As we're aware postfix doesn't support SNI (Server Name Indication), which means that if you'd define a certificate, it will be used for all domain names that you have on that server, which could be bad for people not willing to pay big bucks to purchase fancy certificates. Postfix states on their website that they have no plans to implement SNI.
I have my mail server configured with Dovecot and Postfix. I would like to replace postfix with something that supports SNI and compatible with Dovecot (or at least accepts the same username/password database scheme from Dovecot).
Could you please tell me what alternatives to postfix exist that fulfill these conditions (preferably open source).
Best Answer
If you already know all the FQDN's you are going to need, buy a SAN-certificate.
If you need to be flexible with you certificates you can try and setup a nginx smtp proxy. I looked at the documentation and from the looks it should support SNI but it's not going to be an easy setup I think: http://nginx.org/en/docs/mail/ngx_mail_ssl_module.html
1st update:
two links that might help you:
http://citrin.ru/nginx:ngx_mail_core_module
http://wiki.nginx.org/MailCoreModule
2nd update:
As of 2016 you can easily get SAN certificates from the Let's Encrypt Project for free.
I strongly suggest, you get yourself a SAN certificate and include all the FQDN you need for your service in that one certificate. Currently you can include as many as 100 subject alternative names per certificate.