Install hmailserver, don’t add your domain name.
install winacme
Change the value of $NEWPASS to your password that you set when you installed hamilserver.
$maildomain = "mail.float.i.ng" ## ask question what domain ? $mailaddress = "admin@$maildomain" # for automated installations on EC2, the password will be your instance ID #$NEWPASS = (New-Object System.Net.WebClient).DownloadString("http://169.254.169.254/latest/meta-data/instance-id") $NEWPASS = "INSTANCE-ID" #Create Cert from Letsencrypt #cd "C:\Program Files\win-acme" cd "C:\Program Files\win-acme.v2.1.19.1142.x64" .\wacs.exe --source manual --host $maildomain --certificatestore My --installation iis --installationsiteid 1 --accepttos --emailaddress $mailaddress --pemfilespath c:\certs --verbose $hm = New-Object -ComObject hMailServer.Application ## remember to actually create this user so letsencrypt can email $hm.Authenticate("Administrator","$NEWPASS") | Out-Null $hmAddDomain = $hm.Domains.Add() $hmAddDomain.Name = "$maildomain" $hmAddDomain.Active = $true $hmAddDomain.Save() $Windows_SSLCert_Name = $maildomain $SSLCert_KEY_Private = "c:\certs\$maildomain-key.pem" $SSLCert_CRT_Public = "c:\certs\$maildomain-crt.pem" $hm_SSLCert_New = $hm.Settings.SSLCertificates.Add() $hm_SSLCert_New.Name = $Windows_SSLCert_Name $hm_SSLCert_New.PrivateKeyFile = $SSLCert_KEY_Private $hm_SSLCert_New.CertificateFile = $SSLCert_CRT_Public $hm_SSLCert_New.Save() # Add mailbox to domain $maildomain = $hm.Domains.ItemByName($maildomain) $hmAccount = $maildomain.Accounts.Add() $hmAccount.Address = $mailaddress $hmAccount.Password = "$NEWPASS" $hmAccount.Active = $true $hmAccount.MaxSize = 100 $hmAccount.Save()
DISABLE windows firewall if it is enabled, you won’t have access. You can configure the Windows firewall to allow all 4 ports.
Easy is superior to following long instructions! You can have this done for you in a pre-installed EC2 AMI image. See it at: AWS Marketplace: Hmailserver with Roundcube Webmail – Complete Windows Email Server (amazon.com)
Now test whether you can receive and send emails, setup your favorite email client with user admin@YOURDOMAIN and the password is what is set in $NEWPASS in the above script (INSTANCE-ID)
Restart the hmail server
SInce y9uo already ran the above script open hmailserver admin
for smtp port 25 select starttls optional, otherwise you won’t be able to get email from servers without certs. For extra sensitive security like HIPA you will need to use required
Select your cert that the script created
Press save, then Select no until you have setup all 4 port with your cert.
For ports other than 25 select starttls required, 110, 143, 587
If your hmailserver is still not available, reboot your Windows Server
troubleshooting
Run the hmailserver troubleshooter, put your domain in the right side.
In my case I had neglected to make an MX record, so nothing worked.
test ports from any Windows Powershell with the following, change Computername to your FQDN and port to whichever you want to test 443, 25, 110, 587 or 443 for secure WWW
Test-NetConnection -ComputerName localhost -Port 443 also from linux dig yourfqdn MX
in addition to forgetting MX record, I apparently left out setting the ssl cert for default IIS website.
My issue in the end was having default website for 443 mis-set
Run
Get-WebBinding
than remove the old ones, change the port and host name
You must be logged in to post a comment.