Heho,
How are you testing this? libressl connect? Are you signalling SNI there?
With best regards,
Tobias
-----Original Message-----
From: wim <w...@thinkerwim.org>
Sent: Friday, 23 September 2022 13:26
To: misc@opensmtpd.org
Subject: SNI seems not working
Hi,
Hi,
HI,
Hi, I'm trying to configure SNI,
but it always returns the first pki from my smtp.conf
Here is what my conf looks like for the moment:
# $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $
# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.
pki "*" cert "/etc/ssl/mail.thinkerwim.org.fullchain.pem"
pki "*" key "/etc/ssl/private/mail.thinkerwim.org.key"
pki "*" cert "/etc/ssl/mail.batterijland.com.fullchain.pem"
pki "*" key "/etc/ssl/private/mail.batterijland.com.key"
pki "mail.thinkerwim.org" cert "/etc/ssl/mail.thinkerwim.org.fullchain.pem"
pki "mail.thinkerwim.org" key "/etc/ssl/private/mail.thinkerwim.org.key"
pki "mail.batterijland.com" cert
"/etc/ssl/mail.batterijland.com.fullchain.pem"
pki "mail.batterijland.com" key "/etc/ssl/private/mail.batterijland.com.key"
filter dkimsign_rsa proc-exec "filter-dkimsign -d thinkerwim.org -s
20220705 -k /etc/mail/dkim/private.rsa.key" user _dkimsign group _dkimsign
#filter "rdns" phase connect match !rdns disconnect "550 DNS ERROR"
#filter "fcrdns" phase connect match !fcrdns disconnect "550 DNS ERROR"
table aliases file:/etc/mail/aliases
table batalias file:/etc/mail/batalias
#table virtuals file:/etc/mail/virtuals
#listen directives
listen on all tls pki "*"
#listen on all port 25 tls pki "*"
#listen on all port 587 tls pki hostname mail.thinkerwim.org tls pki
mail.thinkerwim.org auth #listen on all port 587 tls-require pki hostname auth
hostname
listen on all port 587 tls-require pki mail.thinkerwim.org auth hostname
mail.thinkerwim.org listen on all port 588 tls-require pki
mail.batterijland.com auth hostname mail.batterijland.com #listen on all port
465 tls-require pki mail.thinkerwim.org auth hostname mail.thinkerwim.org
listen on lo0 port 10028 tag DKIM
# send mail to maildir ~/.mail for local accounts in alias table #action
"local" maildir "%{user.directory}/.mail" alias <aliases> action "local" lmtp
"/var/dovecot/lmtp" alias <aliases> action "batlocal" lmtp "/var/dovecot/lmtp"
rcpt-to virtual <batalias>
action "relay" relay helo mail.thinkerwim.org action "relay_dkim" relay host
smtp://127.0.0.1:10027
# thinkerwim.org
match from any for domain "thinkerwim.org" action "local"
match from any for domain "batterijland.com" action "batlocal"
#match from any for domain {"thinkerwim.org","batterijland.com"} action "local"
# local
match for local action "local"
# dkim
match tag DKIM for any action "relay"
##match auth from any for any action "relay"
match auth from any for any action "relay_dkim"
Thanks
Wim Stockman
