Hi, I had somehow missed this thread...
On Sun, Jan 18, 2015 at 04:25:20PM -0600, Edgar Pettijohn wrote: > I added another host and test user and everything seems to be working. > Reread smtpd.conf(5) and feel good about this setup. A few questions > remain. When I connect from my home pc with: > > $ mutt -f imap://[email protected]@test.pettijohn-web.com > > and send an email to myself the from address is [email protected] instead > of what it should be. However, when using thunderbird it works as expected. > That is because you didn't configure your From in mutt which will therefore not append a domain and let OpenSMTPD do it. In my ~/.muttrc I have: set realname="Gilles Chehade" set from="[email protected]" You don't need to do that with Thunderbird, it does it automatically. > It also does not present the proper cert for the new domain. From the man > page: > > #pki listen context > The *hostnames* parameter overrides the server name for specific addresses. > Table /names/ contains a mapping of IP addresses to hostnames and smtpd(8) > <http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&sec=8> will use the > hostname that matches the address on which the connection arrives if it is > found in the mapping. > > If all virtual domains map to the same ip then this <names> table won't > work. > Yes, this is right, `hostnames` is a mechanism to map an IP to a hostname like I mentionned in the ticket you opened. When you connect, before even you start TLS, OpenSMTPD will great you and needs to know which hostname it will run under. The mapping can't be that an IP resolves to several hostnames otherwise it can't know. SNI happens later in the chain, after it has greated you, you have EHLOed it has told you it supports STARTTLS and you have started to negotiate. > #pki relay context > When relaying, STARTTLS is always attempted if available on remote host and > OpenSMTPD will try to present a certificate matching the outgoing hostname > if one is registered in the pki. If pki is specified, the certificate > registered for pkiname is used instead. > > Is there a way to make the listen work like the relay and just use the > matching cert? > It should work automatically. If your client supports SNI, during the TLS negotiation, it will ask for the specific virtual domain and OpenSMTPD will try to find a pki that is registered for that domain and pick it up. This has nothing to do with the `hostnames` table. Are you sure your version of mutt has SNI support ? -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
