Good day, I have a Ubuntu 22.04.5 LTS VM running the latest ISPConfig. The hostname is zod.hostinpowers.net and the Cert is good for emails when I test with online tools (for this domain). My challenge is when I add new email domains: example2.com and emample3.com let's say. I set up the clients with SMTP zod.hostinpowers.net SSL/TLS (in 143, out 587) with [email protected] and [email protected]. I get a warning and it connects (on my android). When I send an email through webmail to gmail. it's good. I see that the SMTP is allowed to send email from @example2.com for example. I still have a user with a new Mac that can't connect. I'm pretty sure it's certificate related (certificate verification). When I check with an online tool, I do get a certificate error: [000.044] Connection converted to SSL SSLVersion in use: TLSv1_3 Cipher in use: TLS_AES_256_GCM_SHA384 Perfect Forward Secrecy: yes Session Algorithm in use: Curve X25519 DHE(253 bits) Certificate #1 of 3 (sent by MX): Cert VALIDATED: ok Cert Hostname DOES NOT VERIFY (example2.com != zod.hostinpowers.net | DNS:zod.hostinpowers.net) So email is encrypted but the host is not verified Not Valid Before: May 4 18:05:19 2025 GMT Not Valid After: Aug 2 18:05:18 2025 GMT The certificates are valid for https://example2.com and and https://emample3.com (Let's Encrypt). What would I need to do to make the certificates good for different domains on the same box? Thanks ahead, JP example2.com (cert fail)
that's probably because postfix isn't supplying a certificate with the name example2.com or example3.com postfix only uses the servers name zod.hostingpowers.net you should set the mx record for other domains using that email server to zod.hostingpowers.net. websites use the sites domain for their certificate, postfix uses the servers certificate, so testing https for each domain is pointless with regards to postfix. it's a completely different certificate you could add each domain to the servers certificate, so that postfix includes them, as long as you never go above 100 domains, and any domain that expires needs to be removed from the certificate, or email will stop working when the cert fails to renew.. or you could configure postfix to use SNI, currently ispconfig doesn't support this, so you would need to configure and maintain this manually, (this would use a separate certificate for each mail domain, avoiding the 100 domain limit on letsencrypt certs) or, as i said above, just use the servers name, zod.hostingpowers.net as the smtp/imap/pop3 host for all domains. it's fully supported, the server-side works without manual configuration, and is standard for all large multi-domain mailservers. the mac is trying to connect to at least one of smtp, pop3 or imap using the example2.com or example3.com domain as part of the host address.
You should also double-check that your client really uses zod.hostinpowers.net as an SMTP and POP3/IMAP server on his Mac and not his email domain.
The test checks servers taken from MX-records. Just set MX-record to zod.hostinpowers.net for domains example2.com and example3.com. The only other option is to add servernames in MX-records for domains example2.com and example3.com in the certificate besides zod.hostinpowers.net.
First, thank you for the support. It's really appreciated. There was no MX entry in the clients DNS. I added it and it seems good. I'll have to confirm with the client that everything connects well now.
