Very much a work in progress.

This site is very rough around the edges at the moment but will slowly take shape over time.

I primarily use this a s a journal or notebook for some of the projects I'm doing.  The primary goal at the moment is setting up a number of online servers for use with some webhosting and also to try and learn a bit about Linux and server operations as well as having a bit of fun.

This site will be undergoing many changes in the coming period and hopefully will be of some benefit to me and anyone who stumbles upon it.

Centos Server

Details
Category: Server

I have never been real happy about using a domain for all email when setting up virtual servers.

For example if I setup hostserver.com to host a virtual server for mydomain.com then on the email side the settings the client would use were :

Username This email address is being protected from spambots. You need JavaScript enabled to view it. and password

IMAP server hostname mail.hostserver.com 
IMAP server port 993
Use SSL for IMAP? Yes
POP3 server hostname mail.hostserver.com
POP3 server port 995
SMTP server hostname mail.hostserver.com
SMTP server port 587
Use SSL for SMTP? Yes
SMTP encryption type STARTTLS 

etc.

Even though the end user still has their own email domain etc and there are some advantages to this sort of setup, (I believe?), I still think that it looks far more professional and secure if each domain is using their own settings.  It's also much easier if you have a number of servers to move domains if required without their need to reconfigure email clients etc.

Webmin / Virtualmin hasn't had this option, till now.

As from version 3.4 we now have "SNI (server name indication) support in the Postfix SMTP server, the Postfix SMTP client, and in the tlsproxy(8) daemon (both server and client roles)." 

Basically we can setup multi domains with separate ssl (with only 1 ip) in postfix and allow domains to use their own mail domain names for email.

Just what the doctor ordered ;)

Part of this information is available from the Virtualmin forum but I found I needed to make a few extra changes to settings etc to get it to work with Virtualmin etc fully.

Anyway, first of we need to use the GhettoForge Repos.  For Centos 7 i used:

 Now enable the conflicting repo that replaces default packages from CentOS 7 by running::

yum-config-manager --enable gf-plus

Limit installable candidates to Postfix only by running:

yum-config-manager --save --setopt=gf-plus.includepkgs=postfix*

Commands I used was to clean the cache in YUM first to ensure the correct packages are downloaded.

yum clean all

I then removed postfix 2 first

yum remove postfix

Now we install postfix3

yum install postfix3

In this case, this installed Postfix 3.5.8 plus dependencies. This can be confirmed by running the command:

postconf -d mail_version

We restart postfix and check on status:

systemctl restart postfix && systemctl status postfix

I run Webmin 1.973 which which DOESN'T automatically recognise the new version of postfix.  I tried restarting webmin, rerunning Virtualmin config etc to no avail so I needed to edit the version file manually.

I went into the File Manager in Webmin and edited the file at : /etc/webmin/postfix/version

In my case I entered "3.5.8" (no quotes)

When you go into the Postfix Mail Server module under Webmin ->Servers->Postfix Mail Server, there is an extra option available called "Certificate Mapping"

Now we need to copy back tne main.cf and master.cf files in /etc/postfix

The installation made a backup of these files to /etc/postfix/main.cf.rpmsave and master.cf.rpmsave

Reload Configuration and hopefully postfix is ready to use.

Now I ran the Virtualmin ->System Settings -> Re-Check Configuration and ensure that its ready to use by Virtualmin.

Now when I go into one of my Virtual Server that has a SSL certificate and select:

Server Configuration -> SSL Certificate and then the Service Certificates tab.

There's a new option : Postfix IP certificate enable?

Click the Yes option and click Save and we're now ready to go.

Now when I set up a domains email on whatever email client I like,  I can use settings like:

If the host was hostserver.com

then I can now use

Username This email address is being protected from spambots. You need JavaScript enabled to view it. and password

IMAP server hostname mail.mydomain.com 
IMAP server port 993
Use SSL for IMAP? Yes
POP3 server hostname mail.mydomain.com
POP3 server port 995
SMTP server hostname mail.mydomain.com
SMTP server port 587
Use SSL for SMTP? Yes
SMTP encryption type STARTTLS

Rather than having to use the mail server config such as mail.hostserver.com with username This email address is being protected from spambots. You need JavaScript enabled to view it.

 I have full SSL encryption using the domains certificate, rather than the host certificate. 

Final Note:

I've used this method on 2 seperate dedicated server I have, and so far, so good.

I had a minor setback on the second server because I hadn't copied the hostserver SSL to postfix and dovecot etc prior to this and in turn when I attempted to test the email from a domain, I kept gettting couldn't contact the SMTP server errors.  Once I copied the hostserver.com certificate to the mail servers through Server Configuration -> SSL Certificate ->Service Certificates from the Virtual Server of hostserver.com then it worked fine.

enjoy.