Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
- How to make Plesk, mail autodiscover and Cloudflare work correctly?
- How to set up Plesk, mail autodiscover and Cloudflare to work together for a domain?
- How to configure Plesk, mail autodiscover and Cloudflare to work together for a website?
Answer
The end goal of the setup provided below is to leave mail.example.com in the DNS Only status on the side of Cloudflare and set up mail autodiscover on the side of Plesk to use mail.example.com as the Incoming and Outgoing mail server to be autodiscovered by mail clients.
Warning: These setup steps are entirely manual and should be executed only while the DNS Integration for Cloudflare® extension is not installed or used on the Plesk server
In order to set up Cloudflare to work with mail autodiscover and websites hosted on a Plesk server, you must follow these steps:
1. A Wildcard Let's Encrypt SSL certificate (or a Wildcard SSL from a different SSL vendor) must be issued and installed for example.com and the hostname of the server (server.example.com) on the side of Plesk
Note: SSL certificates issued by Cloudflare do not have the ability to secure mail server connections on SMTP, POP3 and IMAP ports, due to which they cannot be used to secure email transactions.
2. The domain should be using the Wildcard SSL certificate issued on the side of Plesk for mail transactions (Go to Plesk > Domains > example.com > Mail > Mail Settings tab, select the SSL/TLS certificate for mail, and press Apply)
3. SSL/TLS mode in Cloudflare for the domain should be set to Full (Strict)
4. The mail autodiscovery settings on the side of Plesk should be adjusted to use mail.example.com instead of example.com for the autodiscovery process initiated by mail clients. This can be done by doing the following:
Click on a section to expand
4a. Log into Plesk
4b. Go to Domains > example.com > Hosting & DNS > DNS
4c. Locate the SRV records for the domain
4d. Adjust the Value of each of the three SRV records from example.com to mail.example.com and save the changes
4f. Go to cloudflare.com, enter the DNS zone editor for the domain and make the same adjustments for the SRV records of the domain, by changing the Content from example.com to mail.example.com and save the changes
Warning: The mail configuration adjustments below will change the autodiscover settings for all Plesk domains on the server. From that point forward the domains will use mail.example.com instead of example.com as an Incoming and Outgoing mail server during mail autodiscover configuration request actions within mail clients
4a. Log into your Plesk server via SSH or RDP
4b. Open the /usr/local/psa/admin/conf/panel.ini (or %plesk_dir%admin\conf\panel.ini on a WIndows server) file for editing with your favorite command-line text editor
4c. Add the following lines to the bottom of the file:
CONFIG_TEXT: [mail]
clientConfig.incomingServer="mail.<domain>"
clientConfig.outgoingServer="mail.<domain>"
4d. Save the changes and close the file
5. DNS records for the domain on the Plesk side should be set according to the following example (Replace 203.0.113.2 with your Plesk server IP, example.com with your domain and server.example.com with your Plesk server hostname):
Click on a section to expand
| Host | TTL | Record type | Value |
| ftp.example.com. | 3600 | CNAME | example.com. |
| example.com. | 3600 | TXT | v=spf1 +a +mx +a:mail.example.com +a:server.example.com -all |
| _pop3s._tcp.example.com. | 3600 | SRV | mail.example.com. |
| _imaps._tcp.example.com. | 3600 | SRV | mail.example.com. |
| server.example.com. | 3600 | A | 203.0.113.2 |
| example.com. | 3600 | NS | ns1.example.com. |
| example.com. | 3600 | NS | ns2.example.com. |
| www.example.com. | 3600 | CNAME | example.com. |
| ns2.example.com. | 3600 | A | 203.0.113.2 |
| ipv4.example.com. | 3600 | A | 203.0.113.2 |
| _dmarc.example.com. | 3600 | TXT | v=DMARC1; p=none |
| example.com. | 3600 | MX (10) | mail.example.com. |
| ns1.example.com. | 3600 | A | 203.0.113.2 |
| mail.example.com. | 3600 | A | 203.0.113.2 |
| webmail.example.com. | 3600 | A | 203.0.113.2 |
| example.com. | 3600 | A | 203.0.113.2 |
| _smtps._tcp.example.com | 3600 | SRV | mail.example.com. |
