I have a server running Debian 10 (Buster), Postfix, and ISPConfig 3.2. The common issues check returns that all is good. I am trying to set up an email domain along with an email address for a domain not hosted on this server. Let's say the domain is library.example. I've got MX example -> library.example and A library.example -> 123.123.123.123 I've also added a website via ISPConfig and enabled Letsencrypt for it. Visiting library.example. brings up the default site index secured normally over https. I've added an mail domain and an email mailbox no-reply[at]library.example When I go and set up Thunderbird using the credentials I entered, I see the normal "Welcome to your new email account" in my Inbox but when I try to send a test email I get a warning that the location library.example:587 is trying to identify itself with invalid information because Postfix is presenting the server certificate that ISPConfig generated. I've tried removing and re-adding the mail domain several times etc, each time I get the same behavior. This problem does not appear for any of the other sites that I host (proper websites and mail domains) on the same server. Any ideas how I can fix this? Thanks in advance, Jim
You can generate a Let's Encrypt certificate for the hostname of your server on install, or follow these steps to create a certificate for your mail domain(s) and use them for your mailserver: https://www.howtoforge.com/communit...topped-sending-email.85381/page-2#post-410370
Th0m, I read that thread while researching a solution but I had concerns about practicality since for every domain that I'm currently hosting and for every domain that will be added in the future I'd have to add an alias. What I was going for was something along the lines of lxadm.[com]/Postfix_and_multiple_SSL_certificates since then, if I'm not mistaken, all the mail.site.com domains would be able to use their Letsencrypt cert instead of the server cert. Would that be correct? Perhaps a feature requesst should be added?
You should not add those domains as alias. Let your clients connect to mail.yourcompany.com instead of mail.clientdomain.com. This is the best way to do this. There is a request for Dovecot: https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3794
Agreed. The use of mail.clientdomain.tld should be considered as a premium service due to considerable amount of its setting and maintenance.
I'd be willing to devote developer resources towards this (and Postfix) if I could get a few pointers about how to proceed. I've got a good developer team but Dovecot/Postfix is not their specialty. Could we work out a spec?
Read more about SNI for Postfix and dovecot, for example: http://www.postfix.org/postconf.5.html#tls_server_sni_maps https://doc.dovecot.org/configurati...client-tls-sni-server-name-indication-support @Jesse Norell might have some pointers aswell. Still, I don't recommend using this but use mail.hostingdomain.com instead where possible. If you are implementing this, I would make it selectable per domain, so not every domain is added.
