On 19/04/12 21:16, Sam Varshavchik wrote: >> The "magic" is that there can be MULTIPLE virtual hosts on the same >> physical server all providing their own masqueraded identities with the >> sending clients connecting to what they think is their own mailserver >> and for all intents and purposes, they are. > > That's something completely different. You need to keep track of which > IP address the message was received at, if you're listening to multiple > IP addresses, then use the same IP address for outgoing mail, and know > which HELO address to use for which one. That's what I think you're > trying to do.
eth0 = xx.xx.xx.1 = primarydomain.com = esmtpd.pem eth0:0 = xx.xx.xx.10 = vdomain0.com = esmtpd.pem.xx.xx.xx.10 eth0:1 = xx.xx.xx.11 = vdomain1.com = esmtpd.pem.xx.xx.xx.11 eth0:2 = xx.xx.xx.12 = vdomain2.com = esmtpd.pem.xx.xx.xx.12 [...] The above works fine with courier when clients use these domainnames as outgoing mailservers on port 465, they get the right certificate without any errors. I'm not familiar with postfix either but this does work... xx.xx.xx.10:smtps inet n - - - - smtpd -o myhostname=vdomain0.com -o smtpd_tls_cert_file=/etc/ssl/vdomain0.com.pem -o smtpd_tls_key_file=/etc/ssl/vdomain0.com.pem xx.xx.xx.10- unix - n n - - smtp -o smtp_bind_address=xx.xx.xx.10 xx.xx.xx.11:smtps inet n - - - - smtpd -o myhostname=vdomain1.com -o smtpd_tls_cert_file=/etc/ssl/vdomain0.com.pem -o smtpd_tls_key_file=/etc/ssl/vdomain0.com.pem xx.xx.xx.11- unix - n n - - smtp -o smtp_bind_address=xx.xx.xx.11 xx.xx.xx.12:smtps [...] So that a client with, say, vdomain1.com as the outgoing mailserver can connect on port 465, get the right certificate for vdomain1.com, and the recipient end-user gets... Received: from vdomain1.com ([::ffff:xx.xx.xx.11]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by xxxxxx.org with ESMTPS; Sat, 14 Apr 2012 15:49:56 -0700 id 0000000000020522.000000004F89FF15.0000096A Received-SPF: pass (Address passes the Sender Policy Framework) SPF=HELO; sender=vdomain1.com; remoteip=::ffff:xx.xx.xx.11; remotehost=; helo=vdomain1.com; receiver=xxxxxx.org; Received-SPF: pass (Address passes the Sender Policy Framework) SPF=MAILFROM; sender=u...@vdomain1.com; remoteip=::ffff:xx.xx.xx.11; remotehost=; helo=vdomain1.com; receiver=xxxxxx.org; > It would be possible to implement something like that – but at the > moment this does not exist. Any plans to do so in the future? I've got a test machine running courier-mta 0.67.0 with 3 domains on 3 IPs with their own certificates if that is of any use :-) ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
