Apple Mail, SSL, etc

#1

HI, set up my first domain last night, MXRoute is looking pretty good.

Preparing to move a client’s email away from GoDaddy in the coming weeks as well.

I use Apple Mail on the desktop and so does my client.

Using my domain as an example (peavyhome.com), I host the domain on my server, and also run DNS. I already have a Lets Encrypt SSL cert for the domain.

When I set up my new MXRuote email account with Apple Mail last night, it didn’t like the default;t cert (from MXRoute). It connected anyway, but I would like to understand how to use my own cert, or issue another one to use for my mail.

I have mail.peavyhome.com as my incoming server and smtp.peavyhome.com as my outgoing. And I have DNS entries fro both.

So, can anyone point me in the right direction?

#2

Hi Derrick,

Use mail.peavyhome.com for both incoming and outgoing. That will solve your problem as DA (the control panel) issues the SSL cert for only the mail subdomain and uses it in conjunction with exim/dovecot.

#9

If you’re using “arrow.mxrouting.net” (can vary for each customer, reference “Important Account Information” email to find yours) for IMAP, POP, and/or SMTP there’s no reason for the mail app to return an error with the SSL certificate other than the assumption that the mail app is not functioning properly. I’ve never heard of nor experienced such a case with Apple Mail. For a custom hostname, just make sure to use this guide:

https://mxroutehelp.com/index.php/2019/08/25/custom-webmail-pop-imap-smtp-domain/

(I know this answer reiterates some of what was already said here)

#3

Ok. Easy enough. Jus to be sure I understand the use of TLS/SSL in mail, is it the case that the connection is using MXRoute’s SSL cert? Or am I completely not understanding. I’ve issued certs for years, but always for web sites, never selected one or worried about one in a mail set up. I’ve even set up SSL in Tomcat, moved to TLS 1.3, stuff like that. But I have always avoided filling my head with anything related to mail if I can help it.

#7

I am not sure why, but yes that comes up every time. I think it may have to do with the fact that the root domain is not included in the certificate, but I am just guessing. But having issued certs for dozens of domains now with MXroute, I can see that this is not a problem, so I ignore it. :slight_smile:

And if you don’t use webmail is it ok to not include it in the certificate. If you did already, no worries as it won’t hurt anything.

#6

Ok. I followed that guide. I think the problem I was having is that I don’t have a DNS record for “webmail.peavyhome.com” (duh!) because I don’t really need that and do not intend to access mail like that. So, it was filling.

I created the LE cert for “mail.peavyhome.com” only thing I saw that could be a problem is a response “domain not found in certificate.”

Any way to test that everything is OK and that SSL is being used when Apple Mail or iOS mail access “mail.peavyhome.com”?

I know about the DKIM testing and spam test, but not sure how to check this.

#10

Thank you Jarland. I know you get a lot of questions about these things. I appreciate the time.

Just so my brain is 100% sure, are you saying “arrow.mxrouting.net” for the MX record in my DNS record, or using “arrow.mxrouting.net” as the incoming and outgoing server in Apple mail?

Currently my MX record is:

mail						IN	A	116.202.115.120

That’s what was in my DNS settings at MXRoute and so I used the same values.

But easy enough to do:

mail						IN	A	arrow.mxrouting.net

And finally, what exactly is the purpose of me using a Let’s Encrypt SSL cert for mail.peavyhome.com. Not that I mind, I love Let’s Encrypt. But if I am using “mail.mxrouting.net” as incoming/outgoing in mail, then I don’t really need an SSL cert for mail.peavyhome.com. Right? Wrong?

#8

OK, I’ll ignore. And not to beat a dead horSSSL, but is it even correct to ask how to test an SSL connection for mail.x.x. ? If I point my browse to https://mail.peavyhome.com I get a response that Apache is working (on your system). But the cert that is show is for MXroute.

#4

Following the tutorial for adding custom domain entries (rather than using the MXroute defaults) you would have created/issued a SSL certificate. The server will continually manage that certificate going forward. So, it is not MXroute’s cert per se …

https://mxroutehelp.com/index.php/2019/08/25/custom-webmail-pop-imap-smtp-domain/

#13

Great! Thank you! I am going to change both then to arrow.mxrouting.net which is what is shown as my server in my account. I will try to post a video “how to” when I do my next domain. Maybe that will help.

#5

So many things to know, so little space to store it all. :stuck_out_tongue:

I am the same with web design and scripting. :frowning:

#11

Both. In your case “arrow.mxrouting.net” is the default for all pieces, and the custom mail/webmail subdomains are optional things you can add.

Purely preference. You don’t need it, but a lot of people like the option.