imaps with multiple hostnames
ken at oceana.com
Wed Nov 19 10:00:55 EST 2003
Craig Ringer wrote:
> Hi folks
> I'm running into a bit of an issue setting up Cyrus for TLS security,
> and was hoping someone could help me out.
> The host must be accessible using two different hostnames - one for
> external IMAPs via our gateway, and one for internal IMAPs with the
> host's name on our internal network. This is causing problems with SSL
> certs, and I was hoping there was a way to create a single certificate
> with multiple allowed hostnames.
> The only option I see otherwise is to host a modified version of our
> externally-visible DNS on our internal DNS server and provide a
> different value for 'mail.postnewspapers.com.au' (or whatever) that
> points to the internal host. I'm currently using a fake domain
> (.localnet) for internal DNS and using the real domain for externally
> visible public services only.
> The gateway will just be forwarding IMAPs traffic to the internal mail
> server using firewall rules.
> Ideally, I'd like to be able to set up a cert to allow both (say)
> 'mail.localnet' and 'mail.postnewspapers.com.au' as hostnames. If this
> is possible, are there any issues with doing so such as some mail
> clients not recognising the two hostnames?
> Any other suggestions?
Ideally, your client would use the Server Name Indication extension in
RFC 3546. I don't know if any client use this, and even if they do, I
haven't checked to see if OpenSSL supports it yet.
Otherwise, you could run two separate imapds listening on different IP
addresses and using different config files (so you can specify different
Your cyrus.conf could look something like this:
imaps cmd="imapd -s" listen="mail.postnewspapers.com.au"
imapsint cmd="imapd -s -C /etc/imapd.conf.int" listen="mail.localnet"
The internal and external DNS names should obviously resolve to
different IP addresses. The contents of imapd.conf and imapd.conf.int
would be the same except for the tls_* options.
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the Info-cyrus