Archive for July, 2012

Postfix + Dovecot + Multiple IP addresses and SSL certificates

July 29th, 2012

I recently had the privilege of needing to setup a completely new domain on a Postfix+Dovecot mail server, along with its own IP and custom SSL certificates depending on which IP you connected to.

Here’s how to do it for Dovecot + Postfix:

Dovecot (2.0+):
* Replace 1.1.1.1 and 2.2.2.2 with your two separate IP addresses on the same server
* Note that dovecot still requires a master ssl_cert and ssl_key, so don’t remove these.

/etc/dovecot/conf.d/10-ssl.conf:

local 1.1.1.1 {
ssl_cert = Postfix:
* Remove smtpd_tls_key_file and smtpd_tls_cert_file from main.cf
* Add separate master instances for each IP in master.cf like so:

1.1.1.1:smtp inet n – n – – smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_key_file=/etc/postfix/domain1.key -o smtpd_tls_cert_file=/etc/postfix/domain1.crt
1.1.1.1:submission inet n – n – – smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_key_file=/etc/postfix/domain1.key -o smtpd_tls_cert_file=/etc/postfix/domain1.crt
2.2.2.2:smtp inet n – n – – smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_key_file=/etc/postfix/domain2.key -o smtpd_tls_cert_file=/etc/postfix/domain2.crt
2.2.2.2:submission inet n – n – – smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_key_file=/etc/postfix/domain2.key -o smtpd_tls_cert_file=/etc/postfix/domain2.crt

You can also add different SMTP banner greetings in postfix depending on which IP gets connected to. Just add -o myhostname=mail.server.com on the end of each above line.

Outgoing Mail
If you want to also have mail that is sent from your new domain to leave the mail server utilizing the new IP, you need to utilize Postfix’s “sender_dependent_default_transport_maps” feature. One way of doing this is:

* Add to the top of your main.cf:
new_domain unix – – n – – smtp -o smtp_helo_name=mail.newdomain.com -o smtp_bind_address=your.new.ip.address

* Add to the bottom of master.cf:
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent

* Create a new file named “dependent” in /etc/postfix and inside of it add:
@newdomain.com new_domain

* Then hash it with postmap and reload Postfix.