Using mail.domain.tld as in and outgoing email. So you can cache domain.tld with the cloudflare proxy

SYSTEM INFORMATION
OS type and version REQUIRED
Webmin version REQUIRED
Virtualmin version REQUIRED
Related packages SUGGESTED
Distributor ID:	Debian
Description:	Debian GNU/Linux 11 (bullseye)
Release:	11
Codename:	bullseye
Webmin version 	2.001
Usermin version 	1.860
Virtualmin version 	7.3-1  
Authentic theme version 	20.01.1:5 

So Virtualmin together with Cloudflare is a nice way to set up your servers.

There are a few pain points:

  • When using the proxy they will block port :10000.
  • When using mail.domain.tld as IMAP it will still use domain.tld as a certificate
[000.891] 		STARTTLS command works on this server
[001.119] 		Connection converted to SSL
		SSLVersion in use: TLSv1_3
		Cipher in use: TLS_AES_256_GCM_SHA384
		Perfect Forward Secrecy: yes
		Session Algorithm in use: Curve X25519 DHE(253 bits)
		Certificate #1 of 4 (sent by MX):
		Cert VALIDATED: ok
		Cert Hostname DOES NOT VERIFY (mail.nerd.host != nerd.host | DNS:nerd.host)
		So email is encrypted but the host is not verified

Are there any solutions for these problems?

To change the port of virtualmin that is easy there is even a youtube tutorial for this:

I used port 8443 as descibed at cloudflare that is okay:

So the question remains how to route all email trough mail.domain.tld instead of domain.tld

1 Like

Use your local hosts file to point your actual server’s IP to your domain.

2 Likes

I would agree with this. I use Cloudflare for DNS and the first time I login with IP and port 10000 I go to a setting in Webmin and change the port for VM for one of the ports that Cloudflare does allow. That fixes the problem for me.