Mark Constable writes:
On 19/04/12 14:26, Sam Varshavchik wrote: >> That postfix config example allowed for MULTIPLE bindings to >> MULTIPLE IPs with each providing it's own outgoing hostname and >> SSL certificate. > > You're using client certificates to authenticate your outbound SSL > connections?Sorry Sam, now I see what I did not explain properly. It's for incoming SMTPS connections on port 465 so that when a client connects to the server they can use "theirdomain.com" for the outgoing mailserver with their own "theirdomain.com" SSL cert.
It doesn't matter what certificate THEY use, as long as the certificate is signed by the CA that Courier knows about. You don't need multiple IPs just for that. They can all use the same IP address, as long as their cert's signing CA is trusted.
When the message gets delivered it appears to the recipient as if coming from theirdomain.com and passes all SPF and eyeball checks as to looking like it really did come from the theirdomain.com mailserver with no hint of any other domainname involved, including the canonical server hostname. The "magic" is that there can be MULTIPLE virtual hosts on the same physical server all providing their own masqueraded identities with the sending clients connecting to what they think is their own mailserver and for all intents and purposes, they are.
That's something completely different. You need to keep track of which IP address the message was received at, if you're listening to multiple IP addresses, then use the same IP address for outgoing mail, and know which HELO address to use for which one. That's what I think you're trying to do.
There's no code right now to do anything like that. Using a different /server/ certificate for SSL, based on the IP address, works the same for SMTP as it does for IMAP. That can be done. But doing something like this is a different ball of wax. It would be possible to implement something like that – but at the moment this does not exist.
pgpwP3xPTtKPy.pgp
Description: PGP signature
------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
