[BlueOnyx:26093] Best way to have users securely fetch and send e-mail

[Taco Scargo]

Hi all,

It has been quite a few years since I frequented and actively participated in the BlueOnyx mailinglist.
For those that joined since then, I quick introduction from my side:

My name is Taco Scargo and worked at Cobalt Networks, the company that created the system that became BlueQuarz and later BlueOnyx after Sun Microsystems open-sourced the code.
I have been running my ‘private’ Webhosting business “on the side” for more than 25 years, mostly on Cobalt appliances and later BlueQuartz and BlueOnyx.
I am also hosting the www.blueonyx.nl <http://www.blueonyx.nl/> mirror site.

Decided to rejoin the mailinglist today, mostly because I want to have some thoughts on how you approach secure e-mail (receive and send) on a mixed customer server.

In the past I had all my customers connect to mail. followed by their own domain name and when secure smtp and pop3/imap was not active that worked fine.
But since secure smtp (SSL or STARTTLS) or secure pop3/imap is the standard, the customers get confronted with a certificate warning as the server will respond with the server’s hostname in the certificate.

I have been thinking about including all the mail.* hostnames in the ’server’ certificate, but LE certificates can only hold up to 100 hostnames, so on servers with more than 100 domains/vhosts, this approach does not work well.

So I am wondering how others do this.

Thanks,

Taco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20230410/460a59c4/attachment.html>