This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Using ssl certificate for Postfix and Dovecot in multiple domains.
#1
[Not Solved] Using ssl certificate for Postfix and Dovecot in multiple domains.
Using ssl certificate for Postfix and Dovecot in multiple domains.


How do I use different ssl certificate for each client or domain, must use ports 995, 993, 587 and 465.
I found the tutorials teach configure for only one domain.

Sorry for the English, I do not speak English, I'm using Google translate.
Reply
Thanks given by:
#2
[Not Solved] RE: Using ssl certificate for Postfix and Dovecot in multiple domains.
Welcome to Sentora Smile

For SMTP/IMAP/POP3 (postfix and dovecot protocols) you can only have one SSL Certificate per IP.

Regarding how email works, if you only have one IP (and one server) you should have a single domain for mail exchange, usually this domain is called mx.domain.tld but you can call it whatever you like.

Make sure that your mx.domain.tld is exactly the same IP address as your Reverse DNS domain (usually this is your hostname, panel.domain.tld), if you use CloudFlare DNS make sure mx.domain.tld does not have the orange cloud.

After this, on the OTHER domains you need, just create a subdomain for them like mx.domain2.tld or even mail.domain2.tld (as long as they point to the same IP as your primary mx server).

The ONLY single drawback is that the client needs to accept the security certificate on the FIRST time they connect, all the emails are sent correctly encrypted and received without issue. Anyone who send an email to those domains will not get any warning, they will not even know what is going on.

This both saves you money on IP Addresses and SSL Certs, also, its the only way supported by single IP email servers.

SNI is available but for web browsers.
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by: davi-dns
#3
[Not Solved] RE: Using ssl certificate for Postfix and Dovecot in multiple domains.
Thanks apinto!
I have one more doubt, the mail server of all customers will have to be the same? On customer dns zone will have to be informed the same record mx?
Reply
Thanks given by:
#4
[Not Solved] RE: Using ssl certificate for Postfix and Dovecot in multiple domains.
If you only have one server, yes, all users mail servers should use the same DNS Record (mx.domain.com).

This is important if you use SSL, however if you do not use SSL/TLS you can create a DNS mx/mail subdomain (for ex mx.domain1.com, mail.domain2.com, mx.domain3.com, etc.) pointing to the same IP as the original mx; this should work without any kind of problem.

Anyways, and like I said, you can use different DNS records as long as they point to the same IP but you will have a drawback:
Quote:The ONLY single drawback is that the client needs to accept the security certificate on the FIRST time they connect, all the emails are sent correctly encrypted and received without issue. Anyone who send an email to those domains will not get any warning, they will not even know what is going on.
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by: davi-dns
#5
[Not Solved] RE: Using ssl certificate for Postfix and Dovecot in multiple domains.
I am setting as you guided me up, I am now using a vhost to be able to use the webmail.dominioxxx.com customers as vhost below:

</VirtualHost>
# Configuration for WebMail
<VirtualHost *:80>
ServerAlias webmail.*
DocumentRoot "/etc/sentora/panel/etc/apps/webmail/"
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/etc/apps/webmail/">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>

How do I get it redirects to the https so I can use the SSL certificate?
In other vhosts I use like this:
Redirect Permanent / https://webmail.domainxxx.com/

But in this case I can not use because I am forwarding to all domains (*).
Thank you and sorry for my english.
Reply
Thanks given by:
#6
[Not Solved] RE: Using ssl certificate for Postfix and Dovecot in multiple domains.
davi-dns, do you currently have postfix and dovecot running on SSL?

There are 2 different things:
- Postfix and Dovecot using SSL (via SMT/POP/IMAP).
- Accessing webmail via a HTTPS website.

Can you please explain what you want to achieve so I can try to help you on the best possible way?
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by:
#7
[Not Solved] RE: Using ssl certificate for Postfix and Dovecot in multiple domains.
(08-21-2015, 05:05 AM)apinto Wrote: @[davi-dns], do you currently have postfix and dovecot running on SSL?

There are 2 different things:
- Postfix and Dovecot using SSL (via SMT/POP/IMAP).
- Accessing webmail via a HTTPS website.

