Add postfix SNI support

mail/README.md

@@ -11,6 +11,7 @@ sudo mkdir -p /data/mail/config
 sudo chown vmail: /data/mail/*
 
 cat schema.sql | sudo -u vmail sqlite3 /data/mail/config/vmail.db
+sudo chown vmail:postfix /data/mail/config/vmail.db
 sudo chmod 640 /data/mail/config/vmail.db
 ```
 
@@ -26,12 +27,13 @@ sudo apt install sqlite3 postfix postfix-sqlite dovecot-imapd dovecot-sqlite ope
 DOMAIN=example.com
 
 sudo cp -r postfix dovecot /etc
+sudo chmod 600 /etc/postfix/sni.cf
+
 sudo sed -i '$ r opendkim/local.conf' /etc/opendkim.conf
-sudo sed -i s/example.com/$DOMAIN/ /etc/postfix/main.cf /etc/dovecot/local.conf
+sudo sed -i s/example.com/$DOMAIN/ /etc/postfix/{main,sni}.cf /etc/dovecot/local.conf
 sudo sed -i '/include auth-system/ s/.*/#&/' /etc/dovecot/conf.d/10-auth.conf
 
 sudo ln -s /data/mail/config/vmail.db /.opendkim-bug-241.db
-sudo chown vmail:postfix /data/mail/config/vmail.db
 
 opendkim-genkey -d $DOMAIN -s s
 chmod +r s.private
@@ -40,6 +42,12 @@ cat s.txt
 rm s.private s.txt
 ```
 
+## Certificate Reload
+
+```sh
+postmap -F /etc/postfix/sni.cf
+```
+
 ## Notes
 
 * The `vmail.db` parent directory needs to be writeable by the user modifying the database

mail/postfix/main.cf

@@ -14,6 +14,7 @@ smtp_tls_security_level = may
 smtpd_tls_security_level = may
 smtpd_tls_key_file =  /data/ssl/certs/mail.example.com/privkey.pem
 smtpd_tls_cert_file = /data/ssl/certs/mail.example.com/fullchain.pem
+tls_server_sni_maps = hash:/etc/postfix/sni.cf
 
 # Custom
 

mail/postfix/sni.cf

@@ -0,0 +1 @@
+mail.example.com /data/ssl/certs/mail.example.com/privkey.pem /data/ssl/certs/mail.example.com/fullchain.pem