[BlueOnyx:26096] Re: Best way to have users securely fetch and send e-mail

Taco Scargo taco at blueonyx.nl
Mon Apr 10 11:32:49 -05 2023 

Hahaha, I feel so stupid. The functionality is actually present already in BlueOnyx for Dovecot. (/etc/dovecot/conf.sni.d)
Don’t know how long already, but this is good to know, I now only need to add the mail subdomain to all vhosts and regenerate the LE certificates.

Remaining task is the sendmail submission… It seems that one only supports the main server certificate.
But maybe the switch to Postfix on 5211R can fix that.

At least the Dovecot version in 5211R supports submission too, so switching to Dovecot for submission would be an option.

Checking Postfix now … (sorry for spamming)


> On 10 Apr 2023, at 16:15, Taco Scargo <taco at blueonyx.nl> wrote:
> 
> Hi all,
> 
> It has been quite a few years since I frequented and actively participated in the BlueOnyx mailinglist.
> For those that joined since then, I quick introduction from my side:
> 
> My name is Taco Scargo and worked at Cobalt Networks, the company that created the system that became BlueQuarz and later BlueOnyx after Sun Microsystems open-sourced the code.
> I have been running my ‘private’ Webhosting business “on the side” for more than 25 years, mostly on Cobalt appliances and later BlueQuartz and BlueOnyx.
> I am also hosting the www.blueonyx.nl <http://www.blueonyx.nl/> mirror site.
> 
> Decided to rejoin the mailinglist today, mostly because I want to have some thoughts on how you approach secure e-mail (receive and send) on a mixed customer server.
> 
> In the past I had all my customers connect to mail. followed by their own domain name and when secure smtp and pop3/imap was not active that worked fine.
> But since secure smtp (SSL or STARTTLS) or secure pop3/imap is the standard, the customers get confronted with a certificate warning as the server will respond with the server’s hostname in the certificate.
> 
> I have been thinking about including all the mail.* hostnames in the ’server’ certificate, but LE certificates can only hold up to 100 hostnames, so on servers with more than 100 domains/vhosts, this approach does not work well.
> 
> So I am wondering how others do this.
> 
> Thanks,
> 
> Taco
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20230410/ebd20065/attachment.html>

More information about the Blueonyx mailing list