Once upon a time, Svyatoslav Mishyn said:
> (Tue, 07 Jul 11:05) Chris Adams:
> > No, not postfix - it doesn't support SNI on the server side (and postfix
> > maintainers are not interested in adding support).
>
> FYI, it has SNI support but version should be >= 3.4, see:
> http://www.postfix.org/
(Tue, 07 Jul 11:05) Chris Adams:
> No, not postfix - it doesn't support SNI on the server side (and postfix
> maintainers are not interested in adding support).
FYI, it has SNI support but version should be >= 3.4, see:
http://www.postfix.org/postconf.5.html#tls_server_sni_maps
--
https://www.j
Once upon a time, Denis Sh. said:
> So, Chris, you're saying that you successfully run Postfix and Dovecot that
> rely on SNI in production?
No, not postfix - it doesn't support SNI on the server side (and postfix
maintainers are not interested in adding support). I do have Dovecot
using SNI; a
Hello!
On Mon, Jul 06, 2020 at 12:08:50PM -0700, Denis Sh. wrote:
> Thanks Maxim, so
>
> > SNI server name as sent by the client can be passed to the
> > auth_http script if needed, along this other Auth-SSL* headers,
> > this should be simple enough.
>
> you mean with config or changing NGINX
Thanks Maxim, so
> SNI server name as sent by the client can be passed to the
> auth_http script if needed, along this other Auth-SSL* headers,
> this should be simple enough.
you mean with config or changing NGINX code?
> But we are yet to see use cases
> where this is needed
use case - having
Hello!
On Mon, Jul 06, 2020 at 11:07:56AM -0700, Denis Sh. wrote:
> Thank for your reply, Maxim. Sorry, I screwed with HTML formatting!
>
> What are the chances that you would look into adding these variable into
> mail module in upstream?
> Looks like it's not very hard to do. Or SNI for mai
Yeah, It's 2020 after all :)
I think most modern mail client do support SNI and send server name in client
hello.
So, Chris, you're saying that you successfully run Postfix and Dovecot that
rely on SNI in production?
How bit is your user base, roughly?
Thanks
06.07.2020, 11:21, "Chris Adams"
so, I think passtrhru AUTH IMAP and POP works out of the box now.
It's only SMTP that NGINX never even tries to AUTH against backed.
I wonder why this decision was taken?
06.07.2020, 11:27, "Chris Adams" :
> Once upon a time, Denis Sh. said:
>> Also, I wasn't able to find a reason why NGINX
Once upon a time, Denis Sh. said:
> Also, I wasn't able to find a reason why NGINX intentionally doesn't support
> passing thru the AUTH to the backend for SMTP, same as with IMAP/POP?
I looked at adding this, using ID for IMAP and XCLIENT for POP3 (what
Dovecot supports)... didn't get the time
Once upon a time, Maxim Dounin said:
> Note though that in general there is no concept of name-based
> virtual hosts in mail protocols, and using name-based virtual
> hosts for SSL might not be a good idea either. Also, status of
> SNI support by email clients varies, and "unknown" in most cas
Thank for your reply, Maxim. Sorry, I screwed with HTML formatting!
What are the chances that you would look into adding these variable into mail
module in upstream?
Looks like it's not very hard to do. Or SNI for mail is not considered to be a
real thing?
>>> But if the goal is to provide
>>
Thank for your reply, Maxim. What are the chances that you would look into adding these variable into mail module in upstream?Looks like it's not very hard to do. Or SNI for mail is not considered to be a real thing? >> But if the goal is to provide> different certificates to different names reques
Hello!
On Mon, Jul 06, 2020 at 10:17:31AM -0700, Denis Sh. wrote:
> So, when proxying SMTP/IMAP, is it possible to get the Server
> Name that mail clients send as a part of Client Hello?
Currently no.
> Similar to Embedded Variables for ngx_http_ssl_module:
> $ssl_server_name
> returns the ser
Hi!
So, when proxying SMTP/IMAP, is it possible to get the Server Name that mail
clients send as a part of Client Hello?
Similar to Embedded Variables for ngx_http_ssl_module:
$ssl_server_name
returns the server name requested through SNI (1.7.0);
I don't see these vars defined here
https://gi
14 matches
Mail list logo
