I have a single server with one Public IP and 10 domains. For each domain I’d like to have a separate docker container as an email server (Postfix + Dovecot). I’d like to achieve this with transparent TCP proxy with SNI support.
I’d like to route traffic from example.com on ports 587 & 143 to one container and traffic for acme.com on ports 587 & 143 to a different container, etc.
Can I achieve this by using host:port? Does anyone know of an example?
HostSNI() relies on the servername sent in the TLS Client Hello (SNI).
Generally smtp only supports opportunistic TLS by upgrading from plain text SMTP using STARTTLS.
As such you can only use
HostSNI(`*`) which means only 1 router can do 587/tcp.
Perhaps you can setup one MTA and relay from there to additional SMTP servers within docker.
IMAPS(993) you could support. But not IMAP(143).
Thank you for your reply and mentioning MTA - relay option.
How about if I'd switch from 587/tcp to SMTPS 465/tcp?
"I’d like to route traffic from example.com on ports 465 & 993 to one container and traffic for acme.com on ports 465 & 993 to a different container, etc.
Can I achieve this by using host:port?"
Could above be achieved with Traefik?
Yes HostSNI() would work with SMTPS(465). However I don't believe that SMTPS is widely used and you also run the risk of other MTAs not supporting tls at all. So you could artificially restrict mail flow.