Re: Multiple SSL Certs with virtual domains?

"Eric Luyten" <Eric.Luyten@xxxxxxxxx> · Thu, 21 Jan 2010 11:36:02 +0100 (CET)

On Thu, January 21, 2010 11:27 am, Michael Menge wrote:
> Hi,
>
>
> Quoting Scott Lambert <lambert@xxxxxxxxxxxxxx>:
>
>
>> I am about to bring up the second of several virtual domains on my
>> Cyrus-IMAPd 2.3.15 installation.  I've been Googling but can't seem
>> to come up with a useful search string for finding posts talking about using
>> multiple secure certificates for POP/IMAP connections to mail.domain1.com
>> and mail.domainN.com.  We are rolling up multiple small mail servers into
>> one host.
>>
>> The only thing I've been able to figure is that I will need to at least
>> have multiple imapd-domainX.conf files and have multiple pop3(s)/imap(s)
>> lines in cyrus.conf for each domain so that the secure certs can match the
>> hostname configured in the user's existing mail program.
>>
>> Is there a more elegant method than something like the below plan?
>>
>>
>> SERVICES {
>> # add or remove based on preferences
>> imap        cmd="imapd -C imapd-domain1.conf" listen="mail.domain1.com:imap"
>> imaps        cmd="imapd -s -C imapd-domain1.conf"
>> listen="mail.domain1.com:imaps"
>> pop3        cmd="pop3d -C imapd-domain1.conf" listen="mail.domain1.com:pop3"
>> pop3s        cmd="pop3d -s -C imapd-domain1.conf"
>> listen="mail.domain1.com:pop3s"
>> imap        cmd="imapd -C imapd-domain2.conf" listen="mail.domain2.com:imap"
>> imaps        cmd="imapd -s -C imapd-domain2.conf"
>> listen="mail.domain2.com:imaps"
>> pop3        cmd="pop3d -C imapd-domain2.conf" listen="mail.domain2.com:pop3"
>> pop3s        cmd="pop3d -s -C imapd-domain2.conf"
>> listen="mail.domain2.com:pop3s"
>> ...
>> imap        cmd="imapd -C imapd-domainN.conf" listen="mail.domainN.com:imap"
>> imaps        cmd="imapd -s -C imapd-domainN.conf"
>> listen="mail.domainN.com:imaps"
>> pop3        cmd="pop3d -C imapd-domainN.conf" listen="mail.domainN.com:pop3"
>> pop3s        cmd="pop3d -s -C imapd-domainN.conf"
>> listen="mail.domainN.com:pop3s"
>> sieve         cmd="timsieved" listen="sieve" prefork=0
>>
>> lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0 }
>>
>>
>
> You have to use different service name. Each service name may only
> apeare once.

Correct (I overlooked that, but it would have become pretty obvious when
starting Cyrus :-)

As an aside, this will enable you to attribute log lines to the correct
service, since Cyrus syslogs to one and the same facility.

Eric.

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html