Using ssl certificate for Postfix and Dovecot in multiple domains.

[davi-dns]

Using ssl certificate for Postfix and Dovecot in multiple domains.


How do I use different ssl certificate for each client or domain, must use ports 995, 993, 587 and 465.
I found the tutorials teach configure for only one domain.

Sorry for the English, I do not speak English, I'm using Google translate.

[apinto]

Welcome to Sentora

For SMTP/IMAP/POP3 (postfix and dovecot protocols) you can only have one SSL Certificate per IP.

Regarding how email works, if you only have one IP (and one server) you should have a single domain for mail exchange, usually this domain is called mx.domain.tld but you can call it whatever you like.

Make sure that your mx.domain.tld is exactly the same IP address as your Reverse DNS domain (usually this is your hostname, panel.domain.tld), if you use CloudFlare DNS make sure mx.domain.tld does not have the orange cloud.

After this, on the OTHER domains you need, just create a subdomain for them like mx.domain2.tld or even mail.domain2.tld (as long as they point to the same IP as your primary mx server).

The ONLY single drawback is that the client needs to accept the security certificate on the FIRST time they connect, all the emails are sent correctly encrypted and received without issue. Anyone who send an email to those domains will not get any warning, they will not even know what is going on.

This both saves you money on IP Addresses and SSL Certs, also, its the only way supported by single IP email servers.

SNI is available but for web browsers.

[davi-dns]

Thanks apinto!
I have one more doubt, the mail server of all customers will have to be the same? On customer dns zone will have to be informed the same record mx?

[apinto]

If you only have one server, yes, all users mail servers should use the same DNS Record (mx.domain.com).

This is important if you use SSL, however if you do not use SSL/TLS you can create a DNS mx/mail subdomain (for ex mx.domain1.com, mail.domain2.com, mx.domain3.com, etc.) pointing to the same IP as the original mx; this should work without any kind of problem.

Anyways, and like I said, you can use different DNS records as long as they point to the same IP but you will have a drawback:

The ONLY single drawback is that the client needs to accept the security certificate on the FIRST time they connect, all the emails are sent correctly encrypted and received without issue. Anyone who send an email to those domains will not get any warning, they will not even know what is going on.

[davi-dns]

I am setting as you guided me up, I am now using a vhost to be able to use the webmail.dominioxxx.com customers as vhost below:

</VirtualHost>
# Configuration for WebMail
<VirtualHost *:80>
ServerAlias webmail.*
DocumentRoot "/etc/sentora/panel/etc/apps/webmail/"
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/etc/apps/webmail/">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>

How do I get it redirects to the https so I can use the SSL certificate?
In other vhosts I use like this:
Redirect Permanent / https://webmail.domainxxx.com/

But in this case I can not use because I am forwarding to all domains (*).
Thank you and sorry for my english.

[apinto]

davi-dns, do you currently have postfix and dovecot running on SSL?

There are 2 different things:
- Postfix and Dovecot using SSL (via SMT/POP/IMAP).
- Accessing webmail via a HTTPS website.

Can you please explain what you want to achieve so I can try to help you on the best possible way?

[davi-dns]

@[davi-dns], do you currently have postfix and dovecot running on SSL?

There are 2 different things:
- Postfix and Dovecot using SSL (via SMT/POP/IMAP).
- Accessing webmail via a HTTPS website.

Can you please explain what you want to achieve so I can try to help you on the best possible way?

I have postfix and dovecot running on ssl yes, configured as you guided me up.

Now I'm trying to access the webmail by also https.

Already have other domains and sub-domains configured for access by https, use a redirect (Redirect Permanent / https://webmail.domainxxxxx.com/) setting up a vhost.

I want customers to access as follows: https://webmail.domainclient01.com, https: //webmail.domainclient02.com ...
Understand?

[apinto]

Ok now I just wanted to make sure we were on the same page.

You should change virtual host port 80 to 443
No need to use a htaccess redirect if you do that.

Note: I'm assuming you already have apache listening on port 443 as you said you have other domains with SSL.

[saravana]

ps

Welcome to Sentora

For SMTP/IMAP/POP3 (postfix and dovecot protocols) you can only have one SSL Certificate per IP.

Regarding how email works, if you only have one IP (and one server) you should have a single domain for mail exchange, usually this domain is called mx.domain.tld but you can call it whatever you like.

Make sure that your mx.domain.tld is exactly the same IP address as your Reverse DNS domain (usually this is your hostname, panel.domain.tld), if you use CloudFlare DNS make sure mx.domain.tld does not have the orange cloud.

After this, on the OTHER domains you need, just create a subdomain for them like mx.domain2.tld or even mail.domain2.tld (as long as they point to the same IP as your primary mx server).

The ONLY single drawback is that the client needs to accept the security certificate on the FIRST time they connect, all the emails are sent correctly encrypted and received without issue. Anyone who send an email to those domains will not get any warning, they will not even know what is going on.

This both saves you money on IP Addresses and SSL Certs, also, its the only way supported by single IP email servers.

SNI is available but for web browsers.

Hai Apinto,

       I have hosted 10 different domains(separate account ) in single VPS server Ip . I can't access remote mail exchanger.

        Example -> example.com is primary domain, I have updated vps.example.com as hostname and installed SSL and also TLS is enabled in dovecote and postfix.
        The mail functions are working fine for all the domain.
         Now i want to know, how to do TLS configuration to access all domain mails for remote mail exchanger within single server ip.
         If it not possible with single ip for all domain, please let me know what is solution and configuration to overcome this issue.

Thank You.

[fearworks]

ps

Hai Apinto,

       I have hosted 10 different domains(separate account ) in single VPS server Ip . I can't access remote mail exchanger.

        Example -> example.com is primary domain, I have updated vps.example.com as hostname and installed SSL and also TLS is enabled in dovecote and postfix.
        The mail functions are working fine for all the domain.
         Now i want to know, how to do TLS configuration to access all domain mails for remote mail exchanger within single server ip.
         If it not possible with single ip for all domain, please let me know what is solution and configuration to overcome this issue.

Thank You.

I don't really understand your question but I think you'd be better starting your own thread, rather than tagging your post onto a 3-year-old thread, so your issues do not get confused with those people were having 3 years ago.

Even if you have the same issues, I would think a new thread would attract more help and make your request more visible.

Also, please make your question clearer - what do you mean when you say "access remote mail exchanger" and "access all domain mails for remote mail exchanger"?

Keith