So I undertstand SSL/TLS implementations are different for webmail and connections and I've gone through many articles here and the past forums, but I want to understand how its best to configure give the following scenario:
I have a specific IP for all the MX of all my clients.
The webmail is accessed via my own domain mail.mydomain.com and the domains of every client mail.cust1.com, mail.cust2.com
I purchased a SSL for MY domain specifically and installed it so now I can access https://mail.mydomain.com
Its not necessary that all do the same, but if they want a secure connection they need to log in with my domain, not theirs, right?
So for this part, I think Im pretty much set up well.
b) Email Connections (POP, SMTP, etc.)
I am using the same SSL cert on the same IP that everyone points to: x.x.x.49
And I binded the TLS/SSL ports to that address.
So now, my clients complain that when connecting, their outlooks and other software say its an unvalid certificate, since they are using mail.cust1.com, mail.cust2.com and not using mail.mydomain.com (and telling them to change their POP and SMTP server on their configs will take forever)
Then my question is:
Should I bind the SSL/TLS to a different IP than the normal IP that everyone has their MX records pointing to? (ie. x.x.x.50) so that if someone wants to send/receive SSL/TLS mail, they use that IP? Therefore, I would need to have some sort of subdomain like secure.mydomain.com on that ip?
If that is the case... do I need to create also MX records for that IP for each client or only for my domain? Or what is necessary in order for them to send /receive email on a new IP (ending in 50) if all the MX records point to the first ip (ending in 49). If they connect to SSL new IP and send email, then will it be tagged as spam since its not coming from the MX record IP that everyone has?
As you see, I am confused about all this config.
Thanks in advance.