Hello,
We’re rolling out large SNI deployments for our mail servers. Each
domain gets an entry like this in the config:
local_name mail.foo.com {
ssl_cert = </ssl/domain_tls/*.foo.com/combined
ssl_key = </ssl/domain_tls/*.foo.com/combined
}
There are a couple problems we’re finding with this approach:
1) Dovecot wants to load everything at once, which has some machines taking up
many GiB of memory just for Dovecot. Is there any way to defer loading of an
SSL cert until a client actually requests it?
2) Any time we add or remove a domain, Dovecot’s SNI config matrix needs to be
rebuilt. Is there a way to handle SNI requests dynamically via some sort of
configuration plugin, so we wouldn’t need to rebuild the config on domain
add/remove? I looked through the docs but couldn’t see a way to do this.
Thank you in advance!
-Felipe Gasper
Mississauga, ON
