On 01/30/15 02:28, Gilles Chehade wrote:
Hi,
I had somehow missed this thread...
On Sun, Jan 18, 2015 at 04:25:20PM -0600, Edgar Pettijohn wrote:
I added another host and test user and everything seems to be working.
Reread smtpd.conf(5) and feel good about this setup. A few questions
remain. When I connect from my home pc with:
$ mutt -f imap://t...@test.pettijohn-web.com@test.pettijohn-web.com
and send an email to myself the from address is t...@test.my.domain instead
of what it should be. However, when using thunderbird it works as expected.
That is because you didn't configure your From in mutt which will therefore
not append a domain and let OpenSMTPD do it. In my ~/.muttrc I have:
set realname="Gilles Chehade"
set from="gil...@poolp.org"
You don't need to do that with Thunderbird, it does it automatically.
It also does not present the proper cert for the new domain. From the man
page:
#pki listen context
The *hostnames* parameter overrides the server name for specific addresses.
Table /names/ contains a mapping of IP addresses to hostnames and smtpd(8)
<http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&sec=8> will use the
hostname that matches the address on which the connection arrives if it is
found in the mapping.
If all virtual domains map to the same ip then this <names> table won't
work.
Yes, this is right, `hostnames` is a mechanism to map an IP to a hostname
like I mentionned in the ticket you opened.
When you connect, before even you start TLS, OpenSMTPD will great you and
needs to know which hostname it will run under. The mapping can't be that
an IP resolves to several hostnames otherwise it can't know.
SNI happens later in the chain, after it has greated you, you have EHLOed
it has told you it supports STARTTLS and you have started to negotiate.
#pki relay context
When relaying, STARTTLS is always attempted if available on remote host and
OpenSMTPD will try to present a certificate matching the outgoing hostname
if one is registered in the pki. If pki is specified, the certificate
registered for pkiname is used instead.
Is there a way to make the listen work like the relay and just use the
matching cert?
It should work automatically.
If your client supports SNI, during the TLS negotiation, it will ask for
the specific virtual domain and OpenSMTPD will try to find a pki that is
registered for that domain and pick it up.
This has nothing to do with the `hostnames` table.
Are you sure your version of mutt has SNI support ?
Thanks for the reply. It all makes sense to me now.
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
