I’d like to ask for clarification with regards to SSL certs for email. I have setup the default IMAP-SSL with domain mail.domainA.com. If I log into my email, name@domainA.com SSL works without issues (i set my smtp and imap in macmail to mail.domainA.com).
However, if I have a customer, say customerdomain.com. He is on a dedicated IP, and SSL fo customerdomain.com is configured (it works without issues when viewed in https://customerdomain.com). When he configures his email for SSL he gets a domain mismatch with the SSL. Even if he sets SMTP and IMAP servers in outlook or macmail to customerdomain.com (which he has), he still gets the error. And according to the mail program, the cert is mail.domainA.com and not customerdomain.com. He is using his own IP tho…
Why is this so? Doesn’t interworx use the client’s SSL when it comes to mail even if the customer has his own IP and SSL cert configured? How do we get around this such that my customers can configure their emails and use their ssl certs for the mail settings? I know they can put my default as their smtp but they prefer to use their own domain as it’s easier for their staff (the employees don’t know me, only their admin so it’s tedious to tell each of the employees to use domainA.com as smtp server and not their domain).
Also, what happens with my resellers then? Their customers will see right through and know that they are merely reselling my services since their customers have to use my SSL domain for their smtp server, not even the reseller’s domain…
Any ideas on this? I hope I was clear enough. been a long day…
I do not think this is possible, unless qmail could support SNI, as apache does.
However, even if qmail did support SNI, I do not think any email client software would support SNI.
I suppose thinking about it though, if you assigned a dedicated ip to siteworx, you might be able to have it serve the correct SSL but you would need to have multiple qmail running, but would have to assign different ports as each would be in use.
The way we have it set is to using a generic SSL domain, which does not indicate if it ours, our resellers or clients, unless someone took the time to do a Whois, but even if it served the clients SSL, a simple lookup on ip would show it’s not the clients, but most accept this I believe, so we do not have any issues
The above is for smtp/pop3 service, if you mean webmail, the SSL should work for client as it’s apache that serves it.
Question; If i have custom compiled Qmail at Iworx, will Iworx update replace custom compiled Qmail with default? Is there an option to exclude Qmail in update process?