Best way to setup email authentication?

Guys,

I'm struggling a little on the best way to setup email authentication for our clients. Email is configured and working, authentication is working w/ the default certificate.

Ideally I'd like to generate a self-signed (or commercial) cert for each client but it looks like I can't do that. Right now our clients use mail.domain.tld for POP/SMTP, is it possible to provide a cert for each domain in this way?

mail.domain1.tld, mail.domain2.tld, mail.domain3.tld, etc.

Thanks for your guidance!
Craig

Status: 
Active

Comments

Howdy -- you're right, there's unfortunately not a good way to provide a cert for each domain.

The simplest way to do that would be to setup one SSL cert on your server, and have your clients connect using that. So if your server's domain name is "example.com", perhaps you could get a cert for something like "secure.example.com", add that into Postfix/Dovecot/Virtualmin/etc, and have your clients use that when connecting to your server.

Also, you could setup a redirect for all of your clients, so when they go to webmail.domain1.tld, it redirects to secure.example.com:20000 (or whatever other webmail client you use). You can setup that redirect in System Settings -> Server Templates -> Default -> Apache Website.

There is a type of SSL certificate known as a UCC certificate, which allows you to input multiple domains into it. But each time you want to add another domain, you'd need to re-purchase the certificate, I believe.

Andreychek,

Thanks for the info. I certainly don't know all the technical ramifications but using a "main domain" breaks portability, if we move a domain to another server client access is broken. I know this is far outside VM but I'm really surprised there isn't some way to accomplish it - like a "map" file in postfix to lookup the correct client cert...

Agreed on the url redirect, easy solutions there - just need to figure out the client access portion.

Thanks!
Craig

"Also, you could setup a redirect for all of your clients, so when they go to webmail.domain1.tld, it redirects to secure.example.com:20000 (or whatever other webmail client you use). You can setup that redirect in System Settings -> Server Templates -> Default -> Apache Website."

so can i do this (and how) on a domain I have in Virtualmin so that webmail.domain.com redirects to https://mail.domain.com:20000 ? What is the syntax I need to enter?

so can i do this (and how) on a domain I have in Virtualmin so that webmail.domain.com redirects to https://mail.domain.com:20000 ? What is the syntax I need to enter?

By default, Virtualmin would add a redirect so that going to webmail.domain.com redirects to http://domain.com:20000. That part should already work.

If you'd like to modify where exactly the domain redirects, you'd first want to start by setting the domain to redirect to in System Settings -> Server Templates -> Default -> Apache Website, by setting "URL for webmail redirect".

Then, to rewrite the redirect rule for a given domain, you'd need to use the Virtualmin command line tools -- it's not currently possible from within the Virtualmin GUI.

You'd just need to disable the redirect, and then re-enable it -- which will cause it to be written using the new settings you added to the server template.

To do that, you can run the following commands:

virtualmin modify-web --domain example.tld --no-webmail
virtualmin modify-web --domain example.tld --webmail

That would disable the webmail redirect for the Virtual Server named "example.tld", then re-enable it.