Multiple SSL domains and postfix/dovecot

Discussion in 'General' started by _pX_, Nov 14, 2018.

  1. _pX_

    _pX_ New Member

    Hi,
    I'm on ISPConfig 3.1 on Debian Jessie and have multiple domains on sever (added via Website/DNS section of GUI).
    I plan to add SSL certificates for each of the domain via GUI - I assume this is not enough to get mail working through https protocol on each domain.
    What to do to get postfix/dovecot working securely over each domain (setting one user email client IMAP server as domain1 and other as domain2)?
    Any working HOWTOs?
    Dawid
     
    Gwyneth Llewelyn likes this.
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  3. _pX_

    _pX_ New Member

    Thank you.
    I already read this before posting my question and if I understood this tutorial correctly it covers the situation when I use one SSL certificate for all domains for mail access.
    I know the scenario when user from domain2 can access mail server using SSL secure access to domain1 (configured in postfix/dovecot) and his [email protected], but how to setup postfix/dovecot to access secure SSL using [email protected] for domain1 server, and [email protected] for domain2 server?
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    There is nothing to support this directly in ISPConfig, you will have to configure it manually. As postfix does not support SNI, you will have to use a different ip address for each domain, and then you configure a separate smtpd instance for each, bound to the ip address and specifying the certificate location, helo_hostname and any other parameters specific to that instance. You probably want to setup a sender_dependent_default_transport_maps as well (see https://www.howtoforge.com/community/threads/different-ip-for-email.70582/#post-332222 for details). dovecot does support SNI, so this can be a little simpler there, see https://wiki.dovecot.org/SSL/Doveco..._TLS_SNI_.28Server_Name_Indication.29_support

    Note you will need to create "conf-custom" files so your changes don't get overwritten in future ispconfig updates; there's info/examples in the forums here if needed.
     
  5. _pX_

    _pX_ New Member

    Thank you for explanation.
     

Share This Page