Multiple SSL Virtual Hosts 6.0

From Zimbra :: Wiki

Jump to: navigation, search

For HTTP, POP3, and IMAP, please see the SSL certificates per domain guide.

postfix (SMTP)

For postfix we use a .in master file that you can edit and have the changes stick: just edit /opt/zimbra/postfix/conf/master.cf.in (after backing it up of course!). Instead of letting postfix bind to the port globally, you configure it to bind to a specific address and override the global certificate with a specific one:

Before:

smtp      inet  n       -       n       -       -       smtpd
submission inet n      -       n       -       -       smtpd
        -o smtpd_etrn_restrictions=reject
        -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
        -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%

After:

# domain1 instance 
1.1.1.1:smtp      inet  n       -       n       -       -       smtpd
  -o smtpd_tls_cert_file=/opt/zimbra/conf/domain1.crt
  -o smtpd_tls_key_file=/opt/zimbra/conf/domain1.key
1.1.1.1:submission inet n      -       n       -       -       smtpd
        -o smtpd_etrn_restrictions=reject
        -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
        -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
        -o smtpd_tls_cert_file=/opt/zimbra/conf/domain1.crt
        -o smtpd_tls_key_file=/opt/zimbra/conf/domain1.key

# domain2 instance 
1.1.1.2:smtp      inet  n       -       n       -       -       smtpd
  -o smtpd_tls_cert_file=/opt/zimbra/conf/domain2.crt
  -o smtpd_tls_key_file=/opt/zimbra/conf/domain2.key
1.1.1.2:submission inet n      -       n       -       -       smtpd
        -o smtpd_etrn_restrictions=reject
        -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
        -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
        -o smtpd_tls_cert_file=/opt/zimbra/conf/domain2.crt
        -o smtpd_tls_key_file=/opt/zimbra/conf/domain2.key

(If you want to enable 465 (smtps), it's a clone of submission with -o smtpd_tls_wrappermode=yes)

Keywords: ssl, virtual hosts
Version: Release 6.0.5_GA_2213.RHEL5_64_20100203001950 CentOS5_64 FOSS edition.

Verified Against: ZCS 6.0.5 Date Created: 1/20/2011
Article ID: http://wiki.zimbra.com/index.php?title=Multiple_SSL_Virtual_Hosts_6.0 Date Modified: 01/26/2015
Personal tools