Le 10/03/2018 à 16:13, g p a écrit : > I have three domains and have created my own certificates for them but > I cannot get OpenSMTPD to work with all of them, just one. […] > listen on egress port 587 tls-require pki mail.garybainbridge.email > auth <secrets> […]
Specifying the pki is indeed wrong if you want multiple domains to work (unless all of them are part of a single certificate, which is not the case here of course). > Everything works great like this, except if I try to connect with > Thunderbird without a pki. > > For example, if I try to retrieve emails via IMAP with Thunderbird it > works for garybainbridge.mail, but no for domain2.com and user info. > In /var/log/maillog it shows "reason=ca-failure" and I can't add > another line such as: "listen on egress port 587 tls-require pki > mail.domain2.com auth <secrets>" because it doesn't work. > > If I just use "listen on egress port 587 tls-require" then I can't get > Thunderbird to work because I get "reason=ca-failure" > > How can I get it working with multiple domains and certificates? This last version (`listen on egress port 587 tls-require`) should work though (for reference, my corresponding line is `listen on enp1s0f0 port 587 hostname $servername tls-require auth <passwd> mask-source`). Can you configure it this way and share one of the other domain names (privately if you want) so I can try by myself and see what could be wrong? Regards, Bruno
signature.asc
Description: OpenPGP digital signature