[BlueOnyx:23870] Re: Is dovecot's SNI support planned?

[Michael Stauber]

Hi all,

> SNI-Support for email

There might actually be an easier approach that would also allow us to
retain Sendmail and *still* get SNI support.

By using Nginx as email proxy:

https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/

5209R and 5210R already have Nginx and can use it as HTTPS proxy for
web, which also enables true HTTP/2 support, which Apache is still
lacking to some degree.

Whenever Vsite (and GUI) certs are updated, Nginx also gets configured
with the new SSL certificates - even if you chose not to use Nginx at
this point.

So our Nginx already knows everything it needs to know about Vsites and
their SSL certs and things like cert installation, renewals and vsite
deletions is already fully working and integrated.

What's missing to get a working setup for Nginx as email proxy are some
tweaked Nginx configs that configure the email proxy settings. And
something that switches Dovecot and Sendmail to run on localhost only
while the Nginx email proxy is active.

This is just some food for thought and I'll run some extensive tests on
this during the next couple of days.

But yes: SNI for email might be coming to BlueOnyx real soon.

-- 
With best regards

Michael Stauber