| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Rocky Linux 9.1 |
| Webmin version | 2.001 |
| Virtualmin version | 7.3 |
Virtualmin does a lot to help have a Secure Website. Currently rated with “A” or “A+” depending on the site reviewing it, using Let’s Encrypt certificate.
In the email you can see in Gmail the send by and verified by compusimple.com after setting up spf, dkim, dmarc & Let’s encrypt cert.
My problem is that Mail Server does not offer STARTTLS as reported by ssl-tools.net, dane.sys4.de, huque.com, mxtoolbox.com. immuniweb.com reports that server sends useless certificate it says the Root CA is self signed (even after copy cert to postfix/dovecot and restarted server). Some of those sites reports TLS is not an option on this server (mail server) maybe because it does not support STARTTLS.
Not sure but most settings on postfix main.cf & master.cf are default except some added parameters to stop spam with postscreen and smtpd sender, client and recipient restrictions.
smtp_tls_security_level = dane
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtp_dns_support_level = dnssec
Maybe I’m missing the right steps to setup the email server in the right way.