On 17/04/12 08:16, Sam Varshavchik wrote: > It's unclear to me what this is referring to. The same code handles > SSL cert setup for smtp that does for imap, so IP address-specific > certs should work fine for smtp too.
Of course, /etc/courier/esmtpd.pem.xx.xx.xx.xx will provide the same functionality for delivering a particular SSL cert from xx.xx.xx.xx > But if this is about the stuff that goes into Received: headers, no, > Courier always puts its primary hostname into the Received: headers. That's what I am concerned about for SPF checking, and ideally vanity branding but that's not so important. > But I'd be surprised if more than 1% of mail users ever look at mail > headers, so I see very little to be accomplished there. Even without this particular line below... >> -o myhostname=domain1.com the postfix message would still pass SPF because it would create a line like this even though primary.com is zz.zz.zz.zz ... Received: from primary.com (domain1.com [::ffff:xx.xx.xx.xx]) With that extra myhostname= setting it would completely remove any hint of the primary domain and IP, which has been a holy grail for me for 10 years. This is an example from postfix to courier, with the settings from my previous message, where the primary domain and IP are different to what was reported below. Setting domain2.com to yy.yy.yy.yy would similarly rewrite the headers accordingly... Received: from domain1.com ([::ffff:xx.xx.xx.xx]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by xxxxxx.org with ESMTPS; Sat, 14 Apr 2012 15:49:56 -0700 id 0000000000020522.000000004F89FF15.0000096A Received-SPF: pass (Address passes the Sender Policy Framework) SPF=HELO; sender=domain1.com; remoteip=::ffff:xx.xx.xx.xx; remotehost=; helo=domain1.com; receiver=xxxxxx.org; Received-SPF: pass (Address passes the Sender Policy Framework) SPF=MAILFROM; sender=u...@domain1.com; remoteip=::ffff:xx.xx.xx.xx; remotehost=; helo=domain1.com; receiver=xxxxxx.org; The above is where the SPF/TXT record for domain1.com is ip4:xx.xx.xx.xx and primary.com is ip4:zz.zz.zz.zz, domain2.com is ip4:yy.yy.yy.yy etc. I don't have a multiple real certs to test this on a courier-mta server atm. Do you think that just using esmtpd.pem.xx.xx.xx.xx would provide enough header tinkering so that an SPF record for domain1.com would pass SPF on the receivers mailserver? If not, is there any "magic" I can tap into to make sure a message from a virtual IP for a particular domain will pass SPF checking using it's own SPF record? ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
