Re: [courier-users] SNI for SSL negotiations

2016-03-02 Thread Mark Constable
>> Would mail clients like Thunderbird need to understand SNI as well >> or would it be up to only the server daemon to present the right >> certificate? > > Both. SNI is a protocol extension. Both the client and the server > have to be explicitly coded to support it. Thanks for the confirmation.

Re: [courier-users] SNI for SSL negotiations

2016-03-02 Thread Sam Varshavchik
Mark Constable writes: Would mail clients like Thunderbird need to understand SNI as well or would it be up to only the server daemon to present the right certificate? Both. SNI is a protocol extension. Both the client and the server have to be explicitly coded to support it. pgp8hxQnHj9

Re: [courier-users] SNI for SSL negotiations

2016-03-02 Thread Mark Constable
On 03/03/16 12:37, Sam Varshavchik wrote: >> Is there any possibility that SNI negotiation can take place when >> doing SSL handshakes with couriers daemons so that multiple SSL >> certificates can be used on the same IP? > > I haven't yet found the time to investigate what needs to be done >to sup

Re: [courier-users] SNI for SSL negotiations

2016-03-02 Thread Sam Varshavchik
Mark Constable writes: I think I may have asked this question many years ago but just in case things have changed. Is there any possibility that some of SNI negotiation can take place when doing SSL handshakes with couriers daemons so that multiple SSL certificates can be used on the same IP?

[courier-users] SNI for SSL negotiations

2016-03-02 Thread Mark Constable
I think I may have asked this question many years ago but just in case things have changed. Is there any possibility that some of SNI negotiation can take place when doing SSL handshakes with couriers daemons so that multiple SSL certificates can be used on the same IP? ---

Re: [courier-users] blacklist for courier how?

2016-03-02 Thread Gordon Messmer
On 03/01/2016 05:35 PM, PICCORO McKAY Lenz wrote: > 2016-03-01 14:05 GMT-04:30 Gordon Messmer >: > > Any user that authenticates is allowed to relay, so I'd think > that's the > part you need to protect. > > any user can sent to internal domain so that

Re: [courier-users] How do I make BLOCK2 available to maildrop in delivery mode?

2016-03-02 Thread Sam Varshavchik
Alessandro Vesely writes: I guess those are the “_IP”, “_TXT”, and “_ZONE” variables mentioned in http://www.courier-mta.org/couriertcpd.html#idm255210593888 For whitelists, Courier adds an Authentication-Result: dnswl=pass header field. It could do the same for blacklists. However, "dnsbl

Re: [courier-users] How do I make BLOCK2 available to maildrop in delivery mode?

2016-03-02 Thread Alessandro Vesely
On Tue 01/Mar/2016 23:36:33 +0100 Sam Varshavchik wrote: > Christopher Rüprich writes: > >> I'm using BLACKLISTS='-block=[...],BLOCK2' in /etc/courier/esmtp to >> check incoming mail against a couple of dns-blacklists. I'd like to make >> the result available to a maildrop-script in delivery mod