bitdefender (computer) and from the rest client (mobile) I did the following using ssh$ exim -v ...@gmail.comfrom: support@stockdiv.comsubject: testing gmailthis is a test, did you receive it?LOG: MAIN <= amoss@mail.stockdiv.com U=amoss P=local S=362amoss@mail:~$ delivering 1hldYm-000Wx3-A7LOG: retry_defer MAIN == ...@gmail.com R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host for 'gmail.com' Edited July 11, 2019 by Amoss
Recommended Posts