Hmmm, sendmail doesn't support SNI...
I think bluequartz also changed qpopper to dovecot in the past.
I wonder if sendmail will change...
I just noticed that the sendmail.org page was gone.
2020年5月21日(木) 16:22 Tomohiro Hosaka <boku...@gmail.com>:
>
> Hi,
>
> We are considering SNI support for dovecot for pops and imaps.
>
> Specifically, it can be done with the following code.
>
> # /etc/dovecot/conf.d/11-ssl-sni.conf
> local_name system.fqdn {
> ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
> ssl_key = </etc/pki/dovecot/private/dovecot.pem
> }
> % for my $vsite_fqdn (@vsite) {
> local_name $vsite_fqdn {
> ssl_cert = </usr/sausalito/acme/certs/$vsite_fqdn/$vsite_fqdn.cer
> ssl_key = </usr/sausalito/acme/certs/$vsite_fqdn/$vsite_fqdn.key
> }
> % }
>
> Add this to /usr/sausalito/handlers/base/email/copy_certs.pl etc
> I think that it can be supported by inserting an appropriate hook in
> /usr/sausalito/conf/base/email/email.conf.
>
> If SNI is not supported for pops and imaps, hostname verification
> failed will occur unless system.fqdn is specified.
> The owner of vsite I think it's cool is better to be without knowing
> the system.fqdn.
>
> There are various likes and dislikes of the trend of https conversion
> and let's encrypt, but the mobile environment around us and MUA are
> pressing us.
>
> Thanks,
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
