Crossbox branding and SSL cert for smtp/pop host

Saahib · March 30, 2021, 10:29am

Hi,
I have been using mxroute for a while now and have used crossbox branding and webmail branding successfully by configuring them on various domains. However, yesterday I added few more domains and and can’t get things right.

Under crossbox, if I set following then branding setting is applied:

For smtp/pop I am using : mail.my-domain.com CNAME to mail.mxlogin.com
For Crossbox : office.my-domain.com cname to mail.mxlogin.com

For roundcube (webmail only) : webmail.my-domain.com CNAME to taylor.mxrouting.com

Now I can access Crossbox and webmail properly but POP/SMTP client are giving certificate error as its presenting certificate for “crossbox.jarland.net” instead of “mail.my-domain.com” cert.

Moreover, I can’t generate SSL cert as its failing for “mail.my-domain.com” and its obvious because certificate is generated on “taylor.mxrouting.com” but “mail.my-domain.com” is pointing to CROSSBOX server.

However, if I point “mail.my-domain.com” CNAME “taylor.mxrouting.com” , it solves the problem of “Invalid certs” on mail clients as well SSL generation but I can’t make SAVE “Branding” settings work under crossbox as it reports that “mail.my-domain.com” needs to point to “mail.mxlogin.com” .

Am I missing something, because providing SMTP/POP/IMAP host as per CROSSBOX need breaks SSL certs as explained above, if I point SMTP/POP/IMAP host to “taylor.mxrouting.com” then it breaks CROSSBOX branding.

Jarland · March 30, 2021, 10:29am

If you’re using crossbox as your IMAP/SMTP host you’re venturing into territory that I haven’t. I only recommend it as a webmail host, because why add complexity to your IMAP/SMTP host when you can point that directly to the server? It seems like an unnecessary exercise in trying to create problems to me. But if you really want to do it, you’ll probably need it to point to the Crossbox server for a few hours before setting up the branding because you can’t just swap DNS records around freely without delays.

Jarland · April 3, 2022, 6:43pm

OX and SOGo are both apps that I like, but both require another layer of back-end to manage, a layer that presently wouldn’t be able to sync 1:1 with the current front end system. Be sure to send any feedback for problems with Crossbox over the Feedback menu option. The devs are solid and work closely with our customers.

Saahib · April 3, 2022, 6:43pm

Crossbox is nice thing and its one of the many great thing I like about mxroute. However, to be honest, it does add level of complexity and confusion for starter.

I don’t really want to use crossbox for smtp/imap , I was just following which was mentioned in crossbox branding settings. However, my issue is not that I can’t get crossbox branding to get work. Issue was if I use crossbox as smtp/imap then it presents wrong cert to mail clients.

As you said, preferred way is to use MAIL server directly, and I am doing it that now. Your post does clarify things that use same hostname for Crossbox “hostname” for webmail as well for “SMTP/IMAP” section in its branding. This way, can APPLY branding without issue (ofcourse after DNS propagation). While for actual IMAP/SMTP/POP with proper SSL CERT, point directly to mail server. In my case, pointed mail.my-domain.com to “taylor.mxrouting.net” and have not used it anywhere in CROSSBOX branding.

Hopefully it will help others in future if they need to get things clarified / or in doubt.

Vitellozzo · March 30, 2021, 10:29am

I “solved” the issue by creating an additional subdomain. Anything like cb.domain.tld, crossbox.domain.tld, foobar.domain.tld will do. This allowed me to create a certificate and the email client stopped complaining.

Said that I do not see what the point of crossbox is…

It’s supposed to be a webmail, and yet it works as a gateway for other apps
The other apps are… webmails
Calendars, and contacts just open other apps
There is an overlap between the webmails offered by crossbox and the ones offered by mxroute (e.g. rainloop and roundcube, which came with different versions and different plugin sets).
Apps cannot be disabled, because as soon as you access them they get installed
There is no advantage in enabling 2FA in crossbox, as this does not apply to the apps above, which could be accessed directly if you know their URLs.

But the worst thing to me is that crossbox is also buggy as hell.
I have experienced these myself:

Applications routinely stop working/fail to install
When I went throught the branding process I started to get an infinite amount of confirmation emails (one email every minute, until I removed branding)
The server often returned error 502

1 and 2 turned out to be misconfigurations crossbox side (I haven’t enquired about 3).

IMHO OpenXchange (https://www.open-xchange.com) can easily provide mail, chat, cloud storage, calendars, notes and contacts without the need to install an inordinate amount of apps with overlapping features.

But that’s just my opinion, and I am sure other people love the current setup.

Vitellozzo · March 30, 2021, 10:29am

I have sent feedback to the crossbox team, and I found them helpful. Too bad I don’t like their platform even for just reading mail.