Hi, Le 15/05/2017 à 15:46, Mik J a écrit : > Hello Bruno, Edgar, > > Thank you for sharing > > You wrote domain1.com and domain2.com but you don't use them there after > pki domain1.com certificate "/etc/smtpd/tls/domain1.com.crt" > pki domain1.com key "/etc/smtpd/tls/domain1.com.key" > pki domain2.com certificate "/etc/smtpd/tls/domain2.com.crt" > pki domain2.com key "/etc/smtpd/tls/domain2.com.key"
Yes, that’s the point, SMTPd auto-selects the correct pki based on the asked hostname. > listen on <IP/dev> hostname <defaulthostname> port 25 tls > > Also, could you repeat what is <defaulthostname>, a table of IP > addresses ? No, if you use `hostname`, it’s just one hostname to use as default (when the client does not specify the required hostname). But if you use `hostnames`, then it implies your listening on a device with multiple IPs, and in this case indeed this is a table of IP addresses/hostname association. > Could you post your complete configuration because I don't understand > it right now I can’t show you one with `hostnames` because that’s not my use case, but here is my (M)WE: smtpd.conf: ============ #AES-CBC and DES-CBC3-SHA ciphers because only one availables on some servers ciphers ECDHE+CHACHA20:ECDHE+AES:RSA+AES:DES-CBC3-SHA pki mydefault.host.name certificate "/etc/smtpd/tls/mydefault.host.name.crt" pki mydefault.host.name key "/etc/smtpd/tls/mydefault.host.name.key" pki mail.another.host.name1 certificate "/etc/smtpd/tls/mail.another.host.name1.crt" pki mail.another.host.name1 key "/etc/smtpd/tls/mail.another.host.name1.key" pki mail.yetanother.host.name2 certificate "/etc/smtpd/tls/mail.yetanother.host.name2.crt" pki mail.yetanother.host.name2 key "/etc/smtpd/tls/mail.yetanother.host.name2.key" # List of aliases for system users table aliases file:/etc/smtpd/aliases # Passwd file for users credentials table passwd passwd:/etc/smtpd/passwd # List of domains for which to accept emails table vdoms file:/etc/smtpd/vdoms # List of existing email adresses and their aliases table vusers file:/etc/smtpd/vusers # Accept connections from outside for delivering emails to local users (no tls-require [verify] because some servers fail those) listen on enp1s0f0 port 25 hostname mydefault.host.name tls # Accept connections from local users to send emails listen on enp1s0f0 port 587 hostname mydefault.host.name tls-require auth <passwd> mask-source # Deliver local messages accept from local for local alias <aliases> deliver to lmtp "/var/run/dovecot/lmtp" rcpt-to # Deliver incoming emails for local users accept from any for domain <vdoms> virtual <vusers> deliver to lmtp "/var/run/dovecot/lmtp" rcpt-to # Send emails to the world (no tls [verify] because some servers fail this) accept from local for any relay hostname mydefault.host.name ============ vdoms: ============ host.name another.host.name1 yetanother.host.name2 ============ vusers (extract/example): ============ postmas...@host.name bruno postmas...@another.host.name1 bruno postmas...@yetanother.host.name2 bruno ============ aliases: ============ vmail: /dev/null root: bruno ============ The `passwd` tables holds… a passwd table of local users. Note that I use `mail.` subdomains for my MXs. Regards, Bruno
signature.asc
Description: OpenPGP digital signature