1

Topic: iredadmin SNI multiple certificates

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.1 MARIADB edition
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version:  Linux Debian 11
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MYSQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?  YES
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Is it possible to run multiple files on iredadmin?
On another server, where I do not have iredadmin, but only dovecot and postfix - in my own configuration - I have something like SNI running
http :// www .geekytuts.net /sni-support-for-dovecot-and-postfix

Can something like that be done here too?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iredadmin SNI multiple certificates

what's the use case?

3

Re: iredadmin SNI multiple certificates

Cthulhu wrote:

what's the use case?

when you have multiple domains and, for example, you configure a new e-mail account via thunderbird, at this point the client substitutes imap / smtp / pop3 servers as pop3.configured_domain during the automatic configuration. Without SNI, the client will return a certificate error, because your certificate is for the server's domain.

4

Re: iredadmin SNI multiple certificates

It trys to use autoconfiguration, the automated substitution is only a fallback mechanism and should NEVER be used anyway

Either you use an autoconfig script(recommended), or you use the first mail domain , both will result in useing the same domain as login server

that is crucial, since the PTR and serverbanner/HELO should match aswell and you can't do that with  SNI, so even with SNI, there would be an ehlo/ptr mismatch

5

Re: iredadmin SNI multiple certificates

Cthulhu wrote:

It trys to use autoconfiguration, the automated substitution is only a fallback mechanism and should NEVER be used anyway

Either you use an autoconfig script(recommended), or you use the first mail domain , both will result in useing the same domain as login server

that is crucial, since the PTR and serverbanner/HELO should match aswell and you can't do that with  SNI, so even with SNI, there would be an ehlo/ptr mismatch

Then you are wrong.
There is no certificate mismatch when using SNI. In thunderbird - everything works fine. I use this mechanism outside of iredmail.