Paper Lantern for cPanel accounts is being retired this year. Find out more »
cPanel & WHM Version 102 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
This object is in archive! 

Fix incorrect calculation of secure mail server hostname

MediaServe shared this idea 9 years ago
Completed

Our servers use a wildcard SSL certificate for cPanel/WHM/Exim/FTP etc. The certificate is issued to *.[our server domain name]


In cPanel 11.34, the information displayed under Configure Email Client (via Webmail or More dropdown in Email Accounts) displays mail.[our server domain name] as the mail server for secure connections, which is simply incorrect. Our server hostnames are s##.[our server domain name] where ## is the server number, and the server hostname is what should be used for secure mail connections.


To work around this we have some script code in /scripts/postupcp to replace the incorrect values in /var/cpanel/ssl/dovecot-CN and /var/cpanel/ssl/exim-CN with the correct values.


This needs to be better handled, otherwise all cPanel hosts using wildcard certificates for SSL across multiple servers are going to have support headaches from hosting client who see and try to use the invalid hostname for a secure mail connection.


My proposed fix would be to have similar options for this information in Tweak settings as you do for SSL redirect destination, i.e. allow us to choose between the SSL Certificate Name or the Hostname for the mail server hostname shown for secure mail connections in cPanel/Webmail.

Best Answer
photo

This has been re-written with the addition of SNI and proper wildcard support in 11.38.

Replies (12)

photo
2

This can't happen soon enough... To the OP - do you have a copy of the script tweaks?

photo
1

We have this same issue. What a pain!

I would also like a copy of the script code you are using :)

photo
1

  1. #!/usr/local/bin/perl


    my $host = `/bin/uname -n`;

    my $dovecot = '/var/cpanel/ssl/dovecot-CN';

    my $exim = '/var/cpanel/ssl/exim-CN';


    if (open OUTF, ">$dovecot") {

    print OUTF $host;

    close OUTF;

    }


    if (open OUTF, ">$exim") {

    print OUTF $host;

    close OUTF;

    }


    # Check if /scripts/postupcp has been modified to call this script


    my $postupcp = '/scripts/postupcp';


    if (open CPS, "<$postupcp") {

    # read log into array

    @logf = <CPS>;

    close CPS;

    }


    if (!(@logf ~~ m/cpanel_fixmailcn/)) {

    # If the script is not in the hook file, then add it to the end

    my $script = "/root/scripts/cpanel_fixmailcn.pl\n";

    if (open CPS, ">>$postupcp") {

    print CPS $script;

    close CPS;

    }

    }

  2. # this file is saved as /root/scripts/cpanel_fixmailcn.pl :-)

photo
1

I've just been bitten by this bug. Any way of correcting the existing entries for already created accounts?

photo
1

I'm also seeing this issue which is causing my users some confusion. This needs to be addressed by cPanel right away!

photo
2

This is also a simple fix in the meantime.

Create a file called fix_cn.sh and paste this in.


  1. #/bin/sh
  2. echo `hostname` > /var/cpanel/ssl/dovecot-CN
  3. echo `hostname` > /var/cpanel/ssl/exim-CN

photo
1

tsiedsma wrote:

This is also a simple fix in the meantime.

Create a file called fix_cn.sh and paste this in.


  1. #/bin/sh
  2. echo `hostname` > /var/cpanel/ssl/dovecot-CN
  3. echo `hostname` > /var/cpanel/ssl/exim-CN

I've added these lines directly to /scripts/postupcp (which didn't exist), and chmod 700 the script. It should run after the cPanel upgrade and the problem should be permanently fixed, I think.


Can someone confirm?

photo
1

stormy wrote:

I've added these lines directly to /scripts/postupcp (which didn't exist), and chmod 700 the script. It should run after the cPanel upgrade and the problem should be permanently fixed, I think.


Can someone confirm?

This has at least updated the values, however I think it breaks the auto-discovery (at least in Thunderbird it seems to have)

photo
1

This has been re-written with the addition of SNI and proper wildcard support in 11.38.

photo
1

Sorry I didn't notice the request for my script earlier! Just saw an update to this request and visited. What I did was simply to add this to /scripts/postupcp:

  1. # Fix incorrect mail server info in cPanel
  2. replace mail.cpanelservices.com $(hostname) -- /var/cpanel/ssl/dovecot-CN
  3. replace mail.cpanelservices.com $(hostname) -- /var/cpanel/ssl/exim-CN

(replace mail.cpanelservices.com above with whatever incorrect hostname cPanel is using on your servers.)

photo
1

Hi guys - I can see that a change has now been implemented - but the SSL info is simply displaying the same hostname as the non SSL info - i.e "mail.domain.com". How can we change this to show the server's hostname again? The above fixes worked great - but now we are on 11.38 it has changed.

photo
1

In case anyone has the same issue... If using a wildcard cert - since the update to 11.38, The server's hostname will not be correctly identified if it contains uppercase letters, so it will revert to prefixing the customer's domain with "mail" instead of correctly displaying the server's hostname. While uppercase hostnames are not invalid - I've changed all mine to lowercase to make sure this works.

Replies have been locked on this page!