[BlueOnyx:26094] Re: Best way to have users securely fetch and send e-mail
Chris Gebhardt - VIRTBIZ Internet
cobaltfacts at virtbiz.com
Mon Apr 10 10:01:50 -05 2023
Hi Taco,
Welcome back, it's good to "see" you again.
> In the past I had all my customers connect to mail. followed by their
> own domain name and when secure smtp and pop3/imap was not active that
> worked fine.
> But since secure smtp (SSL or STARTTLS) or secure pop3/imap is the
> standard, the customers get confronted with a certificate warning as
> the server will respond with the server’s hostname in the certificate.
>
> I have been thinking about including all the mail.* hostnames in the
> ’server’ certificate, but LE certificates can only hold up to 100
> hostnames, so on servers with more than 100 domains/vhosts, this
> approach does not work well.
>
> So I am wondering how others do this.
Right. On our fleet of legacy (5209R) BlueOnyx servers, we have
instructed customers to use the server hostname to make a connection.
In other words, if they are hosted on, for instance, web1.domain.tld, we
simply place in their instructions to use web1.domain.tld in the
incoming/outgoing hostname.
This isn't 100% perfect, since if we migrate the domain to another
server (ie: web2.domain.tld) then the certificate will fail again.
However, we don't typically do this, and if we do migrate VSITEs to
another server, it's usually to a direct replacement so the hostname
will stay the same. (This would occur if we upgraded from 5209R to 5210R.)
Beginning with 5210R, it's possible to use SNI:
https://www.blueonyx.it/news/267/15/5210R-Postfix-SNI-for-Email-and-Maildir
You mention LE not having the ability to use > 100 hostnames, and my
suggestion might be to cap the number of VSITEs hosted on a particular
server. Since nearly everything we do is virtualized these days,
that's a good way for us to not have too many eggs in a single basket.
These approaches may not be a one-size-fits-all, but it gives some
insight on what we're doing.
--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20230410/9105eb4a/attachment.html>
More information about the Blueonyx
mailing list