Multiple SSL domains and postfix/dovecot

Discussion in 'General' started by _pX_, Nov 14, 2018.

  1. _pX_

    _pX_ New Member

    Hi,
    I'm on ISPConfig 3.1 on Debian Jessie and have multiple domains on sever (added via Website/DNS section of GUI).
    I plan to add SSL certificates for each of the domain via GUI - I assume this is not enough to get mail working through https protocol on each domain.
    What to do to get postfix/dovecot working securely over each domain (setting one user email client IMAP server as domain1 and other as domain2)?
    Any working HOWTOs?
    Dawid
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  3. _pX_

    _pX_ New Member

    Thank you.
    I already read this before posting my question and if I understood this tutorial correctly it covers the situation when I use one SSL certificate for all domains for mail access.
    I know the scenario when user from domain2 can access mail server using SSL secure access to domain1 (configured in postfix/dovecot) and his [email protected], but how to setup postfix/dovecot to access secure SSL using [email protected] for domain1 server, and [email protected] for domain2 server?
     
  4. Jesse Norell

    Jesse Norell Well-Known Member

    There is nothing to support this directly in ISPConfig, you will have to configure it manually. As postfix does not support SNI, you will have to use a different ip address for each domain, and then you configure a separate smtpd instance for each, bound to the ip address and specifying the certificate location, helo_hostname and any other parameters specific to that instance. You probably want to setup a sender_dependent_default_transport_maps as well (see https://www.howtoforge.com/community/threads/different-ip-for-email.70582/#post-332222 for details). dovecot does support SNI, so this can be a little simpler there, see https://wiki.dovecot.org/SSL/Doveco..._TLS_SNI_.28Server_Name_Indication.29_support

    Note you will need to create "conf-custom" files so your changes don't get overwritten in future ispconfig updates; there's info/examples in the forums here if needed.
     
    electronico_nc likes this.
  5. _pX_

    _pX_ New Member

    Thank you for explanation.
     

Share This Page