Initial situation:

On the SEPPmail Secure E-Mail Gateway several virtual hosts have been configured (see Use virtual hosting) under GINA Domains.

When opening a GINA message, the following notification appears when establishing the connection with the SEPPmail Secure E-Mail Gateway

 

403 Forbidden You don't have permission to access this resource. Reason: The client software did not provide a hostname using Server Name Indication (SNI), which is required to access this server.

 

Question:

Why can the GINA message not be opened and/or why does this notification appear?

 

Answer:

Generally, this behaviour is caused by an upstream proxy server.

The wrong virtual host is addressed when opening the GINA message, or the addressed hostname is missing. Since SEPPmail Secure E-Mail Gateway version 11.1.7, access has been denied in this case for the protection against addressing an incorrect GINA Domain, in particular in client-capable systems.

 

Solution

By means of the option Disable strict SNI check when virtual hosting is enabled (see GINA Domains Settings) the behaviour of version 11.1.6 and older can be restored. However, since the protection against incorrect addressing is deactivated in this case, using this option is only intended for temporary restoration in the event of an error.