[BlueOnyx:23864] Re: Is dovecot's SNI support planned?

Tomohiro Hosaka bokutin at gmail.com
Thu May 21 07:42:46 -05 2020


Hmmm, sendmail doesn't support SNI...

I think bluequartz also changed qpopper to dovecot in the past.
I wonder if sendmail will change...

I just noticed that the sendmail.org page was gone.

2020年5月21日(木) 16:22 Tomohiro Hosaka <bokutin at gmail.com>:
>
> Hi,
>
> We are considering SNI support for dovecot for pops and imaps.
>
> Specifically, it can be done with the following code.
>
> # /etc/dovecot/conf.d/11-ssl-sni.conf
> local_name system.fqdn {
>     ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
>     ssl_key =  </etc/pki/dovecot/private/dovecot.pem
> }
> % for my $vsite_fqdn (@vsite) {
> local_name $vsite_fqdn {
>     ssl_cert = </usr/sausalito/acme/certs/$vsite_fqdn/$vsite_fqdn.cer
>     ssl_key =  </usr/sausalito/acme/certs/$vsite_fqdn/$vsite_fqdn.key
> }
> % }
>
> Add this to /usr/sausalito/handlers/base/email/copy_certs.pl etc
> I think that it can be supported by inserting an appropriate hook in
> /usr/sausalito/conf/base/email/email.conf.
>
> If SNI is not supported for pops and imaps, hostname verification
> failed will occur unless system.fqdn is specified.
> The owner of vsite I think it's cool is better to be without knowing
> the system.fqdn.
>
> There are various likes and dislikes of the trend of https conversion
> and let's encrypt, but the mobile environment around us and MUA are
> pressing us.
>
> Thanks,



More information about the Blueonyx mailing list