Philip B. Howells said: > My friend and I are deploying an email/web/ftp server via gentoo. > Currently we use qmail/vpopmail/courier-imap/squirrelmail. We are > considering moving to a full courier-mta solution, particularly if it has > what we want. It looks really great so far, but I have only one question. > We need a "fully virtual" system with support for over a dozen domains, > but we also really care about security; esmtp, ssl, etc. To do that you > need a certificate. However, if my certificate is for domain1.tld, my > system is not really very virtual for the users of domain2.tld, etc. That > is a thing that is hard to resell, as it would be necessary to explain > to people that the domain mismatch was ok. Not good. So, is it possible to > have different certificates for each virtual domain? I want, for > example, /usr/.../esmtpd.domain1.tld.pem, and so on for each domain, and > each protocol. Vpopmail on my box puts things in > /var/vpopmail/domains/(domain)/users/(user)/.maildir/ ... So, one could > put the certificate in /var/vpopmail/domains/(domain)/, for example. (Of > course adjusted for the courier-mta layout). Hmmm...
Yes, assuming each domain is using a seperate IP address. Name the certificates by IP address. esmtpd.pem.1.2.3.4 and such. It is not possible to use multiple certificates with a single IP address hosting multiple domains. This is a limitation of SSL not Courier, Apache has the same limitation. There is apprently no way for the server to know which domain was called at the start of the SSL session and thus, no way of responding with the correct certificate. Jay -- Jay Lee Network / Systems Administrator Information Technology Dept. Philadelphia Biblical University -- ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
