Heho, How are you testing this? libressl connect? Are you signalling SNI there?
With best regards, Tobias -----Original Message----- From: wim <w...@thinkerwim.org> Sent: Friday, 23 September 2022 13:26 To: misc@opensmtpd.org Subject: SNI seems not working Hi, Hi, HI, Hi, I'm trying to configure SNI, but it always returns the first pki from my smtp.conf Here is what my conf looks like for the moment: # $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $ # This is the smtpd server system-wide configuration file. # See smtpd.conf(5) for more information. pki "*" cert "/etc/ssl/mail.thinkerwim.org.fullchain.pem" pki "*" key "/etc/ssl/private/mail.thinkerwim.org.key" pki "*" cert "/etc/ssl/mail.batterijland.com.fullchain.pem" pki "*" key "/etc/ssl/private/mail.batterijland.com.key" pki "mail.thinkerwim.org" cert "/etc/ssl/mail.thinkerwim.org.fullchain.pem" pki "mail.thinkerwim.org" key "/etc/ssl/private/mail.thinkerwim.org.key" pki "mail.batterijland.com" cert "/etc/ssl/mail.batterijland.com.fullchain.pem" pki "mail.batterijland.com" key "/etc/ssl/private/mail.batterijland.com.key" filter dkimsign_rsa proc-exec "filter-dkimsign -d thinkerwim.org -s 20220705 -k /etc/mail/dkim/private.rsa.key" user _dkimsign group _dkimsign #filter "rdns" phase connect match !rdns disconnect "550 DNS ERROR" #filter "fcrdns" phase connect match !fcrdns disconnect "550 DNS ERROR" table aliases file:/etc/mail/aliases table batalias file:/etc/mail/batalias #table virtuals file:/etc/mail/virtuals #listen directives listen on all tls pki "*" #listen on all port 25 tls pki "*" #listen on all port 587 tls pki hostname mail.thinkerwim.org tls pki mail.thinkerwim.org auth #listen on all port 587 tls-require pki hostname auth hostname listen on all port 587 tls-require pki mail.thinkerwim.org auth hostname mail.thinkerwim.org listen on all port 588 tls-require pki mail.batterijland.com auth hostname mail.batterijland.com #listen on all port 465 tls-require pki mail.thinkerwim.org auth hostname mail.thinkerwim.org listen on lo0 port 10028 tag DKIM # send mail to maildir ~/.mail for local accounts in alias table #action "local" maildir "%{user.directory}/.mail" alias <aliases> action "local" lmtp "/var/dovecot/lmtp" alias <aliases> action "batlocal" lmtp "/var/dovecot/lmtp" rcpt-to virtual <batalias> action "relay" relay helo mail.thinkerwim.org action "relay_dkim" relay host smtp://127.0.0.1:10027 # thinkerwim.org match from any for domain "thinkerwim.org" action "local" match from any for domain "batterijland.com" action "batlocal" #match from any for domain {"thinkerwim.org","batterijland.com"} action "local" # local match for local action "local" # dkim match tag DKIM for any action "relay" ##match auth from any for any action "relay" match auth from any for any action "relay_dkim" Thanks Wim Stockman