only encrypted mails for 1 domain

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
jikom68425
New user
New user
Posts: 9
Joined: 2020-03-10 10:12

only encrypted mails for 1 domain

Post by jikom68425 » 2020-04-26 23:02

Hi,

I have used HMAIL for long time and thanks for it,
I received task from one of my user from security division about encrypted communication.
I have main certificate from secure communication, but for user domain, that is different from main domain with certificate when user run test on https://www.checktls.com/TestReceiver, test say that the domain is different from certificate domain.

There is no way to send 2 certificates to one port/service. It's ok, it's not Hmail problem, it not possible at all.

Is there any way to send right certificate that match domain name?

Second users problem is to disable unsecure commnucation for his other domains? I think in hmail there is not this option, but can I do it using firewall, block unsecure ports for his hostnames?

Thanks for reply and helps.

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: only encrypted mails for 1 domain

Post by mattg » 2020-04-26 23:44

Set your dns records to the name of the certificate for the other domains

Domain1.com >> MX record = mail.certificate.com
Domain2.com >> MX record = mail.certificate.com
certifciate.com >> MX record = mail.certificate.com


That is exactly what all gmail and office365 hosted domains do
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
RvdH
Senior user
Senior user
Posts: 1137
Joined: 2008-06-27 14:42
Location: Netherlands

Re: only encrypted mails for 1 domain

Post by RvdH » 2020-04-27 09:55

mattg wrote:
2020-04-26 23:44
Set your dns records to the name of the certificate for the other domains

Domain1.com >> MX record = mail.certificate.com
Domain2.com >> MX record = mail.certificate.com
certifciate.com >> MX record = mail.certificate.com


That is exactly what all gmail and office365 hosted domains do
+1

Additionaly for SMTP/POP/IMAP client connections i have created webmail access on the same address, eg: mail.certificate.com, listing (almost) every domain we host as alternative hostheaders, eg: mail.Domain1.com, mail.Domain2.com (in DNS make sure these are CNAME records to mail.certificate.com)
in LetEncrypt i then use those hostheaders to create a certificate for hMailServer to use that will match all domains we host, maybe you could something similar for what you are trying to achieve?
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

Post Reply