4

I need to configure a server to host multiple email domains on a single IP, and thus install multiple ssl certificates.
Miraculously, I have been able to get apache and dovecot to work with multiple certificates/domains on a single IP, but I can't find any recent info on sendmail. So I can receive emails on the second domain, but when I go to send, I get a certificate error unless I send as the first domain which is the one sendmail has configured. I have a lot of customizations so would like to stick with sendmail if possible. But if the only option is to go with postfix, then I may have to (if postfix will do multiple domains on a single IP). Or, if I have to do multiple IPs, that would use up a lot of IPs and I'm not sure I can do that.
Thanks in advance.

xivix
  • 543
  • 2
  • 8
  • 15
  • Is the single IP a strict requirement? If you could add more IPs, you could have multiple instances of SendMail (one for each IP) and have each one use a separate TLS cert, hostname, etc. – Mike B Jan 08 '16 at 15:35

1 Answers1

5

Not a real answer but too long for a comment...

1 IP-address, multiple certificates --> that sounds like you want support for server name indication and I can't find any conclusive evidence that sendmail supports that (or not for that matter).

If indeed you can only configure a single certificate and you can't invest in a UCC/SAN certificate:

A potential work-around is to use a single hostname as the primary MX record for all your domains and get a TLS certificate with that hostname i.e. smtp.example.com is the primary MX for not only example.com but for example.org and and example.net as well.

That is a not such a bad idea as sendmail will normally only identify itself by a single hostname anyway and that hostname ought to match with reverse DNS record for your IP-address. And your reverse DNS can also only point to a single hostname.

Related as well: Is enforcing encryption for SMTP a good idea (yet)?

HBruijn
  • 72,524
  • 21
  • 127
  • 192