Multiple SSL Certs with virtual domains?

Eric Luyten Eric.Luyten at vub.ac.be
Thu Jan 21 05:36:02 EST 2010 

On Thu, January 21, 2010 11:27 am, Michael Menge wrote:
> Hi,
>
>
> Quoting Scott Lambert <lambert at lambertfam.org>:
>
>
>> I am about to bring up the second of several virtual domains on my
>> Cyrus-IMAPd 2.3.15 installation.  I've been Googling but can't seem
>> to come up with a useful search string for finding posts talking about using
>> multiple secure certificates for POP/IMAP connections to mail.domain1.com
>> and mail.domainN.com.  We are rolling up multiple small mail servers into
>> one host.
>>
>> The only thing I've been able to figure is that I will need to at least
>> have multiple imapd-domainX.conf files and have multiple pop3(s)/imap(s)
>> lines in cyrus.conf for each domain so that the secure certs can match the
>> hostname configured in the user's existing mail program.
>>
>> Is there a more elegant method than something like the below plan?
>>
>>
>> SERVICES {
>> # add or remove based on preferences
>> imap        cmd="imapd -C imapd-domain1.conf" listen="mail.domain1.com:imap"
>> imaps        cmd="imapd -s -C imapd-domain1.conf"
>> listen="mail.domain1.com:imaps"
>> pop3        cmd="pop3d -C imapd-domain1.conf" listen="mail.domain1.com:pop3"
>> pop3s        cmd="pop3d -s -C imapd-domain1.conf"
>> listen="mail.domain1.com:pop3s"
>> imap        cmd="imapd -C imapd-domain2.conf" listen="mail.domain2.com:imap"
>> imaps        cmd="imapd -s -C imapd-domain2.conf"
>> listen="mail.domain2.com:imaps"
>> pop3        cmd="pop3d -C imapd-domain2.conf" listen="mail.domain2.com:pop3"
>> pop3s        cmd="pop3d -s -C imapd-domain2.conf"
>> listen="mail.domain2.com:pop3s"
>> ...
>> imap        cmd="imapd -C imapd-domainN.conf" listen="mail.domainN.com:imap"
>> imaps        cmd="imapd -s -C imapd-domainN.conf"
>> listen="mail.domainN.com:imaps"
>> pop3        cmd="pop3d -C imapd-domainN.conf" listen="mail.domainN.com:pop3"
>> pop3s        cmd="pop3d -s -C imapd-domainN.conf"
>> listen="mail.domainN.com:pop3s"
>> sieve         cmd="timsieved" listen="sieve" prefork=0
>>
>> lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0 }
>>
>>
>
> You have to use different service name. Each service name may only
> apeare once.


Correct (I overlooked that, but it would have become pretty obvious when
starting Cyrus :-)

As an aside, this will enable you to attribute log lines to the correct
service, since Cyrus syslogs to one and the same facility.


Eric.

More information about the Info-cyrus mailing list