AW: Postfix - Mysql - howto MultipleDomain?

2022-06-19 Thread Maurizio Caloro 
Thanks all that Answered

The Private-key now I delte on every entry on main.cf and only the fullchain
are enabled, thanks

One more point, if checking with tls-check the domains: Caloro.ch0 fine,
calm-ness.ch are still error
Remaining. Configure also the local DNS Server with me two domains, but
always finish with this.

tlsCheck-Calm-ness.ch -> Cert Hostname DOES NOT VERIFY (nmail.calm-ness.ch
!= nmail.caloro.ch | DNS:nmail.caloro.ch)
tlsCheck-Calm-ness.ch -> So email is encrypted but the host is not verified

Thanks for any help
Regards
Mauri

-Ursprüngliche Nachricht-
Von: owner-postfix-us...@postfix.org  Im
Auftrag von Viktor Dukhovni
Gesendet: Samstag, 18. Juni 2022 02:49
An: postfix-users@postfix.org
Betreff: Re: Postfix - Mysql - howto MultipleDomain?

On Sat, Jun 18, 2022 at 09:05:07AM +1000, raf wrote:

> Even if the middle pair were in the right order, and even if they 
> successfully replaced the first pair (which might not be a thing 
> anyway), it would still end up with a single RSA certificate, not 
> both.

Correct.  For multiple MTA personalities there's SNI (generally not a good
practice, we have MX records for serving multiple domains on a single SMTP
server).  This requires lookup tables that map various names to non-default
certificate chains.

-- 
Viktor.

Re: Move sent emails to sent folder?

2022-06-19 Thread Austin Witmer 
Very well! I will give this a try as soon as I have a chance.

Austin Witmer

> On Jun 18, 2022, at 10:15 PM, Viktor Dukhovni  
> wrote:
> 
> On Sat, Jun 18, 2022 at 09:27:52PM -0600, Austin Witmer wrote:
> 
>> Using
>> https://wiki.alpinelinux.org/wiki/Setting_up_postfix_with_virtual_domains
>> 
>> as a bit of a tutorial, I got one of my domains switched over to being
>> a virtual domain and was able to send and receive email for a user on
>> the domain I transferred.
>> 
>> Do I have to have the users setup now both in my postgresql database
>> and also in the /etc/postfix/virtual_mailbox_maps file? That would
>> seem redundant.
> 
> The "virtual_mailbox_maps" table can query postgresql (typically as
> 
>main.cf:
>pgsql = proxy:pgsql:${config_directory}/
>virtual_mailbox_maps = ${pgsql}vmbox.cf
> 
>vmbox.cf:
># See http://www.postfix.org/pgsql_table.5.html
># If delivery is via virtual(8), then the RHS must be a
># suitable path (typically maildir directory)
># If delivery is via LMTP or dovecot LDA, then RHS can
># be any non-empty token.
>...
> 
>> Is there a way to use virtual domains and have all the user info
>> stored in my postgresql database?
> 
> Of course.
> 
> -- 
>Viktor.

Re: AW: Postfix - Mysql - howto MultipleDomain?

2022-06-19 Thread Viktor Dukhovni 
On Sun, Jun 19, 2022 at 03:12:23PM +0200, Maurizio Caloro wrote:

> One more point, if checking with tls-check the domains: caloro.ch
> fine, calm-ness.ch are still error remaining. Configure also the local
> DNS Server with me two domains, but always finish with this.

Your mistake is to use different MX hostnames for the two domains.
Instead of:

caloro.ch.IN MX 10 nmail.caloro.ch.
calm-ness.ch. IN MX 10 nmail.calm-ness.ch.

configure your MX records as:

caloro.ch.IN MX 10 nmail.caloro.ch.
calm-ness.ch. IN MX 10 nmail.caloro.ch.

> tlsCheck-Calm-ness.ch -> Cert Hostname DOES NOT VERIFY (nmail.calm-ness.ch
> != nmail.caloro.ch | DNS:nmail.caloro.ch)
> tlsCheck-Calm-ness.ch -> So email is encrypted but the host is not verified

By default, STARTTLS in SMTP is unauthenticated opportunistic TLS.
Having a non-matching hostname in the certificate is tolerated by the
vast majority of sending systems.  "Valid" certificates are only
required if you configure DANE-TA(2) (trust anchor) TLSA records:

https://datatracker.ietf.org/doc/html/rfc7672#section-3.1.2

or publish an MTA-STS policy:

https://datatracker.ietf.org/doc/html/rfc8461#section-3

-- 
Viktor.