I need to configure a server to host multiple email domains on a single IP, and thus install multiple ssl certificates.
Miraculously, I have been able to get apache and dovecot to work with multiple certificates/domains on a single IP, but I can't find any recent info on sendmail. So I can receive emails on the second domain, but when I go to send, I get a certificate error unless I send as the first domain which is the one sendmail has configured. I have a lot of customizations so would like to stick with sendmail if possible. But if the only option is to go with postfix, then I may have to (if postfix will do multiple domains on a single IP). Or, if I have to do multiple IPs, that would use up a lot of IPs and I'm not sure I can do that.
Thanks in advance.
- 543
- 2
- 8
- 15
-
Is the single IP a strict requirement? If you could add more IPs, you could have multiple instances of SendMail (one for each IP) and have each one use a separate TLS cert, hostname, etc. – Mike B Jan 08 '16 at 15:35
1 Answers
Not a real answer but too long for a comment...
1 IP-address, multiple certificates --> that sounds like you want support for server name indication and I can't find any conclusive evidence that sendmail supports that (or not for that matter).
If indeed you can only configure a single certificate and you can't invest in a UCC/SAN certificate:
A potential work-around is to use a single hostname as the primary MX record for all your domains and get a TLS certificate with that hostname i.e. smtp.example.com is the primary MX for not only example.com but for example.org and and example.net as well.
That is a not such a bad idea as sendmail will normally only identify itself by a single hostname anyway and that hostname ought to match with reverse DNS record for your IP-address. And your reverse DNS can also only point to a single hostname.
Related as well: Is enforcing encryption for SMTP a good idea (yet)?