Philip B. Howells said:
My friend and I are deploying an email/web/ftp server via gentoo.
Currently we use qmail/vpopmail/courier-imap/squirrelmail. We are
considering moving to a full courier-mta solution, particularly if it has
what we want. It looks really great so far, but I have only one question.
We need a "fully virtual" system with support for over a dozen domains,
but we also really care about security; esmtp, ssl, etc. To do that you
need a certificate. However, if my certificate is for domain1.tld, my
system is not really very virtual for the users of domain2.tld, etc. That
is a thing that is hard to resell, as it would be necessary to explain
to people that the domain mismatch was ok. Not good. So, is it possible to
have different certificates for each virtual domain? I want, for
example, /usr/.../esmtpd.domain1.tld.pem, and so on for each domain, and
each protocol. Vpopmail on my box puts things in
/var/vpopmail/domains/(domain)/users/(user)/.maildir/ ... So, one could
put the certificate in /var/vpopmail/domains/(domain)/, for example. (Of
course adjusted for the courier-mta layout). Hmmm...
Yes, assuming each domain is using a seperate IP address. Name the
certificates by IP address. esmtpd.pem.1.2.3.4 and such. It is not
possible to use multiple certificates with a single IP address hosting
multiple domains. This is a limitation of SSL not Courier, Apache has the
same limitation. There is apprently no way for the server to know which
domain was called at the start of the SSL session and thus, no way of
responding with the correct certificate.
Jay
8 messages in net.sourceforge.lists.courier-usersRe: [courier-users] courier certificates