Can you please explain what you want to achieve so I can try to help you on the best possible way?

I have postfix and dovecot running on ssl yes, configured as you guided me up.

Now I'm trying to access the webmail by also https.

Already have other domains and sub-domains configured for access by https, use a redirect (Redirect Permanent / https://webmail.domainxxxxx.com/) setting up a vhost.

I want customers to access as follows: https://webmail.domainclient01.com, https: //webmail.domainclient02.com ...
Understand?
Reply
Thanks given by:
#8
[Not Solved] RE: Using ssl certificate for Postfix and Dovecot in multiple domains.
Ok now I just wanted to make sure we were on the same page.

You should change virtual host port 80 to 443
No need to use a htaccess redirect if you do that.

Note: I'm assuming you already have apache listening on port 443 as you said you have other domains with SSL.
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by:
#9
[Not Solved] RE: Using ssl certificate for Postfix and Dovecot in multiple domains.
ps
(08-17-2015, 11:25 PM)apinto Wrote: Welcome to Sentora Smile

For SMTP/IMAP/POP3 (postfix and dovecot protocols) you can only have one SSL Certificate per IP.

Regarding how email works, if you only have one IP (and one server) you should have a single domain for mail exchange, usually this domain is called mx.domain.tld but you can call it whatever you like.

Make sure that your mx.domain.tld is exactly the same IP address as your Reverse DNS domain (usually this is your hostname, panel.domain.tld), if you use CloudFlare DNS make sure mx.domain.tld does not have the orange cloud.

After this, on the OTHER domains you need, just create a subdomain for them like mx.domain2.tld or even mail.domain2.tld (as long as they point to the same IP as your primary mx server).

The ONLY single drawback is that the client needs to accept the security certificate on the FIRST time they connect, all the emails are sent correctly encrypted and received without issue. Anyone who send an email to those domains will not get any warning, they will not even know what is going on.

This both saves you money on IP Addresses and SSL Certs, also, its the only way supported by single IP email servers.

SNI is available but for web browsers.

Hai Apinto,

       I have hosted 10 different domains(separate account ) in single VPS server Ip . I can't access remote mail exchanger.

        Example -> example.com is primary domain, I have updated vps.example.com as hostname and installed SSL and also TLS is enabled in dovecote and postfix.
        The mail functions are working fine for all the domain.
         Now i want to know, how to do TLS configuration to access all domain mails for remote mail exchanger within single server ip.
         If it not possible with single ip for all domain, please let me know what is solution and configuration to overcome this issue.

Thank You.
Reply
Thanks given by:
#10
[Not Solved] RE: Using ssl certificate for Postfix and Dovecot in multiple domains.
(11-30-2018, 03:32 PM)saravana Wrote: ps

Hai Apinto,

       I have hosted 10 different domains(separate account ) in single VPS server Ip . I can't access remote mail exchanger.

        Example -> example.com is primary domain, I have updated vps.example.com as hostname and installed SSL and also TLS is enabled in dovecote and postfix.
        The mail functions are working fine for all the domain.
         Now i want to know, how to do TLS configuration to access all domain mails for remote mail exchanger within single server ip.
         If it not possible with single ip for all domain, please let me know what is solution and configuration to overcome this issue.

Thank You.

I don't really understand your question but I think you'd be better starting your own thread, rather than tagging your post onto a 3-year-old thread, so your issues do not get confused with those people were having 3 years ago.

Even if you have the same issues, I would think a new thread would attract more help and make your request more visible.

Also, please make your question clearer - what do you mean when you say "access remote mail exchanger" and "access all domain mails for remote mail exchanger"?

Keith
Reply
Thanks given by:


Possibly Related Threads...
Thread Author Replies Views Last Post
I want to change the postfix HELO/EHLO butlerxyz 3 925 02-19-2018, 03:08 AM
Last Post: Me.B
Postfix mysql connection mrobot 4 2,220 07-13-2017, 04:46 AM
Last Post: mrobot
Postfix can't send above 5MB attachments. [UNSOLVED] thomasfoskolos 1 1,137 05-18-2017, 11:35 PM
Last Post: thomasfoskolos

Forum Jump:


Users browsing this thread: 2 Guest(s)