| Host | TTL | Record type | Value |
| ftp.example.com. | 3600 | CNAME | example.com. |
| example.com. | 3600 | TXT | v=spf1 +a +mx +a:mail.example.com +a:server.example.com -all |
| _pop3s._tcp.example.com. | 3600 | SRV | example.com. |
| _imaps._tcp.example.com. | 3600 | SRV | example.com. |
| server.example.com. | 3600 | A | 203.0.113.2 |
| example.com. | 3600 | NS | ns1.example.com. |
| example.com. | 3600 | NS | ns2.example.com. |
| www.example.com. | 3600 | CNAME | example.com. |
| ns2.example.com. | 3600 | A | 203.0.113.2 |
| ipv4.example.com. | 3600 | A | 203.0.113.2 |
| _dmarc.example.com. | 3600 | TXT | v=DMARC1; p=none |
| example.com. | 3600 | MX (10) | mail.example.com. |
| ns1.example.com. | 3600 | A | 203.0.113.2 |
| mail.example.com. | 3600 | A | 203.0.113.2 |
| webmail.example.com. | 3600 | A | 203.0.113.2 |
| example.com. | 3600 | A | 203.0.113.2 |
| _smtps._tcp.example.com | 3600 | SRV | example.com. |
6. DNS records within the Cloudflare DNS zone for the domain should be set according to the following example (Replace 203.0.113.2 with your Plesk server IP, example.com with your domain and server.example.com with your Plesk server hostname):
Click on a section to expand
| Name | Type | Proxy status | Content |
| ftp | CNAME | Proxied | example.com |
| example.com | TXT | DNS Only | v=spf1 +a +mx +a:mail.example.com +a:server.example.com -all |
| _pop3s._tcp | SRV | DNS Only | 0 0 995 mail.example.com |
| _imap3s._tcp | SRV | DNS Only | 0 0 993 mail.example.com |
| server | A | Proxied | 203.0.113.2 |
| example.com | NS | DNS Only | ns1.example.com |
| example.com | NS | DNS Only | ns2.example.com |
| www | CNAME | Proxied | example.com |
| ns2 | A | Proxied | 203.0.113.2 |
| ipv4 | A | Proxied | 203.0.113.2 |
| _dmarc | TXT | DNS Only | v=DMARC1; p=none |
| example.com | MX (10) | DNS Only | mail.example.com |
| ns1 | A | Proxied | 203.0.113.2 |
| A | DNS Only | 203.0.113.2 | |
| webmail | A | DNS Only | 203.0.113.2 |
| example.com | A | Proxied | 203.0.113.2 |
| _smtps._tcp | SRV | DNS Only | 0 0 465 mail.example.com |
Note: It can take up to 48 hours for the changes made within the Cloudflare DNS zone to become effective worldwide
| Name | Type | Proxy status | Content |
| ftp | CNAME | Proxied | example.com |
| example.com | TXT | DNS Only | v=spf1 +a +mx +a:mail.example.com +a:server.example.com -all |
| _pop3s._tcp | SRV | DNS Only | 0 0 995 example.com |
| _imap3s._tcp | SRV | DNS Only | 0 0 993 example.com |
| server | A | Proxied | 203.0.113.2 |
| example.com | NS | DNS Only | ns1.example.com |
| example.com | NS | DNS Only | ns2.example.com |
| www | CNAME | Proxied | example.com |
| ns2 | A | Proxied | 203.0.113.2 |
| ipv4 | A | Proxied | 203.0.113.2 |
| _dmarc | TXT | DNS Only | v=DMARC1; p=none |
| example.com | MX (10) | DNS Only | mail.example.com |
| ns1 | A | Proxied | 203.0.113.2 |
| A | DNS Only | 203.0.113.2 | |
| webmail | A | DNS Only | 203.0.113.2 |
| example.com | A | Proxied | 203.0.113.2 |
| _smtps._tcp | SRV | DNS Only | 0 0 465 example.com |
Note: It can take up to 48 hours for the changes made within the Cloudflare DNS zone to become effective worldwide
7. Mail autodiscover should be enabled on the Plesk side both server-wide and for the domain
Note: Even if mail autodiscover was enabled server-wide and for the domain already, it is recommended to disable and enable it once again after the changes, so that they may get picked up by the Plesk configuration correctly.
You can afterwards check whether Plesk serves the correct Incoming and Outgoing mail server configuration (we expect to see mail.example.com) to the mail clients by opening a URL similar to https://example.com/mail/config-v1.1.xml?emailaddress=test@example.com in your browser
Note: If you encounter redirection issues while attempting a Plesk login by using the server hostname after starting to use Cloudflare, you may resolve them by following the steps in the A user is being logged out from Plesk periodically or Plesk redirects to the login page after a successful login attempt article. Alternatively, you may switch the proxy status for the server hostname (server.example.com) record on Cloudlare's end to DNS Only.
Comments
Please sign in to leave a comment.