Announcement

**d2d4j** · 11-19-2019, 02:59 AM

Hi Bertie

I think you�ve covered all but it has been many years since I had to do this

I would create a siteworx for the new hostnane and then SSL using LE, then set this SSL in nodeworx SSL

Many thanks

John

**sysnop** · 11-20-2019, 09:58 AM

After running

# hostnamectl set-hostname new.host.name

check these files:

/etc/hosts
/etc/sysconfig/network
/home/interworx/iworx.ini
/var/qmail/control/locals
/var/qmail/control/me
/var/qmail/control/rcpthosts
/var/qmail/control/plusdomain
/var/qmail/control/smtpgreeting

Restart the network and iworx services or reboot.

You probably need a PTR record with the replacement host name for reverse DNS lookups. Depending on your hosting situation, rDNS may need to be set at the datacenter level. If it's a VPS your VM control panel may let you do it.

**Bertie** · 11-27-2019, 10:51 AM

Thanks guys - Does anyone know how to fix the following on a mail-tester.com? This is for emails that are sent by Interworx like forgotten passwords etc.

We didn't find a server (A Record) behind your hostname localhost.

We check if there is a server (A Record) behind your hostname localhost.

You may want to publish a DNS record (A type) for the hostname localhost or use a different hostname in your mail software.

**d2d4j** · 11-27-2019, 11:34 AM

Hi Bertie

You need to complete the entries from nodeworx, system services, mail server, MTA settings

And complete the MTA server options FQDN and default domain

MTA bounce message options

Ideally these should match your FQDN server name inc MX

So if say your server host FQDN was mydomain.url with MX of mail.mydomain.url

You would set FQDN as mail.mydomain.url and default domain mydomain.url

Etc... for bounce

Restart mail server and it should then use correct details

Also make sure a siteworx account for mydomain.url so full dns records exist and you have your PTR set correctly for mail server FQDN

Many thanks

John

**Bertie** · 11-27-2019, 02:36 PM

Originally posted by d2d4j View Post

Hi Bertie

You need to complete the entries from nodeworx, system services, mail server, MTA settings

And complete the MTA server options FQDN and default domain

MTA bounce message options

Ideally these should match your FQDN server name inc MX

So if say your server host FQDN was mydomain.url with MX of mail.mydomain.url

You would set FQDN as mail.mydomain.url and default domain mydomain.url

Etc... for bounce

Restart mail server and it should then use correct details

Also make sure a siteworx account for mydomain.url so full dns records exist and you have your PTR set correctly for mail server FQDN

Many thanks

John

I shall give that ago. Also do you know if it's possible to send system emails out via SSL? For example password reset emails etc. At the moment they don't seem to be.

**d2d4j** · 11-27-2019, 04:22 PM

Hi Bertie

Many thanks

The internal emails go through localhosts and therefore not require ssl connection as there local

I think you refer to your email client for email collection - pop or imap

You need to use your mail server FQDN MX record to attain a full SSL communication without warning. If using your domain MX, you have to accept the warning for SSL to be set

I believe IW Jenna quoted IW are in process of changing from qmail to exim or postfix so this may change to allow SNI for mail server SSL

If I have misunderstood please let me know

Many thanks

John

**Bertie** · 11-27-2019, 05:30 PM

Originally posted by d2d4j View Post

Hi Bertie

Many thanks

The internal emails go through localhosts and therefore not require ssl connection as there local

I think you refer to your email client for email collection - pop or imap

You need to use your mail server FQDN MX record to attain a full SSL communication without warning. If using your domain MX, you have to accept the warning for SSL to be set

I believe IW Jenna quoted IW are in process of changing from qmail to exim or postfix so this may change to allow SNI for mail server SSL

If I have misunderstood please let me know

Many thanks

John

I believe Interworx doesn't actually support this yet but maybe I am wrong. Basically if a user asks for a reset password, the server will send an email out from the server itself I believe (or maybe there is a place to tell it what email address to use) but this email isn't sent encrypted via SSL at the moment in time.

**d2d4j** · 11-27-2019, 05:37 PM

Hi Bertie

Sorry I am not explaining very well

The generated messages are unencrypted because they are local to the mail server - so do not go outside of localhost

It is the receiving email client that uses encryption or not to the mail server

If the cert is not accepted, it usually uses unencrypted for connection

If server set correctly and email client uses correct server url (mx) for encryption without warning, would use encryption

Again if I�m wrong sorry as I am not understanding sorry

Many thanks

John

**Bertie** · 11-28-2019, 02:07 AM

Originally posted by d2d4j View Post

Hi Bertie

Sorry I am not explaining very well

The generated messages are unencrypted because they are local to the mail server - so do not go outside of localhost

It is the receiving email client that uses encryption or not to the mail server

If the cert is not accepted, it usually uses unencrypted for connection

If server set correctly and email client uses correct server url (mx) for encryption without warning, would use encryption

Again if I�m wrong sorry as I am not understanding sorry

Many thanks

John

Hi John,

I don�t think it�s anything to do with the clients email program. For example the password reset test email was sent to a gmail address. Which had a red padlock saying the email wasn�t encrypted with SSL/TLS. So it�s the way interworx sends these emails out. If you did it for cPanel or maybe another control panel. The emails would get sent via SSL/TLS.

Its probably a setting somewhere or something Interworx hasn�t implemented yet.

Also if the client doesn�t have emails on the server or has their account set to an email address that isn�t hosted on the Interworx server then the emails would be sent from the server to the World Wide Web and then delivered to the persons inbox.

**d2d4j** · 11-28-2019, 02:21 AM

Hi Bertie

Many thanks and sorry for not fully understanding

I would be surprised if gmail showed a warning if email was encrypted when sent server to server but I do not use gmail sorry

That then sounds likely you have not set SSL on nodeworx server SSL or perhaps you have and it�s expired or perhaps your ciphers are not tight enough.

I will test though a password reset email to review its headers

Many thanks

John

**d2d4j** · 11-28-2019, 03:34 AM

Hi Bertie

Sorry you could be correct

There is a setting in nodeworx server settings - at the very bottom which is meant I believe to rename localhost to your server FQDN

This does not appear to work or change when looking at headers

The email sent does only appear in smtp log but this does not mean it is not encrypted

I will forward to thread to IW

Many thanks

John

**IWorx-Jenna** · 12-09-2019, 04:02 PM

Hi Bertie

I'm having a hard time visualizing or reproducing your issue with the password reset emails. Could you provide a screenshot of where you are seeing the red lock symbol in gmail on the password reset link email? Also, exact instructions on how to reproduce would be really helpful.

Thanks,
-Jenna

**Bertie** · 12-09-2019, 05:17 PM

Originally posted by IWorx-Jenna View Post

Hi Bertie

I'm having a hard time visualizing or reproducing your issue with the password reset emails. Could you provide a screenshot of where you are seeing the red lock symbol in gmail on the password reset link email? Also, exact instructions on how to reproduce would be really helpful.

Thanks,
-Jenna

Hi Jenna,

See attached photo - I've blurred some stuff out to keep things private but I can always drop an email to you if needed.

**IWorx-Jenna** · 12-10-2019, 11:13 AM

Bertie Oh that's super helpful, thanks! :D I see what you are referring to now. I'm going to talk to the devs about it, but because I know they'll ask, since it was mentioned when I brought it up yesterday--are you using self signed or paid SSL certificates on your InterWorx services (under Server > SSL Certificates in NodeWorx)?

Announcement

Changing Hostname

Changing Hostname

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment