On 21/01/10 03:35 -0600, Scott Lambert wrote:
>I am about to bring up the second of several virtual domains on my
>Cyrus-IMAPd 2.3.15 installation. I've been Googling but can't seem
>to come up with a useful search string for finding posts talking
>about using multiple secure certificates for POP/IMAP connections to
>mail.domain1.com and mail.domainN.com. We are rolling up multiple small
>mail servers into one host.
>
>The only thing I've been able to figure is that I will need to at least
>have multiple imapd-domainX.conf files and have multiple pop3(s)/imap(s)
>lines in cyrus.conf for each domain so that the secure certs can match
>the hostname configured in the user's existing mail program.
>
>Is there a more elegant method than something like the below plan?
>
>SERVICES {
> # add or remove based on preferences
> imap cmd="imapd -C imapd-domain1.conf" listen="mail.domain1.com:imap"
> imaps cmd="imapd -s -C imapd-domain1.conf" listen="mail.domain1.com:imaps"
> pop3 cmd="pop3d -C imapd-domain1.conf" listen="mail.domain1.com:pop3"
> pop3s cmd="pop3d -s -C imapd-domain1.conf" listen="mail.domain1.com:pop3s"
> imap cmd="imapd -C imapd-domain2.conf" listen="mail.domain2.com:imap"
> imaps cmd="imapd -s -C imapd-domain2.conf" listen="mail.domain2.com:imaps"
> pop3 cmd="pop3d -C imapd-domain2.conf" listen="mail.domain2.com:pop3"
> pop3s cmd="pop3d -s -C imapd-domain2.conf" listen="mail.domain2.com:pop3s"
> ...
> imap cmd="imapd -C imapd-domainN.conf" listen="mail.domainN.com:imap"
> imaps cmd="imapd -s -C imapd-domainN.conf" listen="mail.domainN.com:imaps"
> pop3 cmd="pop3d -C imapd-domainN.conf" listen="mail.domainN.com:pop3"
> pop3s cmd="pop3d -s -C imapd-domainN.conf" listen="mail.domainN.com:pop3s"
> sieve cmd="timsieved" listen="sieve" prefork=0
>
> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
Scott,
You won't need to specify alternative imapd.conf configurations.
You can specify [servicename]_tls_cert_file, etc. within your primary
imapd.conf so that you have something like:
imap_tls_cert_file: /etc/ssl/certs/cyrus-imap-domain1.pem
imap_tls_key_file: /etc/ssl/private/cyrus-imap-domain1.key
imaps_tls_cert_file: /etc/ssl/certs/cyrus-imap-domain1.pem
imaps_tls_key_file: /etc/ssl/private/cyrus-imap-domain1.key
pop3_tls_cert_file: /etc/ssl/certs/cyrus-pop3-domain1.pem
pop3_tls_key_file: /etc/ssl/private/cyrus-pop3-domain1.key
pop3s_tls_cert_file: /etc/ssl/certs/cyrus-pop3-domain1.pem
pop3s_tls_key_file: /etc/ssl/private/cyrus-pop3-domain1.key
imapb_tls_cert_file: /etc/ssl/certs/cyrus-imap-domain2.pem
imapb_tls_key_file: /etc/ssl/private/cyrus-imap-domain2.key
imapsb_tls_cert_file: /etc/ssl/certs/cyrus-imap-domain2.pem
imapsb_tls_key_file: /etc/ssl/private/cyrus-imap-domain2.key
pop3b_tls_cert_file: /etc/ssl/certs/cyrus-pop3-domain2.pem
pop3b_tls_key_file: /etc/ssl/private/cyrus-pop3-domain2.key
pop3sb_tls_cert_file: /etc/ssl/certs/cyrus-pop3-domain2.pem
pop3sb_tls_key_file: /etc/ssl/private/cyrus-pop3-domain2.key
and in cyrus.conf you'd have service names like:
imap
imaps
pop3
pop3s
imapb
imapsb
pop3b
pop3sb
This is documented in:
http://cyrusimap.web.cmu.edu/imapd/install-configure.html
--
Dan White
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
