Multiple SSL Virtual Hosts 6.0: Difference between revisions
No edit summary |
|||
(8 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
For HTTP, POP3, and IMAP, please see the [[SSL certificates per domain]] guide. | |||
= | = postfix (SMTP) = | ||
For postfix we use a .in master file that you can edit and have the changes stick: just edit <tt>/opt/zimbra/postfix/conf/master.cf.in</tt> (after backing it up of course!). Instead of letting postfix bind to the port globally, you configure it to bind to a specific address and override the global certificate with a specific one: | |||
Before: | Before: | ||
<pre> | <pre> | ||
smtp inet n - n - - smtpd | |||
submission inet n - n - - smtpd | |||
-o smtpd_etrn_restrictions=reject | |||
-o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%% | |||
-o smtpd_client_restrictions=permit_sasl_authenticated,reject | |||
-o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%% | |||
</pre> | </pre> | ||
Line 41: | Line 18: | ||
<pre> | <pre> | ||
# domain1 instance | |||
1.1.1.1:smtp inet n - n - - smtpd | |||
-o smtpd_tls_cert_file=/opt/zimbra/conf/domain1.crt | |||
-o smtpd_tls_key_file=/opt/zimbra/conf/domain1.key | |||
1.1.1.1:submission inet n - n - - smtpd | |||
-o smtpd_etrn_restrictions=reject | |||
-o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%% | |||
-o smtpd_client_restrictions=permit_sasl_authenticated,reject | |||
-o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%% | |||
-o smtpd_tls_cert_file=/opt/zimbra/conf/domain1.crt | |||
-o smtpd_tls_key_file=/opt/zimbra/conf/domain1.key | |||
# domain2 instance | |||
1.1.1.2:smtp inet n - n - - smtpd | |||
-o smtpd_tls_cert_file=/opt/zimbra/conf/domain2.crt | |||
-o smtpd_tls_key_file=/opt/zimbra/conf/domain2.key | |||
1.1.1.2:submission inet n - n - - smtpd | |||
-o smtpd_etrn_restrictions=reject | |||
-o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%% | |||
-o smtpd_client_restrictions=permit_sasl_authenticated,reject | |||
-o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%% | |||
-o smtpd_tls_cert_file=/opt/zimbra/conf/domain2.crt | |||
-o smtpd_tls_key_file=/opt/zimbra/conf/domain2.key | |||
</pre> | </pre> | ||
(If you want to enable 465 (smtps), it's a clone of <tt>submission</tt> with <tt>-o smtpd_tls_wrappermode=yes</tt>) | |||
If you | |||
Keywords: ''ssl , virtual hosts'' | Keywords: ''ssl, virtual hosts'' <br> | ||
Version: Release 6.0.5_GA_2213.RHEL5_64_20100203001950 CentOS5_64 FOSS edition. | |||
{{Article Footer|ZCS 6.0. | {{Article Footer|ZCS 6.0.5|1/20/2011}} | ||
[[Category: Virtual Hosting]] | [[Category: Virtual Hosting]] | ||
[[Category: SSL/TLS]] | [[Category: SSL/TLS]] | ||
[[Category: ZCS | [[Category: ZCS 6.0]] |
Latest revision as of 23:37, 26 January 2015
For HTTP, POP3, and IMAP, please see the SSL certificates per domain guide.
postfix (SMTP)
For postfix we use a .in master file that you can edit and have the changes stick: just edit /opt/zimbra/postfix/conf/master.cf.in (after backing it up of course!). Instead of letting postfix bind to the port globally, you configure it to bind to a specific address and override the global certificate with a specific one:
Before:
smtp inet n - n - - smtpd submission inet n - n - - smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%% -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
After:
# domain1 instance 1.1.1.1:smtp inet n - n - - smtpd -o smtpd_tls_cert_file=/opt/zimbra/conf/domain1.crt -o smtpd_tls_key_file=/opt/zimbra/conf/domain1.key 1.1.1.1:submission inet n - n - - smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%% -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%% -o smtpd_tls_cert_file=/opt/zimbra/conf/domain1.crt -o smtpd_tls_key_file=/opt/zimbra/conf/domain1.key # domain2 instance 1.1.1.2:smtp inet n - n - - smtpd -o smtpd_tls_cert_file=/opt/zimbra/conf/domain2.crt -o smtpd_tls_key_file=/opt/zimbra/conf/domain2.key 1.1.1.2:submission inet n - n - - smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%% -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%% -o smtpd_tls_cert_file=/opt/zimbra/conf/domain2.crt -o smtpd_tls_key_file=/opt/zimbra/conf/domain2.key
(If you want to enable 465 (smtps), it's a clone of submission with -o smtpd_tls_wrappermode=yes)
Keywords: ssl, virtual hosts
Version: Release 6.0.5_GA_2213.RHEL5_64_20100203001950 CentOS5_64 FOSS edition.