Δημήτριος Καραπιπέρης wrote:
Basically, server is not expecting any kind of domain on ssl
handshake, but what if the server can serve more than one cert, so
that clients
using mail1.dom.gr and mail2.dom.gr , which resolve to the same
dovecot instance but from different network segments
could be certified.
mail1.dom.gr -> 10.65.0.45 (private one)
mail2.dom.gr -> 84.205.252.78
(random numbers)
In essence, it is the same dovecot instance.
I should imagine that you can achieve this using an external SSL wrapper
such as stunnel?
OR
You could use firewall rules to redirect incoming connections to
different local ports depending on where the connection originates.
Then setup appropriate config on each port to serve a different cert
This setup does sound workable
Ed W
