Re: Multidomain ssl config ?
Yeah. You get a better spam score and a better rep for your server if the
hostname you use as an MX record matches the reverse DNS for its IP
address(es) as well and everything is correct as recommended by rfc docs.
If there's outgoing mail it's all going to use the same hostname as the
"ehlo" I.D. anyways, isn't it?
The big bosses and professionals are cracking down on servers etc., aren't
they? I just recently tried to set up an alternate/backup server from a
different provider in a very authoritarian country in northwestern/central
Europe, but they borked my billing information terminated service and
screwed up my domain renewal and caused a lot of other grief elsewhere in
addition. Barely managed to save myself and stay online.
So we're going to see more small and medium sites kicked off the internet,
and even having had one's own website and email means we're not welcome on
FB, TWTR, and friends. Just squash the competition for interstate commerce,
because the cartels are taking over.
On Wednesday, June 29, 2022 1:25:18 PM AKDT, Paul Kudla (SCOM.CA Internet
Services Inc.) wrote:
John please send me a direct email address
I understand what you need and my customers are all seperate
certs per domain on both sides
I spent over three months setting stuff up
I wil send complete instructions for both postfix & dovecot
Plus auto scripts etc
You will need to be running a postgresql database for my stuff
to work without mods
And running python 2.xx
thanks - paul
Paul Kudla SCOM.CA Internet Services Inc.004-1009
Byron Street South Whitby, Ontario - Canada L1N 4S3
Toronto 416.642.7266 Main 1.866.411.7266 Fax
1.888.892.7266
On Jun 29, 2022 at 16:39:29 EDT, John Stoffel
wrote:
"Maurizio" == Maurizio Caloro writes:
Maurizio> on postfix now this seems to run, and with dovecot i need
Maurizio> also handle this two domains, but appairing this error
Maurizio> messages. like:
Why aren't you just using a single domain as the MX record for all the
domains? Then you only need one SSL cert pair for all of this, and if
you publish the right SPF records, each domain can send from the same
MX host as well.
Maurizio> Jun 29 20:49:28 Dovecot/imap-login: Info:
Disconnected (no auth attempts in 0 secs): user=<>,
Maurizio> rip=a.b.c.d, lip=37.120.190.188, TLS handshaking:
SSL_accept() failed: error:14094416:SSL routines:
Maurizio> ssl3_read_bytes:sslv3 alert certificate unknown: SSL
alert number 46, session=
Maurizio> Running with Debian Buster
Maurizio> # dovecot --version
Maurizio> 2.3.4.1 (f79e8e7e4)
Maurizio> # nmail.caloro.ch
Maurizio> local_name nmail.caloro.ch {
Maurizio> ssl_cert = ssl_key = }
Maurizio> # nmail.calm-ness.ch
Maurizio> local_name nmail.calm-ness.ch {
Maurizio> ssl_cert = ssl_key = }
Maurizio> thanks for possible help
Re: Multidomain ssl config ?
John please send me a direct email address
I understand what you need and my customers are all seperate certs per domain
on both sides
I spent over three months setting stuff up
I wil send complete instructions for both postfix & dovecot
Plus auto scripts etc
You will need to be running a postgresql database for my stuff to work without
mods
And running python 2.xx
thanks - paul
Paul Kudla SCOM.CA Internet Services Inc.004-1009 Byron Street
South Whitby, Ontario - Canada L1N 4S3Toronto 416.642.7266 Main
1.866.411.7266 Fax 1.888.892.7266
On Jun 29, 2022 at 16:39:29 EDT, John Stoffel
wrote:
> "Maurizio" == Maurizio Caloro writes:
Maurizio> on postfix now this seems to run, and with dovecot i need
Maurizio> also handle this two domains, but appairing this error
Maurizio> messages. like:
Why aren't you just using a single domain as the MX record for all the
domains? Then you only need one SSL cert pair for all of this, and if
you publish the right SPF records, each domain can send from the same
MX host as well.
Maurizio> Jun 29 20:49:28 Dovecot/imap-login: Info: Disconnected (no auth
attempts in 0 secs): user=<>,
Maurizio> rip=a.b.c.d, lip=37.120.190.188, TLS handshaking: SSL_accept()
failed: error:14094416:SSL routines:
Maurizio> ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46,
session=
Maurizio> Running with Debian Buster
Maurizio> # dovecot --version
Maurizio> 2.3.4.1 (f79e8e7e4)
Maurizio> # nmail.caloro.ch
Maurizio> local_name nmail.caloro.ch {
Maurizio> ssl_cert = ssl_key = }
Maurizio> # nmail.calm-ness.ch
Maurizio> local_name nmail.calm-ness.ch {
Maurizio> ssl_cert = ssl_key = }
Maurizio> thanks for possible help
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: Multidomain ssl config ?
> "Maurizio" == Maurizio Caloro writes:
Maurizio> on postfix now this seems to run, and with dovecot i need
Maurizio> also handle this two domains, but appairing this error
Maurizio> messages. like:
Why aren't you just using a single domain as the MX record for all the
domains? Then you only need one SSL cert pair for all of this, and if
you publish the right SPF records, each domain can send from the same
MX host as well.
Maurizio> Jun 29 20:49:28 Dovecot/imap-login: Info: Disconnected (no auth
attempts in 0 secs): user=<>,
Maurizio> rip=a.b.c.d, lip=37.120.190.188, TLS handshaking: SSL_accept()
failed: error:14094416:SSL routines:
Maurizio> ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46,
session=
Maurizio> Running with Debian Buster
Maurizio> # dovecot --version
Maurizio> 2.3.4.1 (f79e8e7e4)
Maurizio> # nmail.caloro.ch
Maurizio> local_name nmail.caloro.ch {
Maurizio> ssl_cert = ssl_key = }
Maurizio> # nmail.calm-ness.ch
Maurizio> local_name nmail.calm-ness.ch {
Maurizio> ssl_cert = ssl_key = }
Maurizio> thanks for possible help
Re: Multidomain ssl config ?
On 2022-06-29 22:00, Jürgen Echter wrote:
Am Mittwoch, Juni 29, 2022 21:24 CEST, schrieb Maurizio Caloro
:
on postfix now this seems to run, and with dovecot i need also handle
this two domains,
but appairing this error messages. like:
Jun 29 20:49:28 Dovecot/imap-login: Info: Disconnected (no auth
attempts in 0 secs): user=<>,
rip=a.b.c.d, lip=37.120.190.188, TLS handshaking: SSL_accept() failed:
error:14094416:SSL routines:
ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46,
session=
Running with Debian Buster
# dovecot --version
2.3.4.1 (f79e8e7e4)
# nmail.caloro.ch
local_name nmail.caloro.ch {
ssl_cert =
Hi,
the config says "You will still need a top-level default ssl_key and
ssl_cert as well, or you will receive errors."
I don't know if this is also a must have for SNI, as it is noted for
multipe certifcates per IP.
https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/#dovecot-ssl-configuration
This is also true for SNI.
From the config snippet above, configure the cert/key for
nmail.caloro.ch as default ssl_cert / ssl_key, so without the local_name
nmail.caloro.ch.
The nmail.calm-ness.ch can stay as is and will be served when requested
through SNI.
--
Christian Kivalo
Re: Multidomain ssl config ?
Am Mittwoch, Juni 29, 2022 21:24 CEST, schrieb Maurizio Caloro :
> on postfix now this seems to run, and with dovecot i need also handle this
> two domains,
> but appairing this error messages. like:
>
> Jun 29 20:49:28 Dovecot/imap-login: Info: Disconnected (no auth attempts in 0
> secs): user=<>,
> rip=a.b.c.d, lip=37.120.190.188, TLS handshaking: SSL_accept() failed:
> error:14094416:SSL routines:
> ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46,
> session=
>
> Running with Debian Buster
>
> # dovecot --version
> 2.3.4.1 (f79e8e7e4)
>
> # nmail.caloro.ch
> local_name nmail.caloro.ch {
> ssl_cert = ssl_key = }
> # nmail.calm-ness.ch
> local_name nmail.calm-ness.ch {
> ssl_cert = ssl_key = }
>
> thanks for possible help
>
>
>
Hi,
the config says "You will still need a top-level default ssl_key and ssl_cert
as well, or you will receive errors."
I don't know if this is also a must have for SNI, as it is noted for multipe
certifcates per IP.
https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/#dovecot-ssl-configuration
smime.p7s
Description: S/MIME cryptographic signature
