EMail SSL for users' domains

Hi.

I’d like to ask for clarification with regards to SSL certs for email. I have setup the default IMAP-SSL with domain mail.domainA.com. If I log into my email, name@domainA.com SSL works without issues (i set my smtp and imap in macmail to mail.domainA.com).

However, if I have a customer, say customerdomain.com. He is on a dedicated IP, and SSL fo customerdomain.com is configured (it works without issues when viewed in https://customerdomain.com). When he configures his email for SSL he gets a domain mismatch with the SSL. Even if he sets SMTP and IMAP servers in outlook or macmail to customerdomain.com (which he has), he still gets the error. And according to the mail program, the cert is mail.domainA.com and not customerdomain.com. He is using his own IP tho…

Why is this so? Doesn’t interworx use the client’s SSL when it comes to mail even if the customer has his own IP and SSL cert configured? How do we get around this such that my customers can configure their emails and use their ssl certs for the mail settings? I know they can put my default as their smtp but they prefer to use their own domain as it’s easier for their staff (the employees don’t know me, only their admin so it’s tedious to tell each of the employees to use domainA.com as smtp server and not their domain).

Also, what happens with my resellers then? Their customers will see right through and know that they are merely reselling my services since their customers have to use my SSL domain for their smtp server, not even the reseller’s domain…

Any ideas on this? I hope I was clear enough. been a long day…

Thanks

I just posted the same issue. I’m hoping there is a workaround for this. :slight_smile:

Any success?

Hi Guys!

Do you have had any success with this, facing the same problem.

Any clues would be much appraised! :slight_smile:

Hi juhok

I do not think this is possible, unless qmail could support SNI, as apache does.

However, even if qmail did support SNI, I do not think any email client software would support SNI.

I suppose thinking about it though, if you assigned a dedicated ip to siteworx, you might be able to have it serve the correct SSL but you would need to have multiple qmail running, but would have to assign different ports as each would be in use.

The way we have it set is to using a generic SSL domain, which does not indicate if it ours, our resellers or clients, unless someone took the time to do a Whois, but even if it served the clients SSL, a simple lookup on ip would show it’s not the clients, but most accept this I believe, so we do not have any issues

The above is for smtp/pop3 service, if you mean webmail, the SSL should work for client as it’s apache that serves it.

I hope that helps and sorry if I am wrong

Many thanks

John

[QUOTE=juhok;27030]Hi Guys!

Do you have had any success with this, facing the same problem.

Any clues would be much appraised! :)[/QUOTE]

Check these URLs;
http://www.gossamer-threads.com/lists/qmail/users/137853
http://www.suspectclass.com/sgifford/ucspi-tls/ucspi-tls-qmail-howto.html
http://permalink.gmane.org/gmane.mail.qmail.qmr/11078

Question; If i have custom compiled Qmail at Iworx, will Iworx update replace custom compiled Qmail with default? Is there an option to exclude Qmail in update process?

  • Juho

Hi juhok

Many thanks for your links, I think some are included in IW qmail. Sorry if I’m wrong.

I would think any changes you made to qmail would lost and I’m sure if you could stop qmail been overwritten on next update.

I guess you could do a symlinked from another position perhaps to your version, or save a backup copy and replace after any updates.

A good tip though, if this is an issue, and it has pros and cons, would be to set IW update to stable, and it would be a fair time before update.

Many thanks

John