Multiple domains and certificates

[g p]

I have three domains and have created my own certificates for them but I 
cannot get OpenSMTPD to work with all of them, just one.

$ cat smtpd.conf
# pki setup
pki mail.garybainbridge.email certificate 
"/etc/ssl/mail.garybainbridge.email.crt"
pki mail.garybainbridge.email key 
"/etc/ssl/private/mail.garybainbridge.email.key"
pki mail.domain2.com certificate "/etc/ssl/mail.domain2.com.crt"
pki mail.domain2.com key "/etc/ssl/private/mail.domain2.com.key"
pki mail.domain3.com certificate "/etc/ssl/mail.domain3.com.crt"
pki mail.domain3.com key "/etc/ssl/private/mail.domain3.com.key"

# tables setup
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
table users file:/etc/mail/users
table secrets file:/etc/mail/secrets
table blacklist-recipients file:/etc/mail/blacklist-recipients

# listen ports setup
listen on lo0
listen on egress port 25
listen on egress port 587 tls-require pki mail.garybainbridge.email  
auth <secrets>

# allow local messages
#accept from local for local alias <aliases> deliver to maildir 
"/var/mail/%{user.username}/Inbox"
accept recipient ! <blacklist-recipients> from local for local alias 
<aliases> deliver to mbox

# allow virtual domains
accept from any recipient ! <blacklist-recipients> for domain <domains> \
    virtual <users> deliver to maildir "/var/mail/%{user.username}/Inbox"

# allow outgoing mails
accept from local for any relay

$ cat domains

garybainbridge.email
domain2.com
domain3.com

$ cat users

gary@garybainbridge.email gary
i...@domain2.com info

$ cat secrets

gary <encrypted string>

Everything works great like this, except if I try to connect with 
Thunderbird without a pki.

For example, if I try to retrieve emails via IMAP with Thunderbird it 
works for garybainbridge.mail, but no for domain2.com and user info.  In 
/var/log/maillog it shows "reason=ca-failure" and I can't add another 
line such as: "listen on egress port 587 tls-require pki 
mail.domain2.com  auth <secrets>" because it doesn't work.

If I just use "listen on egress port 587 tls-require" then I can't get 
Thunderbird to work because I get "reason=ca-failure"

How can I get it working with multiple domains and certificates?

Thank you.




--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org