Is there SNI support for SMTP/IMAP/POP3?

Follow

Comments

7 comments

  • Avatar
    Giancarlo

    We use Dovecot on Plesk, and it has SNI support.

  • Avatar
    Ivan Postnikov

    Hello @Giancarlo, Dovecot is used together with Postfix/Qmail. Dovecot is responsible for IMAP/POP3 and Postfix for SMTP.

    As it is stated in the article, SNI support is dependent on the functionality of the mail server software. Postfix brings limitation of SNI implementation. However, Plesk development team is researching the way to implement such feature.

  • Avatar
    Frederick Marcoux

    @Giancarlo How did you do it?

  • Avatar
    Gilberto Greppi

    Hello @Ivan, is there any news about this implementation? We want to migrate our Plesk 11.5 to Onyx and we'd like to comunicate to our customer that they can use lets encrypted for smtp and pop/map too (not only for web and webmail).

    Why do not use a second nginx instance and use it as a mail proxy server?

    https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/

     

  • Avatar
    Robert Asilbekov

    @Gilberto Greppi

    As soon as the feature will be implemented the information will be available in a Release Notes. So far, on the UserVoice portal, the feature has "Open discussion" status.

  • Avatar
    Giancarlo

    @Frederick Marcoux

    Sorry for the very late response. I didn't do anything, I stated the fact that Dovecot already has the support for SNI, but @Ivan Postnikov pointed me out that Postfix, which is at the border of the system because handles the SMTP requests, is not ready.

    @Gilberto Greppi

    You can actually encrypt your email, but the server will use just one certificate. There's a limitation in Postfix, with a discussion since 2015, because "SNI for Postfix is difficult both to justify and to safely implement". To use the certificate, your customers can use all servername.com instead of mail.customerdomain.com - all their communications will be encrypted the same way. This has nothing to do with Let's Encrypt, because you'll encounter the same problem even if you buy a certificate.

    The second nginx instance is indeed a clever solution but... what other advantages it could give, apart from the SNI support? Proxying website requests allows for more speed, because nginx is very specialized in that and can leverage caches, but using a web server to proxy mail seems like out of scope, because it couldn't answer autonomously and speed up things (each email is different). 

    I graciously accept amendments to my explanation, if it is wrong somewhere. If it was already common knowledge, my apologies.

  • Avatar
    Gilberto Greppi

    @Giancarlo: we have to migrate our 600 customers ( with about 2000 mails) from PPA to Onyx. We have to comunicate to every users that the new SMTP Server is: "mail.newplesk.mycompany.ltd"  instead of "mail.oldplesk.mycompany.ltd". Every user has a lot of mail-app (pc, mobile, Laptop, etc) und that is an enormous amount of work for our customer Support.

    The best way would be to define the  "mail.customer-company.ltd" as Mail Server für the customers. So we will have also no any problems with further Migration.

Please sign in to leave a comment.

Have more questions? Submit a request