Using hooks to edit main.cf is going to stop working relatively quickly in the life span of an email server. So there is a proper and pretty solid solution that is update and upgrade proof.
Issue the following commands:
1. sudo mkdir -p /etc/Zentyal/stubs
2. sudo mkdir -p /etc/Zentyal/stubs/openchange
3. sudo mkdir -p /etc/Zentyal/stubs/mail4. cp /usr/share/Zentyal/stubs/openchange/apache-ocsmanager.conf.mas /etc/Zentyal/stubs/openchange
5. cp /usr/share/Zentyal/stubs/mail/main.cf.mas /etc/Zentyal/stubs/mail
Now you have the 2 stub files necessary to make this all happen. These are Zentyal generated files and making copies in the /etc/Zentyal/stubs directory and subdirectories ensures they won't ever be overwritten by the system, but the system will use them over the ones under /usr/share/Zentyal/stubs.
Zentyal itself just makes a self signed certificate, that won't cut it in the real world, so you'll need a trusted 3rd party SSL that covers the following names for Zentyal Mail Servers:
yourdomain.com
hostname.yourname.com
autodiscover.yourdomain.com
Obviously replace hostname with your servers hostname and yourdomain.com with your actual TLD but leave autodiscover as is. You can get a Comodo Positive SAN SSL for around $50/year and it's done in a few minutes. You'll need your certificate file, your key file and your ca-bundle, put those in a secure directory on your server like /etc/apache2/ssl/cert.crt - cert.key & cert.ca-bundle
Then edit the 2 files you just copied:
1. sudo nano /etc/Zentyal/stubs/openchange/apache-ocsmanager.conf.mas
2. sudo nano /etc/Zentyal/stubs/mail/main.cf.mas
In each of them you will find a certificate refrence and it points to <% certfile %> (or something really similar to that) you'll edit it as follows (add the 2nd line and 3rd line)
certificatefile = <path to your .crt)>
CertificatKeyFile <path to your .key>
CertificateCAFile <path to your ca-bundle file>
I'm not sure if the main.cf.mas works exactly the same way but it's something VERY similar. Now restart OpenChange and Mail Modules:
1. sudo service Zentyal mail restart
2. sudo service Zentyal openchange restart
Now you've got a proper certificate file in place and your email server will work like a champion from here on out.
You may also want to find the line in main.cf.mas that sets up your SMTP banner it's something like smtpd_banner = <% destination %> ESMTP
Whatever the <% - - - %> says you can just change that to your FQDN. So if your hostname is "mail" and your TLD is "example.com" then you'd change it to "mail.example.com"
As long as you have your PTR setup properly and your SMTP banner matches then you're golden.
Hope this helps you get things properly fixed.