Ping a Specific Port

Question

Nemke

Asked: 2013-08-25 14:54:19 +0800 CST2013-08-25 14:54:19 +0800 CST 2013-08-25 14:54:19 +0800 CST

Postfix/Dovecot Mail server with multiple domains and SSL [duplicate]

772

On my mail setup I'm currently using self signed certificate generated for server hostname.

And I'm curious is there some kind of SSL certificate that shared hosting providers use for multiple domains mail and how are they setting them up?

1 Answers

Voted

Peter · Answer 1 · 2014-05-09T05:48:44+08:00

If you want each domain to use a valid SSL certificate, you have 2 solutions: use a multi-domain certificate, or set up each domain on a unique IP. The first solution is terrible: those certificates are usually quite expensive (though you can find inexpensive ones), they will list all of the domains you wish to certify on the same cert, and, most importantly, they are only issued once, so adding just one new domain means getting an entirely new cert.

The better solution is to place each domain on its own IP, and then to match each certificate to its respective IP.

Here's how you do it in postfix.

You will first place your certificates for each domain in the /etc/postfix/ directory (you can also create a /etc/postfix/ssl/ directory) Note: i use Plesk, which uses .pem certificate files, but you can also use .key and .cer files (.pem files are just a concat of .key and .cer file, in that order)

then, you need to modify the master.cf file in /etc/postfix/

originally, mine looked like this (probably because i added the last 3 IPs after i set up the server:

1.1.1.1- unix - n n - - smtp -o smtp_bind_address=1.1.1.1 -o smtp_bind_address6= -o smtp_address_preference=ipv4

2.2.2.2- unix - n n - - smtp -o smtp_bind_address=2.2.2.2 -o smtp_bind_address6= -o smtp_address_preference=ipv4

smtp inet n - n - - smtpd
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticate d,reject -o smtpd_sender_restrictions=

3.3.3.3- unix - n n - - smtp -o smtp_bind_address=3.3.3.3 -o smtp_bind_address6= -o smtp_address_preference=ipv4

4.4.4.4- unix - n n - - smtp -o smtp_bind_address=4.4.4.4 -o smtp_bind_address6= -o smtp_address_preference=ipv4

5.5.5.5- unix - n n - - smtp -o smtp_bind_address=5.5.5.5 -o smtp_bind_address6= -o smtp_address_preference=ipv4

Now, to bind each certificate to its corresponding IP, you do as follows:

1.1.1.1- unix - n n - - smtp -o smtp_bind_address=1.1.1.1 -o smtp_bind_address6= -o smtp_address_preference=ipv4

2.2.2.2- unix - n n - - smtp -o smtp_bind_address=2.2.2.2 -o smtp_bind_address6= -o smtp_address_preference=ipv4

3.3.3.3- unix - n n - - smtp -o smtp_bind_address=3.3.3.3 -o smtp_bind_address6= -o smtp_address_preference=ipv4

4.4.4.4- unix - n n - - smtp -o smtp_bind_address=4.4.4.4 -o smtp_bind_address6= -o smtp_address_preference=ipv4

5.5.5.5- unix - n n - - smtp -o smtp_bind_address=5.5.5.5 -o smtp_bind_address6= -o smtp_address_preference=ipv4

#smtp inet n - n - - smtpd
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
#submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=

1.1.1.1:smtp inet n - n - - smtpd -o smtpd_tls_cert_file=/etc/postfix/cert1.pem -o smtpd_tls_key_file=/etc/postfix/cert1.pem
1.1.1.1:smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_tls_cert_file=/etc/postfix/cert1.pem -o smtpd_tls_key_file=/etc/postfix/cert1.pem
1.1.1.1:submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_tls_cert_file=/etc/postfix/cert1.pem -o smtpd_tls_key_file=/etc/postfix/cert1.pem

2.2.2.2:smtp inet n - n - - smtpd -o smtpd_tls_cert_file=/etc/postfix/cert2.pem -o smtpd_tls_key_file=/etc/postfix/cert2.pem
2.2.2.2:smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_tls_cert_file=/etc/postfix/cert2.pem -o smtpd_tls_key_file=/etc/postfix/cert2.pem
2.2.2.2:submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_tls_cert_file=/etc/postfix/cert2.pem -o smtpd_tls_key_file=/etc/postfix/cert2.pem

3.3.3.3:smtp inet n - n - - smtpd -o smtpd_tls_cert_file=/etc/postfix/cert3.pem -o smtpd_tls_key_file=/etc/postfix/cert3.pem
3.3.3.3:smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_tls_cert_file=/etc/postfix/cert3.pem -o smtpd_tls_key_file=/etc/postfix/cert3.pem
3.3.3.3:submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_tls_cert_file=/etc/postfix/cert3.pem -o smtpd_tls_key_file=/etc/postfix/cert3.pem

4.4.4.4:smtp inet n - n - - smtpd -o smtpd_tls_cert_file=/etc/postfix/cert4.pem -o smtpd_tls_key_file=/etc/postfix/cert4.pem
4.4.4.4:smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_tls_cert_file=/etc/postfix/cert4.pem -o smtpd_tls_key_file=/etc/postfix/cert4.pem
4.4.4.4:submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_tls_cert_file=/etc/postfix/cert4.pem -o smtpd_tls_key_file=/etc/postfix/cert4.pem

5.5.5.5:smtp inet n - n - - smtpd -o smtpd_tls_cert_file=/etc/postfix/cert5.pem -o smtpd_tls_key_file=/etc/postfix/cert5.pem
5.5.5.5:smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_tls_cert_file=/etc/postfix/cert5.pem -o smtpd_tls_key_file=/etc/postfix/cert5.pem
5.5.5.5:submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_tls_cert_file=/etc/postfix/cert5.pem -o smtpd_tls_key_file=/etc/postfix/cert5.pem

That's it!! (don't forget to comment out the original lines as seen above)

PS: to do the same for POP/IMAP if you use courier-imap, you simply place copies of those .pem files in /usr/share/courier-imap/ (or in the case of Plesk, you place them in /usr/share/ ) and you name them as follows: imapd.pem.xx.xx.xx.xx pop3d.pem.xx.xx.xx.xx

where xx.xx.xx.xx is the respective IP address (the 2 certificates are copies of the same file)

Hope this helps!

Postfix/Dovecot Mail server with multiple domains and SSL [duplicate]

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?