Multiple SSL domains and postfix/dovecot

Discussion in 'General' started by _pX_, Nov 14, 2018.

  1. _pX_

    _pX_ New Member

    I'm on ISPConfig 3.1 on Debian Jessie and have multiple domains on sever (added via Website/DNS section of GUI).
    I plan to add SSL certificates for each of the domain via GUI - I assume this is not enough to get mail working through https protocol on each domain.
    What to do to get postfix/dovecot working securely over each domain (setting one user email client IMAP server as domain1 and other as domain2)?
    Any working HOWTOs?
    Gwyneth Llewelyn likes this.
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  3. _pX_

    _pX_ New Member

    Thank you.
    I already read this before posting my question and if I understood this tutorial correctly it covers the situation when I use one SSL certificate for all domains for mail access.
    I know the scenario when user from domain2 can access mail server using SSL secure access to domain1 (configured in postfix/dovecot) and his [email protected], but how to setup postfix/dovecot to access secure SSL using [email protected] for domain1 server, and [email protected] for domain2 server?
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    There is nothing to support this directly in ISPConfig, you will have to configure it manually. As postfix does not support SNI, you will have to use a different ip address for each domain, and then you configure a separate smtpd instance for each, bound to the ip address and specifying the certificate location, helo_hostname and any other parameters specific to that instance. You probably want to setup a sender_dependent_default_transport_maps as well (see for details). dovecot does support SNI, so this can be a little simpler there, see

    Note you will need to create "conf-custom" files so your changes don't get overwritten in future ispconfig updates; there's info/examples in the forums here if needed.
  5. _pX_

    _pX_ New Member

    Thank you for explanation.
  6. go0ogl3

    go0ogl3 Member

    Sorry, to reply to such and old post, but now that Postfix does support SNI, there is any chance that will be supported in ISPConfig also in a future version?
  7. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

Share This Page