Postfix with SNI support

8 posts / 0 new
Last post
#1 Wed, 05/01/2019 - 15:32
hsuresearch
hsuresearch's picture

Postfix with SNI support

Hallo!

Postfix will support SNI since version 3.4. http://www.postfix.org/announcements/postfix-3.4.0.html

so now we can setup multi domains with separate ssl (with only 1 ip) in postfix? And how can we do this in Virtualmin?

Best wishes, CL

Wed, 05/01/2019 - 20:03
andreychek

Howdy,

That's good to hear that new versions of Postfix are offering SNI!

It may be a little bit before Virtualmin offers that feature, since that Postfix version isn't yet part of any package we support.

However, I'll make sure Joe and Jamie know about it, and we'll get that feature onto the todo list.

-Eric

Thu, 05/02/2019 - 13:17
hsuresearch
hsuresearch's picture

That is great, that Virtualmin will support that feature! Can't wait to have it. ☺

thank you for making this happen!

best wishes, CLH

Thu, 05/02/2019 - 15:21
andreychek

Ah goodness yes, it's a heck of a lot better than what we go through now to try and support even one SSL cert per IP address in Postfix. It's completely awesome that they're offering this, the only drawback is that it might not be until we start seeing vendors ship that Postfix version before we're able to offer such support.

-Eric

Thu, 05/02/2019 - 16:19
hsuresearch
hsuresearch's picture

oh that is ture. We need to wait until verdors ship new vision. It seems like a lot of people still not get this Info, that postfix finally support sni. it is about years ago (or maybe a year), postfix just somehow didn't want to add SNI. http://www.postfix.org/TLS_README.html (...There are no plans to implement SNI in the Postfix SMTP server...) I am so happy, that they change their mind!!

here is some Info from postfix community http://postfix.1071664.n5.nabble.com/How-to-use-the-new-server-TLS-SNI-f...

Postfix 3.4.0 was published on 2019-02-28! really new thing. https://centos.pkgs.org/7/ghettoforge-testing-x86_64/postfix3-3.4.0-1.gf...

best wishes, CLH

Tue, 08/27/2019 - 01:33
toreskev

Hi,

It's been some time now since this post. Debian 10 with a Postfix version supporting this is out. Any news on if and when this will be implemented in Virtualmin?

--Tore

Mon, 11/18/2019 - 02:45
GreekIO

Goodday all,

I was trying to find more info about Webmin compatability with Postfix3 as this is what I'm trying to setup and this thread came up. Actually I'm in the proccess of setting up a new server on CentOS 7.7 using Webmin/Virtualmin. The latest package on CentOS's repos is still Postfix version 2.10.1. But I followed the following procedure and it seems to work: -deleted (once more) all my virtual hosts to start from scratch after the update -stopped postfix -pretty much followed this guide ( https://www.ryadel.com/en/postfix-3-install-setup-linux-centos-for-sendi... ) until config. I didn't proceed to manually config postfix. -go to webmin configuration -> webmin modules -> deleted postfix server -> reinstall postfix server module

From what I've come to understand the "module" is extra code that tells webmin/virtualmin how to connect / configure / communicate with postfix for example. It is not the actual postfix package right? I started postfix from webmin and it worked. On the Postfix Mail Server page it still shows Postfix version 2.10.1 no matter how many times I press reload configuration. is that maybe the modules version? Because if I go to general options the Official mail system version is correctly detected as 3.4.7.

I will try to configure it today, hopefully I won't need to manually edit config files. I'm not sure if the config has changed I hope not. I will start by editing setting on Webmin and If I need to I may do manual edits.

Sorry for this long beginner post but I would appreciate a little help with maybe silly questions here and there.

Webmin/Virtualmin Enthusiast from sunny Greece!

Fri, 12/20/2019 - 18:30
philmck
philmck's picture

Yay! Very pleased to see support for SNI in Postfix even though the docs still say there are "no plans" to support it! And postfix 3.4 is already shipping in Ubuntu 19.10 (CentOS unknown) so I guess it's only a matter of time before it makes it into an LTS and eventually Webmin. I'm guessing mid 2021. (Plesk and cPanel already support it,)

Unfortunately a recent Webmin update has broken my previous workaround, which was to sign the main server certificate with lots of domains (max 100) and copy that to postfix, I used to do this with the "Domains listed here" option in the LetsEncrypt tab but that now throws an error. So it's now an urgent problem again.

I've seen several comments like "not on the radar" or "no plans for this" that indicate that people might not appreciate the need for this. The problem is that mail clients like Outlook now try to simplify the account configuration process by guessing the server name from the email domain. That works fine if your account is at Gmail or a business, but when you have a personal domain on a server (even a VPS) with multiple domains this becomes a serious problem.

Phil McKerracher www.beeches.it

Topic locked