Hi, I'm on ISPConfig 3.1 on Debian Jessie and have multiple domains on sever (added via Website/DNS section of GUI). I plan to add SSL certificates for each of the domain via GUI - I assume this is not enough to get mail working through https protocol on each domain. What to do to get postfix/dovecot working securely over each domain (setting one user email client IMAP server as domain1 and other as domain2)? Any working HOWTOs? Dawid
https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ That should answer the SSL certificate part.
Thank you. I already read this before posting my question and if I understood this tutorial correctly it covers the situation when I use one SSL certificate for all domains for mail access. I know the scenario when user from domain2 can access mail server using SSL secure access to domain1 (configured in postfix/dovecot) and his username@domain2, but how to setup postfix/dovecot to access secure SSL using user@domain1 for domain1 server, and user@domain2 for domain2 server?
There is nothing to support this directly in ISPConfig, you will have to configure it manually. As postfix does not support SNI, you will have to use a different ip address for each domain, and then you configure a separate smtpd instance for each, bound to the ip address and specifying the certificate location, helo_hostname and any other parameters specific to that instance. You probably want to setup a sender_dependent_default_transport_maps as well (see https://www.howtoforge.com/community/threads/different-ip-for-email.70582/#post-332222 for details). dovecot does support SNI, so this can be a little simpler there, see https://wiki.dovecot.org/SSL/Doveco..._TLS_SNI_.28Server_Name_Indication.29_support Note you will need to create "conf-custom" files so your changes don't get overwritten in future ispconfig updates; there's info/examples in the forums here if needed.
Sorry, to reply to such and old post, but now that Postfix does support SNI, there is any chance that will be supported in ISPConfig also in a future version? http://www.postfix.org/postconf.5.html#tls_server_sni_maps
Please don't hijack old posts, create a new one instead. Reading https://www.howtoforge.com/community/threads/email-domain-ssl-certificate.85575/ might be interesting aswell.
