Question SSL for email on Addon domains

[VojkanC]

When I go to mydomain.com:8443/admin/ssl-certificate/list
There is an option to choose Certificate for securing mail and works great.

Some of my customers would like to have their branded incoming and outgoing email servers like:
mail.mycustomer.com that they can use over SSL/TLS and port 465.
Currently, some email clients have warnings and Apple Mail users don't have any warning... it just fails to receive/send emails.
The only configuration that works is that my customers use server domain like mail.serverdomain.com

How can this be achieved with:
OS : ‪CentOS Linux 7.6.1810 (Core)
‬Product: Plesk Onyx Version 17.8.11 Update #41

 

[VojkanC]

Can someone please help with this issue?

 

[learning_curve]

Not quite sure @VojkanC from the wording in your post, as to what you (as server admin) have already setup / what you've already given customers, in terms of their own setup limits etc and what you're specifcally trying to achieve, but.... Some quick questions to try and understand a bit clearer before looking at DNS and other record sets etc:

1) Is mycustomer.com a valid domain, with a subscription detailed within your Plesk setup?

If it is, then

2) What have you / your customers setup here: https://serverdomain.com:8443/smb/mail-settings/edit/id/XX/domainId/XX (where XX is the Domian ID for mycustomer.com which you'll find listed on here: https://serverdomain.com:8443/admin/subscription/list?context=subscriptions

A screengrab maybe the easiest way to answer that 2nd question.

 

[VojkanC]

My question is really simple.

Customers are used to using the following incoming/outgoing servers: mail.customerdomain.com
This works with plain text auth, but with SSL/TLS there is a problem because Plesk enables only one mail server that passes SSL check for MX.

Is it possible to use incoming/outgoing servers in the format mail.customerdomain.com over SSL (port 465 for SMTP and port 995 for POP) for each of my customers?
I have one IP with several customers.

 

[learning_curve]

@VojkanC Yes, its possible. We can say that, because we do what you have described, but....
Currently, you'll need a resource outside of those supplied by Plesk and, it really does depend on how many domains you have versus the amount of work involved to do this. In short, you would need a *Wildcard Let's Encrypt Certifcate, which cover's multiple domains (any or all of which, can also have sub-domains too) and this certificate, must be issued against the same FQDN that Plesk is setup on and this certificate needs to be sourced outside of Plesk at present. We now use THIS resource to provide this. You stlll should have all the individual domian's Let's Encrypt Certifcates too, but these can be issued by using the Plesk Let's Encrypt Extension. Once you have all the certificates, you then have to set everything up in Plesk correctly, in order for this to work. There's many posts on this subject in this forum, if you run a detailed search, but THIS one (in another forum area) may be a good starting point.