15
SNI for Mail Services
Idea shared by Virendra - 9/16/2019 at 6:53 AM
In Progress
With new Plesk Obsidian Release coming out and the beta with the below feature, 

SNI for Mail Services
Secure your SMTP, IMAP, and POP connections to the mail server using an SSL/TLS certificate. SNI support comes for both Postfix and MailEnable, allowing installation of individual certificates for each domain.

Is this something planned in smartermail for future release, as this would be a really most looked up feature,

many thanks,     

21 Replies

Reply to Thread
2
Kyle Kerst Replied
Employee Post
Hello Virendra, I do believe SNI based port bindings is something we have on our roadmap. I'll check with development on this and let you know what I find out. 
Kyle Kerst
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
Has there been any update to this? 
2
Kyle Kerst Replied
Employee Post
Sorry for the delay on this! SNI is something we have on our list for inclusion in the future, but there has not been an update on this just yet. In the meantime you can set up an SSL environment with something like LetsEncrypt in the meantime, as this will allow you to operate multiple hostnames on a single certificate, allowing you to have all users connect on that single secure port. 
Kyle Kerst
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
2
Hi,

The current limit is no more than 100 names in a SAN for Let's Encrypt. But we have more than 150 domains for now. This feature is even available on cPanel Exim. We cannot explain to customers that SmarterMail does not have this feature.  That's why we plan to continue with another mail server. We haven't purchased any updates for this feature for a long time. :( 

1
I vote for this feature too, because we have over 300 domains and this feature will be a very time saving tool!
Gabriele Maoret - Head of SysAdmins at SERSIS
Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
0
All mobile devices force using SSL for mail settings. Users receive an error message because they use their incoming and outgoing server addresses as mail.domain.tld. It is not possible to define a common domain for each customer. We have difficulty in explaining this.
1
This is something we needed too. 

To work around it we had to setup a dovecot in proxy mode in front of smartermail as dovecot supports SNI. 
So the SSL negotiation is done by dovecot and then it transparently forwards the commands to the smartermail host.


Sébastien Riccio
System & Network Admin

7
Andrea Free Replied
Employee Post
Hello all,
 
I want to provide an update on the SNI feature request for SmarterMail. We have been in the process of implementing SNI in SmarterMail, along with dynamic certifications from SSL providers like Let's Encrypt or ZeroSSL. However, we ran into a limitation with the .NET Standard Framework that will not allow us to integrate at this time. To fully implement SNI support, it will require a transition to .NET Core.

 .NET Core is on our roadmap and will also enable Linux integration for SmarterMail. Now that we've found that SNI requires it, it will urge us to move this up transition even more.
 
So, we are now reconsidering our plan for the remainder of the year and will share more information shortly. (The joys of constantly changing technologies!)

Thank you,

Andrea Free
SmarterTools Inc.
877-357-6278

www.smartertools.com

2
Hello,
is there any update on this feature?
0
we are waiting news on this feature too...
Gabriele Maoret - Head of SysAdmins at SERSIS
Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
0
You can add another 100-domain SAN by adding another IPv6/Legacy IP address to the host running SmarterMail then configuring a specific binding for that IPv6/Legacy IP address to a specific certificate; remember that you need to create the binding in both the SmarterMail configuration *and* the host IIS configuration.

All you need to do then is to make sure that hostnames point to the specific IPv6/Legacy IP address that serves the certificate for that hostname.

This works well for me with SmarterMail v17 and Windows Server 2016.
1
Thanks for the tip, but we are hosting multiple Smartermail servers with 500+ domains, constantly adding new and deleting old ones, so unfortunately this is not an optimal solution for us. 
An ETA for this feature would be nice.
1
We are still experiencing a similar problem. We want to move forward with Smartermail. I hope an effective solution will be found as soon as possible. SmarterMail is the most suitable solution in terms of license and infrastructure costs.
0
HI,

Any news from this? 

Regards,

SR
2
Hi,

Unfortunately, years have passed on a very important issue, but SmarterMail has not made any headway. We are tired of telling every customer that they must use a server hostname. 
1
How long will it take more?

Nomi
0
An update in this matter would be appreciated.
0
Finally, SmarterMail offered a solution to this issue in the new version. Thanks a lot :) 


Release Notes
  • ADDED: SNI SSL/TLS support.
  • ADDED: Certificate management areas at the system and domain administration levels.
0
Yes but its allready there in IIS for the site Smartermail is using.

We run SNI here....
0
Hello everyone

Yes, SNI for HTTP/HTTPS requests is one thing, but I'm also more interested in all the protocols such as SMTP/S, POP3/S, IMAP4/S, etc. with SNI support so that each customer has their own certificate, for example with Let's Encrypt can be generated. Or was it not intended to go that far?
0
Zach Sylvester Replied
Employee Post
Hey Roger, 

Thanks for the question. That was one of the main points of SNI. It does indeed work with the protocols. We are still working out some of the kinks and some changes are coming so I think you should wait until the next update before giving your full review. 😁

Thanks, 

Zach Sylvester

System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread