TLS with multiple allowed hosts (or wildcard hosts) #205
Comments
|
You could set it up so that all the domains in your "allowed hosts" point
to and share the same MX host(s).
These MX hosts are the ones that you need to get TLS certificates for. Each
hostname must match the FQDN of the TLS certificate, must have an A record
and also a reverse DNS entry is recommended. This needs to only be for the
MX hosts.
…On Wed, 19 Feb 2020, 21:28 richp10, ***@***.***> wrote:
Setting up TLS you need to provide a hostname, defaulting to the server
hostname.
Guerrilla also allows you to recieve mail for multiple allowed hosts or
use wildcards.
My question is; will the TLS handshaking work for inbound mail to multiple
hosts - since the hostname of the TLS certificate will not match any or all
of the hosts?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#205?email_source=notifications&email_token=AAE6MP635PFXVMVM2WSAVMLRDUQYRA5CNFSM4KXYLWI2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IOT5G6Q>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAE6MPYQYY2W5FQNJDSPZ6TRDUQYRANCNFSM4KXYLWIQ>
.
|
|
I'm stuck here with the same problem. How do I configure multiple certificate/key pairs in goguerrilla.conf? Adding multiple "servers" for the same |
|
Unfortunately, SMTP doesn't support SNI like in HTTP, so it's not possible.
You will need a new IP/interface (with a reverse DNS entry?) for each of the mx hosts
that you setup...
As for the allowed hosts, they can all point to the same MX hosts.
In other words, you do not setup the certificates for the "allowed hosts",
but you setup certificates for the MX hosts instead. The MX hosts are then added
to each of your "allowed hosts"'s DNS records.
…On Thu, 16 Apr 2020, 20:58 Pascal Brückner, ***@***.***> wrote:
I'm stuck here with the same problem. How do I configure multiple
certificate/key pairs in goguerrilla.conf? Adding multiple "servers" for
the same listen_interface (0.0.0.0:25 with STARTTLS enabled) doesn't
work, goguerrilla always seems to answer as the first configured server, no
matter what hostname was used for the actual connection. I'm not sure how
other SMTP servers handle this, but wouldn't that require some sort of
Server Name Indication and virtual hosts such as nginx, apache handle that?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#205 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAE6MPYTACYLPW4EOLKJBK3RM3XFHANCNFSM4KXYLWIQ>
.
|
|
Hello Good day @flashmob Does go-guerrilla support plain authentication. I'm new to developing smtp sever, so my apologies. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Setting up TLS you need to provide a hostname, defaulting to the server hostname.
Guerrilla also allows you to recieve mail for multiple allowed hosts or use wildcards.
My question is; will the TLS handshaking work for inbound mail to multiple hosts - since the hostname of the TLS certificate will not match any or all of the hosts?
The text was updated successfully, but these errors were encountered: